Guest
15.2.2 managing changes to supplier services
15.2.2 managing changes to supplier services - ee have a major non-conformity on this point. Can you advise on remediation in a timeline of 8 weeks?
Assign topic to the user
Expert
Dejan Kosutic
Dec 23, 2019
It is difficult to provide an advice without knowing what exactly was your nonconformity - in general, when you make changes to the existing contracts with your suppliers you need to take into account the results of risk assessment, and how critical is the data they have access to.
See also these articles:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
If you can provide more details on your nonconformity, I can give you a more precise guideline.
Comment as guest or Sign in
Dec 23, 2019
Dec 23, 2019
Dec 23, 2019