ISO27001 states that “Processes and procedures shall be defined and implemented to manage the information security risks associated with the use of suppliers products or services.” (A5.19 Information Security in supplier relationships)
Every organisation has suppliers at some level, even if it’s only virtual providers, such as Cloud and software as a service (SaaS). Your business will use various suppliers to provide services, goods and technologies so you need to communicate to your team what is expected when selecting and managing these relationships.
Our policies are designed to make it easy to understand and implement so that your relationships with third-parties can be managed effectively.
About our policies
This policy is written with the end-user in mind. It is not complicated, and it is written in 'plain english'. It's important to note that ISO27001 mandates key policies (where a control has been selected), but it does NOT mandate that the policies are BORING!
Keep the audience in mind. Don't reveal too much in your policies (i.e. don't mention specific technologies, as these may change over time.
Keep. It. Simple.
Supplier Relationships Policy
Hey, we're not going to go all 'legal' on you here... that's not our style. But this is our Intellectual Property, and we'd prefer it if you didn't go sharing this with other people who haven't spent the money and bought a copy.
Of course, we can't really stop you... But are you that kind of person? We don't think you are. So if you want to tell people about your new found super power of ISO27001-Awesomeness, great... just don't give it away for free!