Security risks dealing with suppliers
Assign topic to the user
Presently, our risk assessment is assessing risks that refer to assets vs. CIA.
Other risks that are brought to our attention are those from security incidents /breaches etc, so this is the easy part.
Answer:
If you outsource part of your processes or allow a third party to access your information, you should assess the risks to confidentiality, integrity and availability of your information. For example, during the risk assessment you may realize that some of your information might be exposed to the public and create huge damage, or that some information may be permanently lost. Based on the results of risk assessment, you can decide whether the next steps in this process are necessary or not for example, you may not need to perform a background check or insert security clauses for your cafeteria supplier, but you probably w ill need to do it for your software developer. For more information about it, you can read this article 6-step process for handling supplier : https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
Comment as guest or Sign in
Jan 12, 2016