How to treat suppliers that are ISO 27001 certified
Assign topic to the user
Answer: The fact that they are ISO 27001 certified doesn't change their status towards you - so yes, you have to treat them as suppliers. To understand the details on how to handle suppliers, please read this article: 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
My second question is that as we are a new and small company we do not have any IT department so we (personally) managed our IT equipment, will this cause us problems in our certification?
Answer: No, your size and the fact that you are managing your IT equ ipment won't cause any problems at the certification, as long as you comply with your policies and procedures.
Is it better to have a dedicated IT department or have someone who manages our IT?
Answer: I'm not sure if I understood your question correctly - if you meant whether it is better to have your own IT department or to outsource the IT function, this is primarily a business issue (what is more profitable) and a skill issue (does your IT equipment require some special skills that might not be easy to find in the market).
Or can we just put encryption / passwords / administration rights to particular systems to get round this??
Answer: Managing security is not only about encryption, passwords and administration rights - the best thing for you would be to go through this free online training to learn all that is important for security management: ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Aug 03, 2016