Information in third party systems
Assign topic to the user
In case the information you want your Information Security Management System to protect interact with these systems, then you need to ensure these systems fulfill your information security standards.
In cases like these, where you find relevant risks to information that are related to systems managed by third parties, you need to consider controls from section A.15 (Supplier relationships), which will help you enforce your security needs and requirements upon suppliers.
For information about controls from section A.15 (Supplier relationships), I suggest you look at these articles:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
- How to perform an ISO 27001 second-party audit of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/
Comment as guest or Sign in
Jun 07, 2021