Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Transferring Risk using Insurance

  Quote
Guest
Guest user Created:   May 04, 2021 Last commented:   May 04, 2021

Transferring Risk using Insurance

Hi Dejan,

As discussed with you during my meeting with you, I have 2 non-conformities for my ISO 27001 audit. One of them was A.15.2 - Supplier Relationship. We failed on A15.2.1 - Auditor notes "No evidence of monitoring and review of supplier services."

I read your blog on risk mitigation - https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/

My question for you is that we have Insurance. Can we transfer the risk of A15.2 using the insurance? Please let me know.

0 0

Assign topic to the user

ISO 27001 SUPPLIER SECURITY POLICY

Define how suppliers and partners need to keep your information safe.

ISO 27001 SUPPLIER SECURITY POLICY

Define how suppliers and partners need to keep your information safe.

Expert
Rhand Leal May 04, 2021

Yes, in some cases you can transfer the risk to insurance (e.g. for a risk of fire, you can insure your physical assets), however such insurance can only cover a smaller number of your risks. Therefore, you cannot expect to treat all risks through risk transfer using the insurance. 

For the risks for which you use the insurance, you will not need to perform monitoring and review of supplier services.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 04, 2021

May 04, 2021