BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Expert Advice Community

Guest

SLA and ISO 27001

  Quote
Guest
Guest user Created:   May 12, 2017 Last commented:   May 12, 2017

SLA and ISO 27001

Is there a place in the ISO 27001 documentation for Customer Service Level Agreements? If so where do they fit in please and is there a template for them?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 12, 2017

Answer: Yes. ISO 27001 Annex A.15 (supplier relationships) covers controls regarding on what to include in agreement's and how to monitor suppliers.

Regarding templates, ISO 27001 Toolkit has a supporting document to help elaborate SLAs, the Security Clauses for suppliers and partners document (you can find it in folder 08 - Annex A, subfolder A.15 - Supplier Relationships, in your toolkit), but I also suggest you to take a look at this free demo from 20000Academy to see if it can fulfils your needs:

- Service Level Agreement https://advisera.com/20000academy/documentation/sla/

You just have to scroll down the screen a little to find the free demo tab.

This article will provide you further explanation about relationship with suppliers:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-su pplier-security-according-to-iso-27001/

These materials will also help you regarding relationship with suppliers:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0
Guest
gregbryce May 12, 2017

Thank you for your reply

Quote
0 0
Guest
gregbryce May 12, 2017

I should have been more clear

Quote
0 0
Guest
gregbryce May 12, 2017

A15 is about suppliers. I need to know about Customers please or do they fall under the same Annex A.15? Thanks again

Quote
0 0
Expert
Rhand Leal May 13, 2017

You can use the same logic, but backwards, that is, instead of you being a customer demanding security conditions from a supplier, your clauses would be about the security conditions you, as a provider, is offering to a customer.

For example, in a clause about backup, as a client demanding from the provider you would include a clause like "provider should ensure backup copies are made of all information classified information and handled according their respective classification". As a provider offering this service for a client you would have a clause something like "as service provider, we will provide to customer backup copies from all his information stated by him as sensitive information, handling them according their respective classification"

To better prepare SLAs for Customers, you could check ISO 27001 clause 4.2 (Understanding the needs and expectations of interested parties) and control A.18.1.1 (Identification of applicable legislation and contractual requirements), so you can have a better understanding on the rationale a potential customer can use to id entify his security needs.

This article will provide you further explanation about interested parties requirements identification:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

These materials will also help you regarding interested parties requirements identification:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 12, 2017

May 13, 2017

Suggested Topics