Guest
3rd party security policy vs. Information security policy for supplier relations
According to ISO 27K requirement (Information security policy for supplier relationship) may i know what is different between 3rd party security policy and Information security policy for supplier relationships?
Assign topic to the user
Answer: ISO 27001 does not mention "3rd party security policy", so the point is:
1) ISO 27001 requires you to make only one policy to deal with suppliers
2) The difference between 3rd parties and suppliers is that 3rd parties could also include customers
3) Even if you want to cover the security requirements for customers and suppliers, you can do it in one policy, you do not have to separate them.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016