Expert Advice Community

Guest

Vendor security clauses

  Quote
Guest
Guest user Created:   Jul 21, 2021 Last commented:   Jul 21, 2021

Vendor security clauses

One question – the vendor security clauses indicate a bunch of items that need to be included in the vendor agreement.  Do you have a template/example of an agreement that I can red-line with all of the relevant clauses included?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 21, 2021

Please note that “relevant clauses”, and how they are written, will depend on the context of each organization (i.e., results of risk assessment and applicable legal requirements), so we do not recommend such an approach when developing your own agreements.

In general terms, clauses to be considered would cover:

  • Right to audit
  • Notification about security breaches
  • Adherence to security practices
  • Response time to vulnerabilities
  • Demonstration of compliance
  • Management of supplier’s supply chain risks
  • Communication of changes
  • Maintenance of service levels

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 21, 2021

Jul 21, 2021

Suggested Topics

Guest user Created:   Jun 29, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question about A.7.1.2

Guest user Created:   Feb 13, 2021 ISO 27001 & 22301
Replies: 1
0 0

Risk assessment question

Guest user Created:   Nov 06, 2020 ISO 27001 & 22301
Replies: 1
0 0

Vendor Reviews