Expert Advice Community

Guest

Controls a.15.10.2 and a.13.2.4

  Quote
Guest
Guest user Created:   Feb 18, 2021 Last commented:   Feb 18, 2021

Controls a.15.10.2 and a.13.2.4

We get a Business email service from third part such as *** for our company. we don't have any NDA with *** and get it by Definition SLA in their site. also we start to design Information Security Management System. is it has conflict with A.13.2.4 and A.15.1.2?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 18, 2021

In case the NDA identified in the SLA you have with your provider fulfills all your needs (you should confirm that with a legal expert, based on the results of risks assessment and applicable legal requirements), and is regularly reviewed, then this situation is compliant with requirements of control A.13.2.4 - Confidentiality or nondisclosure agreements.

Regarding control A.15.1.2 – the identification of the NDA in the SLA provided by the supplier is acceptable, but please note that you also need to verify if other relevant risks related to this supplier are also covered by security clauses in the SLA.

These articles will provide you a further explanation about supplier management:

These materials will also help you regarding supplier management:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 18, 2021

Feb 18, 2021

Suggested Topics

Guest user Created:   Mar 02, 2021 ISO 27001 & 22301
Replies: 1
0 0

Annex A controls

Guest user Created:   Mar 02, 2021 ISO 27001 & 22301
Replies: 1
0 0

Annex A controls