Published: March 2026
Sector: State and local government entities
Entities are increasingly using third parties to deliver products or services, and this reliance increases the potential for a cyber attack. If entities do not manage third-party cyber security risks effectively, the impacts can be significant, leading to financial loses, reputational damage, and other ramifications.
This checklist provides key questions that all entities can consider when managing their third-party cyber security risks. Entities can use this practical tool to help align their systems, processes, and practices with better practice guidance.
See our related report, Managing third-party cyber security risks (Report 13: 2025–26).
Related resources
-
Published: June 2024
- Sector:
State and local government entities
This checklist helps entities map where they do or do not hold relevant cyber capabilities across their people, processes, or through technology.
-
Published: June 2024
- Sector:
State and local government entities
Our checklist provides key questions that those charged with governance (such as executive management, boards, and councillors) can consider when planning how they respond to and recover from cyber security incidents.