Please note that ISO 27001 does not prescribe how to record the reviews of supplier security documents, so you can adopt the record that better fits your needs. Examples are a report, an e-mail, or a meeting minutes.
Information you should consider for this record are at least: documents reviewed, by whom, when, review criteria (e.g., what you planned to look for), review results, and who approved the review.
For further information about backup, see:
Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/