Guest user Created: Dec 09, 2016 Last commented: Dec 09, 2016

Security in suppliers relationship

In the contract with an external supplier there is nothing about information security but they say that they have an internal security policy with all employees. Is that enough? Or should we write something in the “information security policy for supplier relationship”?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Dec 09, 2016

Answer: When handling with external suppliers you should ensure security clauses are included in the service agreement or contract, so you can have a legal base in case of complaints or disputes. The other point is that you have to ensure the implemented policies, procedures and controls on the suppliers processes are aligned with those of your organization, or if they can at least ensure a security level your organization considers acceptable.

This article will provide you further explanation about security in supplier relationship:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

These materials will also help you regarding supplier relationship:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Dec 09, 2016

Expert Advice Community