CRA-6.6.8

Entire section

Custom print

Link

Text Only

Rich Text

Print

Location:

Versions

Apr 01 2019 - Jun 30 2022
Jul 01 2022

For the purpose of Subparagraph CRA-6.6.7 (iv), licensees as part of their assessments may use the following:

a) Independent third-party certifications on the outsourcing service provider’s security and other controls;

b) Third-party or internal audit reports of the outsourcing service provider; and

c) Pooled audits organized by the outsourcing service provider, jointly with its other clients.

When conducting on-site examinations, licensees should ensure that the data of the outsourcing service provider’s other clients is not negatively impacted, including impact on service levels, availability of data and confidentiality.

Amended: July 2022
Added: April 2019