Evidence about providers
Assign topic to the user
Answer: The point is not whether these providers are ISO 27001 certified or not, the point is whether they comply fully with the security clauses that are part of the contract they have signed with you.
The evidence about this you can get in couple of ways:
- They can send you reports
- You can send your auditor to their company
- You can send third-party auditor to their company to check whether they are compliant with the contract
This article explains more how this relationship with suppliers work: 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
These materials will also help you regarding handling suppliers:
- Book Secure & Simple: A Small-Busines s Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 17, 2016