Minimum Information Security Controls for Third Parties

This guide outlines the minimum information security controls that third parties must implement to ensure compliance with industry standards and protect data integrity, confidentiality, and availability. Key areas include governance, business continuity, data handling, access control, and security training. It serves as a framework for third parties working with Novartis to maintain a robust information security program.