Request for clarification on assessment report
Assign topic to the user
Since these documents contain very sensitive information about the risks of the vendor, it is unlikely they will share these documents with third parties.
In general, for an understanding of the security profile of a vendor compliant with ISO 27001, it is reasonable to ask for the Statement of Applicability (this document identifies at least applicable controls, justification for applicability, implementation status, and justification for the exclusion of controls from ISO 27001 Annex A).
This article will provide you a further explanation about the Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Nov 17, 2021