ISO 27001 Annex : A.15.2 Supplier Service Delivery ManagementPosted by Infosavvy on May 22nd, 2021 ISO 27001 Annex : A.15.2 Supplier Service Delivery Management It’s objective is to maintain, in compliance with supplier agreements, an agreed level of information security and delivery of service. A.15.2.1 Monitoring and Review of Supplier ServicesControl- Organizations shall monitor, review and audit the provision of service to suppliers on a regular basis. Implementation Guidance – Monitoring and review of supplier services will ensure respect for the terms and conditions of information security of the arrangement and careful monitoring of incidents and issues related to information security. This will include a process of service management between the client and the supplier:
A designated entity or service management team should be entrusted with the responsibility for managing supplier relationships. Moreover, the organization should ensure that suppliers assign responsibilities for compliance review and implementation of the agreement requirements. There should be appropriate technical expertise and resources to track compliance with the requirements of the Agreement, especially with the requirements for information security. If deficiencies in the service delivery are observed, suitable action should be taken. To order that sensitive and essential information and information processing facilities that a company has access, stored or controlled should be kept to full control and exposure of all security aspects. In the context of a defined reporting procedure, the organization should retain visibility in security activities such as change management, vulnerability identification, and incident reporting and response to information security. A.15.2.2 Managing Changes to Supplier ServicesControl- Change in the provision of services by providers should be managed with the focus on the criticality of enterprise information, systems, processes, and reassessment of risks and should include maintaining and improving existing information security policies, procedures, and controls. Read More : https://info-savvy.com/iso-27001-annex-a-15-2-supplier-service-delivery-management/ ------------------------------------------------------------------------------------------------------------------------ This Blog Article is posted by Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092 Contact us –www.info-savvy.com Like it? Share it!More by this author |