Interdependency indicator -
ISO IEC 27002 control name EXAMPLE OF IMPLEMENTATION
Managing changes to supplier services
Control ID:
15.2.2
Domain:
15Supplier Relationships
Subdomain:
15.2Supplier service delivery management

Changes to the provision of services by suppliers, including maintaining and improving existing information security policies, procedures and controls, should be managed, taking account of the criticality of business information, systems and processes involved and re-assessment of risks.

Review the changes related to supplier services related to information security. Measure their financial value.
Monitoring and review of supplier services
Control ID:
15.2.1
Domain:
15Supplier Relationships
Subdomain:
15.2Supplier service delivery management

Organisations should regularly monitor, review and audit supplier service delivery.

Measure that number of agreements that are not fully adhered to and the related incidents. Measure the penalties and other economic features.
Information security policy for supplier relationships
Control ID:
15.1.1
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

Information security requirements for mitigating the risks associated with supplier’s access to the organisation’s assets should be agreed with the supplier and documented.

The number of supplier contracts, the type of services provided and the impact of those services to the organisation, provide for an estimation of the economic impact of NIS incidents.
Information and communication technology supply chain
Control ID:
15.1.3
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

Agreements with suppliers should include requirements to address the information security risks associated with information and communications technology services and product supply chain.

Review the supplier agreements with focus to dependencies of critical services, their economic value and the related penalties.
Addressing security within supplier agreements
Control ID:
15.1.2
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

All relevant information security requirements should be established and agreed with each supplier that may access, process, store, communicate, or provide IT infrastructure components for, the organisation’s information.

Calculate the amount of penalties arising from the violation of supplier agreement. Calculate the amount of each agreement. These numbers will show the economic impact on related suppliers either from a loss of contract or from the violation of one.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information