LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

A.15 Control section

  Quote
Guest
Guest user Created:   Dec 08, 2021 Last commented:   Dec 08, 2021

A.15 Control section

I have a question about A.15 why does Y2005 call Third parties but Y.2013 call supplier?
0 0

Assign topic to the user

ISO 27001 SUPPLIER SECURITY POLICY

Define how suppliers and partners need to keep your information safe.

ISO 27001 SUPPLIER SECURITY POLICY

Define how suppliers and partners need to keep your information safe.

Expert
Rhand Leal Dec 08, 2021

I’m assuming that by Y2005 and Y.2013 you are referring to versions 2005 and 2013 of ISO 27001.

Considering that, there is no official explanation for this change, but most probably the change was made to make the application of the control clearer.

ISO generally uses the term “third party” for an entity that is independent of the organization, like customers, suppliers, business partners, government, etc.

Since the controls from ISO 27001 Annex A are related to suppliers, it makes more sense to change the section name to reflect this situation.

This article will provide you a further explanation about supplier security management:

- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 08, 2021

Dec 08, 2021

Suggested Topics

Guest user Created:   Sep 29, 2021 ISO 27001 & 22301
Replies: 1
0 0

15.1. Control Document

Guest user Created:   Jun 23, 2021 ISO 27001 & 22301
Replies: 5
0 0

ISO 27001 documents