Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Supplier relationships

We buy hardware and other stationery or computer consumables from vendors. However, we do not have any long standing contract with any of them. The proposals are requested on need basis and the purchase order placed. We have a contract with a consultancy for CMMi services. So, do both these categories fall under supplier relationship?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Both of these categories are your suppliers. However, not both of them are equally risky for your company - therefore, after you perform your risk assessment you will realize that your stationery does not pose threat to your information, while consultancy could - this means that you will have to perform certain controls on your consultant only.

The point is - you do not divide the suppliers upfront based on their business. You should decide whether to apply security controls only after you perform risk assessment, no matter what they do.

Read also this article: 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community