Skip to Main Content
Learn for less: Save 25% on high-quality instructor-led and self-paced foundation training. Find out more
ISO/IEC 27036-1:2014 – Overview of supplier information security

ISO/IEC 27036-1 2014 (ISO 27036-1 Standard) – Overview of supplier information security

SKU: 4744
Authors: ISO/IEC
Publishers: ISO/IEC
Format: Hardcopy
Published: 01 Apr 2014
Availability: In Stock

The ISO 27036-1 standard provides detailed guidance on implementing the ISO 27002 information security controls that deal with supplier relationships.

It addresses the supplier relationship from both the suppliers’ and the acquirers’ points of view.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account.  Apply online today or call our service centre team on 00 800 48 484 484.

Price: 180,00 €


ISO/IEC 27036-1:2014 – Information technology – Security techniques – Information security for supplier relationships – Part 1: Overview and concepts

Most organisations have relationships with suppliers that involve the transfer of information: suppliers can have direct or indirect access to acquirers' information and information systems, and acquirers can have access to suppliers' information.

Acquirers and suppliers can therefore present information security risks to each other. These risks should be managed by both parties.

The ISO 27036-1 standard is an introductory part of ISO 27036. It provides an overview of the guidance intended to help all organisations – whether supplier or acquirer – to secure their information and information systems within the context of supplier relationships. It also introduces concepts that are described in detail in the other parts of ISO 27036.

In the context of this standard, supplier relationships include any that have information security implications, such as information technology, healthcare services, janitorial services, consulting services, R&D partnerships, outsourced applications (ASPs) or Cloud computing services (such as software, platform or infrastructure as a service).


Customer Reviews