Expert Advice Community

Guest

Requirements for MSP Company Regarding Supplier Security Policy

  Quote
Guest
Guest user Created:   Aug 23, 2022 Last commented:   Aug 24, 2022

Requirements for MSP Company Regarding Supplier Security Policy

What requirements are there for an "MSP* - managed service provider" type of a company regarding Supplier Security Policy and Security Clauses for Suppliers and Partners? I am curious about the data exchange, as the only data exchanged was in the data servers and we are not sure if there is anything necessary for us to do in that regard.

* managed service provider (MSP) is a third-party company that remotely manages a customer's information technology (IT) infrastructure and end-user systems.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 23, 2022

ISO 27001 does not specify security requirements for particular companies or industries - instead, security requirements are defined by each company based on risk assessment and third-party requirements.

Considering that, you need to perform a risk assessment considering the exchanged data to identify if you have any relevant risks that the MSP needs to handle (e.g., data loss due to a disaster), as well as any legal requirements you have to enforce into this MSP (e.g., a regulation that enforces your organization to ensure suppliers to protect the information they handle in organization’s name).

The common scenario is the definition of information security clauses in SLAs or contracts signed with such MSPs.

These articles will provide you with further explanation:

Quote
0 0
Guest
Guest user Aug 24, 2022

Can you direct me to the area where the IS27001 approved accessor are?

Quote
0 0
Expert
Rhand Leal Aug 24, 2022

I’m assuming you are looking for accredited certification bodies.

Considering that, please note that there is no central list of ISO 27001 certification bodies site. The main certification bodies for ISO 27001 are:

  • BSI: https://www.bsigroup.com
  • Bureau Veritas: https://www.dnvgl.com/
  • DNV: https://www.dnvgl.com/services?ServiceTypes=136423
  • SGS: www.sgs.com/
  • TUV: www.tuv.com

This article will provide you with further explanation about selecting a certification body:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 23, 2022

Aug 24, 2022

Suggested Topics