Guest user Created: Nov 19, 2016 Last commented: Nov 19, 2016

Supplier security according ISO 27001

We are preparing our ISO 27001 and we would like to know if we need the security guideline no. 8 A.15? (it is a part of our ISO 27001 documentation toolkit).

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Nov 19, 2016

Answer: The mentioned guideline refers to ISO 27001 Annex A.15 (Supplier Relationships). You must implement controls related to your suppliers only if:

1- Your Risk Assessment identified any supplier-related risks your organization considers unacceptable
2- Your organization decided to implement supplier controls for any other business reason not related to information security.
3 - Your customers requirements, or any legal or regulatory requirement, demands you to implement supplier control.

If your situation is not in any of these alternatives, you do not need to implement supplier-related controls.

This article will provide you further explanation about handling supplier security:
- 6-step process for handling supplier security according to ISO 27001https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

These mat erials will also help you regarding handling supplier security:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 19, 2016

Expert Advice Community