Risks posed by third party’s or suppliers
Assign topic to the user
Different types of suppliers will have very different risks - e.g. with providers of telecom equipment you will have the risks of equipment breakdown, eavesdropping, etc.; with providers of specialized security services you will have the risk of unauthorized access to sensitive data, unauthorized change of sensitive data, industrial espionage, etc.
To learn more about handling third parties and related risks, see these materials:
- article 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- free download Step-by-step explanation of ISO 27001 risk management https://info.advisera.com/27001academy/free-download/step-by-step-explanation-of-iso-27001-risk-management
- free download Diagram of ISO 27001:2013 Risk Assessment and Treatment process https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process
- free webinar The basics of risk assessment and treatment according to ISO 27001 https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
This online course will also teach you about handling third-party risks: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Dec 30, 2020