Third Party Providers vs. ISMS Policy conflictions

Hi, I have a concern presently concerning ISO27001 and company ISMS policy / third party agreement guideline vs. a third party who plays a large role in company activities. Our third party agreement guideline states that third parties shall compy with certain security requirements. We have a provider that has stated  they are not iso27001 compliant but use many ISO 27002 principals, which is fine, but we are attempting to have them sign our agreemen - they do not want to sign, and I QUOTE "Because such a framework is subject to extensive governance, both internally as by external auditors and our overseers, security is not an area where we (they) have the liberty to accommodate and apply different security requirements per individual customer" UNQUOTE They have also provided a statement to replace what we have asked " QUOTE X shall at all times operate and manage the information security, reliability, resilience, and technology planning in accordance with its security control policy. In order to provide a more understandable framework for its specific business, the  X security control policy is organised around the 5 key dimensions of: governance, change management, confidentiality, integrity and availability. X has implemented a number of initiatives that enhance security, including a company-wide commitment to adopt many of the principles of ISO 27002, which is the code of practice for information security management. This involves, amongst others, risk management practices in line with ISO 27005 and NIST standards. These internationally recognised standards provide wide-ranging security guidelines" UNQUOTE How does a company get passed this in ensuring they apply to the company security requirements especially when this aspect can be audited? Is this acceptable? Thanks for your reply Paula