Guest user Created: Feb 17, 2018 Last commented: Feb 17, 2018

Support contracts - are they required for ISO 27001?

We are in a situation that all support contracts for our environment have been expired and no intention from management to renew the support. It that a stopping for the ISO 27001 certificate.

0 1

Assign topic to the user

Select user

Expert

Dejan Kosutic Feb 17, 2018

Answer: ISO 27001 says that you have to assess how important that support is for the security of your data - if you conclude that this support really is important, then you should renew the contracts to be compliant with ISO 27001. This is done through the process of risk assessment.

These articles will help you:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

These materials will also help you regarding your suppliers:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/s ecure-simple-a-small-business-guide-toimplementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 17, 2018

Expert Advice Community