Compliance review
Assign topic to the user
To look for if a company is certified, you can ask it who its certification body is, and its certification number, so you can verify if the certification is in good standing.
Regarding the evaluation of its security posture, you can ask for its Statement of Applicability (which contains information about applied controls), and the latest performed certification body’s audit report (which will inform the results of the latest audit performed by the certification body).
Please note that, unless you have a contract with this company ensuring the release of the SoA and audit report, the release of these documents is a decision of the company (in this case, if they decide to release the documents, they probably will require the signing of a Nondisclosure Agreement with your company).
This article will provide you a further explanation about the Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Nov 03, 2021