Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Applicability of training for suppliers' employees

  Quote
Guest
Guest user Created:   Oct 11, 2019 Last commented:   Oct 11, 2019

Applicability of training for suppliers' employees

Is it absolutely necessary to train selected employees of our suppliers (Chapter 3.4 Training and Awareness) if the risk out of the risk assessment table is very low? Is it in that case described before possible to delete control A.7.2.2 from the security policy for suppliers?

0 0

Assign topic to the user

ISO 27001 LEAD IMPLEMENTER COURSE

Become certified as an ISO 27001 consultant.

ISO 27001 LEAD IMPLEMENTER COURSE

Become certified as an ISO 27001 consultant.

Expert
Rhand Leal Oct 11, 2019

You can exclude control A.7.2.2 and texts which refer to it, and still be compliant with ISO 27001 requirements, if:

  • risk assessment results doesn't require its implementation 
  • there aren't legal requirements, or top management decision requiring application of training of suppliers' employees
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 11, 2019

Oct 11, 2019