Access to suppliers SoA

Answer: For current suppliers you should consult the service agreement/contract established with each supplier. For new suppliers, to have an access to their SoA, should be condition of the suppliers selection process, because this document can provide you a general overview of how the supplier handles its own information security. But you should also note that suppliers can refuse to present their SoAs, and you should be prepared to consider that too in your selection process (maybe include visits to potential supplier's premises for evaluation).

These articles will provide you further explanation about management of suppliers' information security:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-secur ity-clauses-to-use-for-supplier-agreements/

These materials will also help you regarding management of suppliers' information security:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/