💼 A.15.2.2 Managing changes to supplier services
- ID:
/frameworks/iso-iec-27001-2013/15/02/02
Description​
Changes to the provision of services by suppliers, including
maintaining and improving existing information security policies,
procedures and controls, shall be managed, taking account of the
criticality of business information, systems and processes involved
and re-assessment of risks
Similar​
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
| 💼 NIST CSF v1.1 → 💼 ID.BE-1: The organization's role in the supply chain is identified and communicated | | | | | no data |
| 💼 NIST CSF v1.1 → 💼 ID.SC-1: Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders | | | | | no data |
| 💼 NIST CSF v1.1 → 💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process | | 7 | 7 | | no data |
| 💼 NIST CSF v1.1 → 💼 ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations | | 16 | 19 | | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|