Mapping from ISO28001 to ISO27002
Assign topic to the user
Answer: ISO 28001 deals with supplier security covering more aspects than ISO 27k series, which covers most Information and Communication Technologies issues. You can map ISO 28001 practices to ISO 27002 controls from section A.15 - Supplier relationships, but I suggest you to take a look at ISO 27036 ( Information security for supplier relationships), which has more detailed information regarding information security with suppliers. You can find this standard on this link: https://www.iso.org/obp/ui/#iso:std:iso-iec:27036:-1:ed-1:v1:en
Regarding the ISO 28001 Annexes, documents from Annex A and B (security assessment and treatment) can be mapped to sections 6.1 (Actions to address risks and opportunities), 8 (Operation), 9 (Performance evaluation) and 10 (Improvement) from ISO 27001.
Unfortunately we do not have a direct mapping document available.
This article will pro vide you further explanation about supplier security:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
Comment as guest or Sign in
Mar 04, 2017