security audit of a hypothetical supplier
Assign topic to the user
Hello Victor
Audit of a supplier deals with the verification if the contract is performed as per the agreement. The technique for performing the verification is the same as for internal audit.
you can find further details in the blog post : How to make an Internal Audit checklist for ISO 27001 / ISO 22301 (https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/)
I fear I do not understand youy question. My problem concerns the end of the sentence: « according to my call business ».
Did I correctly understand that you work for an insurance company?
Best regards
Jean-Luc
Hi Victor
Audit of a supplier deals with the verification if the contract is performed as per the agreement. The technique for performing the verification is the same as for internal audit.
You can find further details in this blog post : How to make an Internal Audit checklist for ISO 27001 / ISO 22301 (https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/)
But I dont understand the end of the sentence according to my call business. Would you mind to clarify?
Did I also correctly understand that you work for an Insurance Company?
Kind regards
Jean-Luc
Thanks Very Much for your answer and you are right my company is a Insurance CIA but we have outsource with some services I'm new in the company and new in the area...I'd like to know the best way in order to prepare my Risk Audit for provider and to check complaint again ISO 27001, Law regulation in Uk, and data protection, sorry to much questions at the same time
All the best, victor...
Hi Victor
The audit should go on how the provider complies with the contract your company did pass with them. Controls A15.1.1 to A15.2.2 are pertinent for the security clauses when they are included in the SOA:
A15.1.1 Information policy for supplier relationship;
A15.1.2 Addressing security within supplier agreements;
A15.1.3 Information and communication technology supply chain;
A15.2.1 Monitoring and review supplier services;
A15.2.2 managing changes to supplier services.
Here is an article that is applicable to your situation: 6-step process for handling supplier security according to ISO 27001: https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
Best regards
Jean-Luc
Comment as guest or Sign in
Jan 12, 2016