Guest user Created: Jul 29, 2019 Last commented: Jul 29, 2019

Supplier security

In our company, internet service provide with two Source which one of them is our interested party and other is ISP. Interested party is top level of our company that don’t have any SLA and contract about internet service.What’s your idea about this?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 29, 2019

Answer:

A service provided without SLA and contract normally is a significant risk, because there is no legal means by which you can enforce your requirements to this provider, neither in terms of service performance nor protection of information. A proper approach would be to identify business and security requirements this provider must fulfill and include them in some kind of legal agreement.

These articles will provide you further explanation about security of suppliers:
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
- Which security cl auses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 29, 2019

Expert Advice Community