ISO 27001 and third party data risk
Assign topic to the user
Answer:
ISO 27001 can be used to prevent third party data risk by means of:
- Identification of relevant data risks imposed by third parties with access to information
- Definition of proper treatment options and controls to reduce risks to acceptable levels
- Establishment of contracts or legal agreements including clauses to enforce the application of previously defined controls (for third-parties authorized to access information assets)
These articles will provide you further explanation about preventing third party data risk:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
- What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/
This last article also covers conditions for third-parties working for the organization.
Comment as guest or Sign in
Jul 24, 2019