Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends July 18, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

A.15.2.2 Managing changes to supplier services

  Quote
Guest
Guest user Created:   Sep 22, 2023 Last commented:   Sep 22, 2023

A.15.2.2 Managing changes to supplier services

I have read the implementation guidance in ISO 27002 but I am still not sure of what type of controls we should implement to be compliant with the control A.15.2.2 (ISO27001:2013). I understand that this is regarding changes in supplier agreements and/or Terms and conditions, changes in how our company uses the supplier services etc. Could anyone share how you have implemented this control? We have a non conformance from our recent audit regarding this hence my question.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 22, 2023

Control A.15.2.2 Managing changes to supplier services can be implemented by means of a change management process considering the following steps:

  1. identification of what needs to be changed (e.g., hardware, software, documentation, etc.) and on which systems;
  2. assessment of the criticality of the systems, information, and processes affected by the change;
  3. re-assessment of the risks related to the systems, information, and processes affected by the change (e.g., current risks that may change, risks that may arise);
  4. formal approval of proposed changes
  5. development of an implementation plan, including, when necessary, procedures for aborting and recovering from unsuccessful changes and unforeseen events;
  6. testing of the proposed changes before and after deployment of changes in production environment
  7. communication of changes performed to all relevant persons.

You can use your change management procedure as a basis to manage changes related to your supplier.  

You can read more about managing changes in an ISMS according to ISO 27001 A.12.1.2 on our blog.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 22, 2023

Sep 22, 2023

Suggested Topics