Vendor Management Policy
Assign topic to the user
Answer: Regarding suppliers, ISO 27001 has a control that requires the definition of requirements for mitigating the risks associated with a supplier’s access to the organization’s assets, which does not require to describe detailed practices. This control is covered by template "Supplier Security Policy" that can be found at folder 08 Annex A A.15 Supplier relationships.
If you need detailed rules about how a supplier should behave, you can use the "Security Clauses for Suppliers and Partners" template, located at folder 08 Annex A A.15 Supplier relationships to define the rules you want your vendors to follow.
This article will provide you further explanation about suppliers management:
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
Comment as guest or Sign in
Jan 24, 2018