Supplier questionnaire
Hi, I need help to produce the following for suppliers that we work with, I need to confirm the correct questions to send out, risk scoring and a policy. Below are questions for supplier regarding their security posture.
- Confirm which of the following do you have in place: Firewall? IDS or IPS? Secure configuration? Anti-virus/Malware Protection? EDR/MDR/XDR? Patch Managements? Access Control? Multi-Factor Authentication? Email spam filtering? Network behaviour Monitoring?
- Do you know what devices connect to your network and who has access?
- Do you follow any security frameworks?
- Do you have cyber essentials?
- Do you do conduct vulnerability and penetration testing?
- Do you have backups? • Do you have security and acceptable use policy?
- Do you have information and security policies in place?
- Do you have access control policies in place? • Do you conduct cyber security awareness training?
- Do you have a disaster recovery plan? • Do you have an incident response plan?
- Do you have anything in place with your supply chain to combat a cyber-attack?
Assign topic to the user
Please note that to identify the proper questions to send to suppliers you need to consult the results of your risk assessment and applicable legal requirements. Based on the relevant risks and laws, regulations, and contracts you need to comply with, you can define which are the proper questions to send.
For example, generally speaking, you could send all questions you listed, but in case you do not have relevant risks or legal requirements demanding a disaster recovery plan, then it is not relevant for you to ask the supplier about a disaster recovery plan.
For further information, see:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
Step one will provide information regarding risk assessment, while step two will provide information regarding legal requirements.
Comment as guest or Sign in
Feb 07, 2023