SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Information security requirements

  Quote
Guest
Guest user Created:   Mar 22, 2020 Last commented:   Mar 22, 2020

Information security requirements

Can you help me with this query: What information security requirements should be included in contracts with suppliers?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 22, 2020

First is important to note that, according to ISO 27001, the security requirements to be included in contracts with suppliers must be based on the results of risk assessment and legal requirements your organization must fulfill.

Considering that, some common requirements are:

  • Right to audit: clause ensuring the organization has the right to audit and test the security controls periodically, or upon significant changes to the relationship.
  • Notification about security breaches: clause requiring the provider to inform the organization in a timely manner regarding any security breaches that may impact the organization’s business.
  • Adherence to security practices: clause requiring the provider to adhere to the organization’s security practices, and to communicate any situations where this adherence is not achievable, helping to prevent security gaps or conflicts that could impair security performance.

This article will provide you further explanation about security clauses for contracts:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 22, 2020

Mar 22, 2020