Monitoring of third parties
Assign topic to the user
In my view, you can perform the monitoring of third parties in the following ways:
Receiving regular reports from the third party - these reports are prepared by this third party, and they are the least reliable.
Using some kind of automated reporting system or software - this way you can get more detailed and more precise info about what and when is done by the third party.
Second party-audit - you can send your auditors to the third party so that they could check if they comply with the agreement.
Generally, you can manage your suppliers and other third parties like explained in this article: 6-step process for hand ling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
Comment as guest or Sign in
Jan 12, 2016