*Establish appropriate language within contracts such that a vendor is required to notify you if they are breached, their system or solutions are compromised, and/or they have a significant security issue which could directly affect you. (Task ID: R1-9813)

*Establish metrics for vendors to assess compliance with the contract with respect to notifications (Task ID: R1-9812)

*Communicate results of independent security review (Task ID: R1-9767)

*Report findings of the independent review to management (Task ID: R1-9762)

*Schedule an independant review and verification after the security monitoring solution has been implemented. (Task ID: R1-9764)

*Communicate with external stakeholders (LEO, PR, Legal, IT, Marketing) when necessary to understand regulatory requirement and breach notifications (Task ID: R1-9209)

*Coordinate with internal audits to audit security tool use (Task ID: R1-9793)

*Review rights to tools and data on a defined frequency to ensure access is appropriate. (Task ID: R1-9788)

*Verify access control priv are working as designed (Task ID: R1-9799)

*Verify tool access and logs for authorized use (Task ID: R1-9787)

*Test security staff on how to access and what is covered by company policies and technical standards (Task ID: R1-9842)

*Verify you have read and understand how to access policies and standards for refresher (Task ID: R1-9714)

*Develop policy to determine which critical systems are to be monitored and to what level (Task ID: R1-9578)

*Develop policy to ensure critical systems are to be monitored (Task ID: R1-9576)