Скачать или смотреть ISO 27001:2022 A5.19 - Information Security in Supplier Relationships

You've locked your doors, trained your staff, and secured your network. But what about the dozens, or even hundreds, of suppliers who have access to your data? Your cloud provider, your marketing agency, your managed service provider... they are all potential backdoors into your organization.

Welcome back to the channel, where we make ISO 27001 simple! Today, we are pulling back the curtain on one of the most important controls for any business in 2024: A.5.19 - Information security in supplier relationships.

A data breach caused by one of your suppliers is still YOUR data breach. Your reputation is on the line. This control isn't just about adding a security clause to a contract and hoping for the best. It’s about creating a comprehensive lifecycle for managing supplier risk from day one until the relationship ends.

If you use any third-party service (and who doesn't?), you cannot afford to miss this.

🎬 IN THIS VIDEO, YOU WILL LEARN:

The "Weakest Link" Problem (1:15): We'll explain exactly what A.5.19 is and why supply chain attacks are one of the fastest-growing threats to businesses today.

The 3 Phases of Supplier Security (3:40): We'll walk you through the entire supplier lifecycle and the critical security steps for each phase:

1. Onboarding: How to perform due diligence BEFORE you sign the contract. What questions should you be asking?

2. In-Life Management: Monitoring performance and ensuring suppliers are sticking to their security promises.

3. Termination / Offboarding: How to securely retrieve your data and terminate access when the contract ends.

The Unbreakable Supplier Agreement (7:50): We’ll reveal the essential security clauses that MUST be in your supplier contracts. This includes the right to audit, incident notification requirements, and data handling policies. This part alone is worth the watch!

Common Audit Traps (11:20): As an auditor, I see the same mistakes over and over. Learn how to avoid the most common audit fails for A.5.19, like having no supplier register or inconsistent risk assessments.

Tiering Your Suppliers (13:05): Pro-Tip! Not all suppliers are created equal. We'll show you how to categorize suppliers based on risk so you can focus your energy where it matters most.

👇 Let's be honest in the COMMENTS: What's your biggest supplier security headache? Is it getting them to sign a security agreement or making sure they actually follow it?

If you're ready to secure your supply chain, do me a huge favor and SMASH that LIKE button and SUBSCRIBE for more actionable ISO 27001 advice!

#ISO27001 #SupplyChainSecurity #VendorRiskManagement #ThirdPartyRisk #CyberSecurity #InformationSecurity #Compliance #A519

Managing third-party risk can feel like a full-time job. If you need help building a robust framework to secure your supplier relationships and achieve ISO 27001 certification, our team has the expertise to guide you every step of the way. We help you manage your weakest link so you can focus on your strengths.

We are Consultants Like Us.