Supplier security according ISO 27001
Assign topic to the user
Answer: The mentioned guideline refers to ISO 27001 Annex A.15 (Supplier Relationships). You must implement controls related to your suppliers only if:
1- Your Risk Assessment identified any supplier-related risks your organization considers unacceptable
2- Your organization decided to implement supplier controls for any other business reason not related to information security.
3 - Your customers requirements, or any legal or regulatory requirement, demands you to implement supplier control.
If your situation is not in any of these alternatives, you do not need to implement supplier-related controls.
This article will provide you further explanation about handling supplier security:
- 6-step process for handling supplier security according to ISO 27001https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
These mat erials will also help you regarding handling supplier security:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 19, 2016