Certified suppliers
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
Even if your supplier is ISO 27001 certified you have to perform a risk assessment to identify the risks this supplier can bring to you organization, so you can include proper information security clauses in your contract or service agreement with it.
The fact the supplier is ISO 27001 certified brings more confidence that it can handle customer's information properly, but you as a customer still have to perform your own risk assessment regarding the supplier.
These articles will provide you further explanation about managing security of suppliers:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
Comment as guest or Sign in
Aug 16, 2019