Question about mandatory documentation
in the White paper: Checklist of Mandatory Documentation Required by ISO/IEC 27001 (2013 Revision) the Supplier Security Policy is market mandatory, but List_of_documents_ISO_27001_ISO_22301_Premium_Documentation_Toolkit_EN.pdf marks only A.15.2 Security Clauses for Suppliers and Partners mandatory? Am I reading this right? My customer wants combine Supplier Security Policy to another document and that’s why I’m asking.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
First of all, thanks for this feedback
Indeed in the List of documents file the Supplier Security Policy should be marked as mandatory, but with an asterisk, because it is related only to controls from ISO 27001 Annex A, which are only required if there are relevant risks, or legal requirements, that demands the implementation of the related controls. We'll make this correction ASAP.
Regarding the need of your customer, he can combine the Supplier Security Policy with another document.
Comment as guest or Sign in
Nov 04, 2020