Expert Advice Community

Guest

security audit of a hypothetical supplier

  Quote
Guest
Guest post Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

security audit of a hypothetical supplier

My company is a InsuraHello, I just want to know what is the best way in order to apply an audit process for one supplier and what is the must important think that I have  to take in consideration according with my call business, thanks so much...I'm new one in the area and Dejam now is my best friends thanks Dejan. All the best, Victor...
0 0

Assign topic to the user

ISO 27001 SUPPLIER SECURITY POLICY

Define how suppliers and partners need to keep your information safe.

ISO 27001 SUPPLIER SECURITY POLICY

Define how suppliers and partners need to keep your information safe.

Guest
Guest post Jan 12, 2016

Hello Victor

Audit of a supplier deals with the verification if the contract is performed as per the agreement. The technique for performing the verification is the same as for internal audit.

you can find further details in the blog post : How to make an Internal Audit checklist for ISO 27001 / ISO 22301 (https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/)

I fear I do not understand youy question. My problem concerns the end of the sentence: « according to my call business ».

Did I correctly understand that you work for an insurance company?

Best regards

Jean-Luc

Quote
0 0
Guest
Guest post Jan 12, 2016

Hi Victor

Audit of a supplier deals with the verification if the contract is performed as per the agreement. The technique for performing the verification is the same as for internal audit.

You can find further details in this blog post : How to make an Internal Audit checklist for ISO 27001 / ISO 22301 (https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/)

But I don’t understand the end of the sentence ‘according to my call business.’ Would you mind to clarify?

Did I also correctly understand that you work for an Insurance Company?

Kind regards

Jean-Luc

Quote
0 0
Guest
Guest post Jan 12, 2016

Thanks Very Much for your answer and you are right my company is a Insurance CIA but we have outsource with some services I'm new in the company and new in the area...I'd like to know the best way in order to prepare my Risk Audit for provider and to check complaint again ISO 27001, Law regulation in Uk, and data protection, sorry to much questions at the same time

All the best, victor...

Quote
0 0
Guest
Guest post Jan 12, 2016

Hi Victor

The audit should go on how the provider complies with the contract your company did pass with them. Controls A15.1.1 to A15.2.2 are pertinent for the security clauses when they are included in the SOA:
A15.1.1 Information policy for supplier relationship;
A15.1.2 Addressing security within supplier agreements;
A15.1.3 Information and communication technology supply chain;
A15.2.1 Monitoring and review supplier services;
A15.2.2 managing changes to supplier services.

Here is an article that is applicable to your situation: 6-step process for handling supplier security according to ISO 27001: https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

Best regards

Jean-Luc

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics

Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits

ISO Created:   Dec 26, 2023 ISO 27001 & 22301
Replies: 1
0 0

Information Security Goals