Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

Tag: "systems" - Expert Advice Community



Create New Topic As guest or Sign in

HTML tags are not allowed

Assign topic to the user

  • Systems vs Suppliers

    I am curious to get some input in regards to how you manage Suppliers of critical systems. At the moment I am struggling with deciding wheater we should consider all providers of citical systems also as a critical supplier and handle them in our supplier handling process. All critical systems are handled, risk assessed etc. according to our Asset management process. But I now ask myself if it is neccessary to also have all of them inserted as critical supplier and go through all the administrative work related to that. 

    example: we use Hubspot and this has been evaluated as a critical system. It is included in our system asset register, has gone though a comprehensive system review and we have the relevant contracts/agreements in the contract database. Would you also add Hubspot in the supplier register as a critical supplier? Which means that we will also evaluate the supplier on a regular basis etc. 

    Another aspect to this is that for systems that we  "purchase" via a supplier.. then we don't have the actual provider of the system registered as a supplier but the partner that the system provider is using. 

    I would love to hear your thughts on this.