...
A description and scope of the services being procured.
A description of the physical locations where supplier/subcontractor services will be delivered from.
Known security incidents or security weaknesses of the supplier &/or its services.
The classification of the information sets that they will store, process, and/or transmits.
The classification of the PKB systems they will have access to.
The legal and regulatory requirements of the information sets and/or the systems in the scope of the proposed service.
The impact that can be caused to PKB and its customers for the failure to maintain Confidentiality, Integrity, and Availability of information and or systems in the scope of the proposed service or proposed additions to the currently provide service,
Provision of information security requirements and controls to mitigate/manage the risks identified for the supplier, including but not restricted to:
Legally binding agreement detailing clearly defined information security and data protection requirements approved by the PKB legal and compliance functions.
Appropriate Information Security accreditation for the services provided, such as ISO27001.
Breach notification process.
The right to audit.
Communication and escalation paths.
...