Skip to main content

💼 A.15.1.1 Information security policy for supplier relationships

ID: /frameworks/iso-iec-27001-2013/15/01/01

Description

Information security requirements for mitigating the risks associated with supplier’s access to the organization’s assets shall be agreed with the supplier and documented.

Similar

Internal
- ID: dec-c-15a92c34

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v1.1 → 💼 ID.BE-1: The organization's role in the supply chain is identified and communicated					no data
💼 NIST CSF v1.1 → 💼 ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners					no data
💼 NIST CSF v1.1 → 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders					no data
💼 NIST CSF v1.1 → 💼 ID.SC-3: Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization's cybersecurity program and Cyber Supply Chain Risk Management Plan					no data
💼 NIST CSF v1.1 → 💼 PR.MA-2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access		1	1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Description
Similar
Similar Sections (Give Policies To)
Sub Sections