Expert Advice Community

Guest

ISO 27001 and third party data risk

  Quote
Guest
Guest user Created:   Jul 24, 2019 Last commented:   Jul 24, 2019

ISO 27001 and third party data risk

I would like to know how ISO 27001 can be implemented to prevent third party data risk
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 24, 2019

Answer:

ISO 27001 can be used to prevent third party data risk by means of:
- Identification of relevant data risks imposed by third parties with access to information
- Definition of proper treatment options and controls to reduce risks to acceptable levels
- Establishment of contracts or legal agreements including clauses to enforce the application of previously defined controls (for third-parties authorized to access information assets)

These articles will provide you further explanation about preventing third party data risk:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
- What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/

This last article also covers conditions for third-parties working for the organization.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 24, 2019

Jul 24, 2019

Suggested Topics