Guest user Created: Jan 30, 2018 Last commented: Jan 30, 2018

Certification and partnerships

If we partner with a new partner do they also need to hold ISO 27001? If not do you have suggestions on the best way to ensure they follow best practice and provide our clients with confidence.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jan 30, 2018

Answer: Holding an ISO 27001 certification is not necessary if your partners can evidence you by other means they can effectively manage information security. A common situation is by fulfilling security clauses established on a partnership agreement (you can include in the agreement clauses related to the practices you want them to follow, and how these clauses will be verified).

These articles will provide you further explanation about security caluses (the general concepts are still valid if the partner in question is not a supplier):
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/

- How to perform an ISO 27001 second-party aud it of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 30, 2018

Expert Advice Community