Regarding ISO 27001
Assign topic to the user
I'm not sure if I understood your situation correctly, but here are the answers:
If a location has changed, this means you have to change your ISMS scope.
For any significant change a risk assessment has to be performed/reviewed, which will most probably result with new required controls.
The fact that the third party service provider is ISO 27001 certified doesn't change much - still a risk assessment must be performed, and risks related with a third party must be addressed in the agreement.
These articles will help you:
ISO 27001 risk assessment: How to match assets, threats and vulnerabilities ISO 27001 risk assessment: https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
Comment as guest or Sign in
Jan 12, 2016