Guest
Applicability of training for suppliers' employees
Is it absolutely necessary to train selected employees of our suppliers (Chapter 3.4 Training and Awareness) if the risk out of the risk assessment table is very low? Is it in that case described before possible to delete control A.7.2.2 from the security policy for suppliers?
Assign topic to the user
Expert
Rhand Leal
Oct 11, 2019
You can exclude control A.7.2.2 and texts which refer to it, and still be compliant with ISO 27001 requirements, if:
- risk assessment results doesn't require its implementation
- there aren't legal requirements, or top management decision requiring application of training of suppliers' employees
Comment as guest or Sign in
Oct 11, 2019
Oct 11, 2019
Oct 11, 2019