Certification and partnerships
Assign topic to the user
Answer: Holding an ISO 27001 certification is not necessary if your partners can evidence you by other means they can effectively manage information security. A common situation is by fulfilling security clauses established on a partnership agreement (you can include in the agreement clauses related to the practices you want them to follow, and how these clauses will be verified).
These articles will provide you further explanation about security caluses (the general concepts are still valid if the partner in question is not a supplier):
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
- How to perform an ISO 27001 second-party aud it of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/
Comment as guest or Sign in
Jan 30, 2018