Customer management
Me gustaría saber por qué en ISO 27001 hay una “Gestión de Proveedores” y no hay una “Gestión de Clientes” ?
De que manera debo alinear o asegurar a mis clientes dentro de mi implementación de ISO 27001?
Assign topic to the user
1. I would like to know why in ISO 27001 there is a "Supplier Management" and there is no "Customer Management"?
Please note that ISO 27001 main objective is to protect the information, that belongs to the organization or is under its responsibility (e.g., customer information, partners information, etc.).
Considering that, the information to be protected may be accessed by suppliers (e.g., a SaaS provider, contractors, etc.), and the organization needs to ensure that information is also properly protected by suppliers (by means of contractual clauses, periodic service review, etc.), thus the need for “Supplier management”.
Now, customer management involves much more than information protection, so to include it in ISO 27001 would mean an unnecessary overhead for the information security management system.
2. How should I align or assure my clients within my implementation of ISO 27001?
For alignment of customers' interests and requirements with your ISO 27001 implementation, you must consider them when working clause 4.2 Understanding the needs and expectations of interested parties. Fulfilling this clause is enough for the standard to consider customers in your implementation.
For more information, see:
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
In case your organization considers it needs a more robust customer management approach, you may consider adopting concepts from ISO 9001, the standard for quality management.
For more information, see:
- Using ISO 9001 for implementing ISO 27001 https://advisera.com/27001academy/blog/2010/03/08/using-iso-9001-for-implementing-iso-27001/
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/
These articles will provide you a further explanation about ISO 27001:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 15, 2021