Certified suppliers
Assign topic to the user
Answer:
Even if your supplier is ISO 27001 certified you have to perform a risk assessment to identify the risks this supplier can bring to you organization, so you can include proper information security clauses in your contract or service agreement with it.
The fact the supplier is ISO 27001 certified brings more confidence that it can handle customer's information properly, but you as a customer still have to perform your own risk assessment regarding the supplier.
These articles will provide you further explanation about managing security of suppliers:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
Comment as guest or Sign in
Aug 16, 2019