Guest user Created: Jan 29, 2019 Last commented: Jan 29, 2019

Supplier security

I have a partner no1 provide sale and installation of software to partner no 2 that give functionality to a prime customer. Question does partner no 1 have to fulfill some security clause of ISO 27001 annex A?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jan 29, 2019

Answer:

If this software that serves your prime customer is part of the ISMS scope, then probably these partners of yours will have to fulfill security requirements related to ISO 27001 Annex A, as result of risk assessment, or by means of security clauses included in contracts or service agreements.

These articles will provide you further explanation about supplier security:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 29, 2019

Expert Advice Community