Expert Advice Community

Guest

Auditing suppliers

  Quote
Guest
Guest user Created:   Oct 02, 2019 Last commented:   Oct 02, 2019

Auditing suppliers

¿Cómo puedo hacer un comunicado a mis proveedores informándoles de que estoy implementando un SGSI y que en fechas posteriores estaremos haciendo auditorías a proveedores?
¿Tendrán algún ejemplo?

0 1

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 02, 2019

How can I make a statement to my suppliers informing them that I am implementing an ISMS and that at later dates we will be auditing suppliers?
Will they have an example?

ISO 27001 does not prescribe the form to be used for such communication, only that an organization must determine the need for internal and external communications relevant to the
ISMS, considering what to communicate, when, with whom, who shall communicate, and processes to be used.

Considering that, you can use already implemented methods and forms you have (e.g., paper memos, e-mail, etc.).

The most important thing regarding this situation is that you must review the contracts and service agreements with your suppliers to identify legal clauses that can support your demand to audit them (you should make reference to these clauses in your communication). In case you do not have such clauses, you will have to consider review the contracts/service agreements.

This article will provide you a further explanation about supplier security:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
- How to perform an ISO 27001 second-party audit of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 02, 2019

Oct 02, 2019

Suggested Topics