Guest
Vendor security clauses
One question – the vendor security clauses indicate a bunch of items that need to be included in the vendor agreement. Do you have a template/example of an agreement that I can red-line with all of the relevant clauses included?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Jul 21, 2021
Please note that “relevant clauses”, and how they are written, will depend on the context of each organization (i.e., results of risk assessment and applicable legal requirements), so we do not recommend such an approach when developing your own agreements.
In general terms, clauses to be considered would cover:
- Right to audit
- Notification about security breaches
- Adherence to security practices
- Response time to vulnerabilities
- Demonstration of compliance
- Management of supplier’s supply chain risks
- Communication of changes
- Maintenance of service levels
For further information, see:
- Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
Comment as guest or Sign in
Jul 21, 2021
Jul 21, 2021
Jul 21, 2021