ISO/IEC 27002:2022 Clause 5.20 – Addressing information security within supplier agreements states:
“Agreements with suppliers should include requirements to address the information security risks associated with information and communications technology services and products provided by suppliers.”
Further emphasized in Clause 5.19 – Information security in supplier relationships, which mandates managing supplier-related risks.
This means contracts must include clauses addressing information security expectations, responsibilities, access rights, compliance, audits, and breach response mechanisms.
[References:, ISO/IEC 27002:2022 Clauses 5.19 and 5.20, ISO/IEC 27001:2022 Annex A Control A.5.19 & A.5.20===========]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit