Considering ISO 28000 for outsourcing hosting of their software products
One of my 27001 clients is asking about whether they need to consider ISO 28000 as they outsource the hosting of their software products.
Do you have any guidance on this?
Assign topic to the user
ISO 27001 does not require any specific standard to be followed so unless your client has a legal requirement (e.g., law, regulation or contract) demanding the implementation of ISO 28000 (Specification for security management systems for the supply chain), or it considers a good practice worthy to be implemented, there is no need to implement ISO 28000 to fulfill ISO 27001 requirements.
For further information, see:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
Comment as guest or Sign in
Aug 17, 2020