When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this when sensitive information or software is exchanged with suppliers, customers, partners, regulators, contractors, or other third parties.
Agreement checklist
- Information types and classifications are defined.
- Permitted transfer methods are specified.
- Encryption or secure portal requirements are defined.
- Recipient authorization requirements are defined.
- Onward transfer restrictions are defined.
- Malware scanning or integrity checking responsibilities are defined.
- Retention and deletion requirements are defined.
- Incident notification requirements are defined.
- Logging or evidence requirements are defined.
- Confidentiality or NDA terms are included.
- Change control applies to transfer methods.
- Agreement is authorized at the appropriate level.
- Agreement review frequency is defined.
Transfer record
| Third party | Information type | Classification | Transfer method | Agreement/reference | Owner | Last reviewed | Issues/actions |
|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD | TBD | TBD |
Related notes
- Template
- Iso27001
- A5 14
- Third parties
Note Metadata
Aliases: Third-Party Transfer Agreement Checklist
Source: 90 Templates/Third-Party Information Transfer Agreement Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.