Vendor Management Policy
Assign topic to the user
ISO 27001 IT SECURITY POLICY
Define the detailed security rules for everyone in the company.
Get it now 
ISO 27001 IT SECURITY POLICY
Define the detailed security rules for everyone in the company.
Get it now
ISO 27001 IT SECURITY POLICY
Define the detailed security rules for everyone in the company.
Get it now
Answer: Regarding suppliers, ISO 27001 has a control that requires the definition of requirements for mitigating the risks associated with a supplier’s access to the organization’s assets, which does not require to describe detailed practices. This control is covered by template "Supplier Security Policy" that can be found at folder 08 Annex A A.15 Supplier relationships.
If you need detailed rules about how a supplier should behave, you can use the "Security Clauses for Suppliers and Partners" template, located at folder 08 Annex A A.15 Supplier relationships to define the rules you want your vendors to follow.
This article will provide you further explanation about suppliers management:
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
Comment as guest or Sign in
Jan 24, 2018