Expert Advice Community

Guest

Certified suppliers

  Quote
Guest
Guest user Created:   Aug 16, 2019 Last commented:   Aug 16, 2019

Certified suppliers

If my supplier holds ISO 27001 certification, do I need to perform risk assessment on it?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 16, 2019

Answer:

Even if your supplier is ISO 27001 certified you have to perform a risk assessment to identify the risks this supplier can bring to you organization, so you can include proper information security clauses in your contract or service agreement with it.

The fact the supplier is ISO 27001 certified brings more confidence that it can handle customer's information properly, but you as a customer still have to perform your own risk assessment regarding the supplier.

These articles will provide you further explanation about managing security of suppliers:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 16, 2019

Aug 16, 2019

Suggested Topics