Vendor Security Requirements

Last updated on May 25, 2020

As organizations engage vendors/contractors to undergo pieces of work, vendors should understand and maintain the same (or higher) security posture as the organization. Security requirements for vendors should be clearly stated in contracts, and contracts should be review regularly, ensuring vendors are keeping to the requirement, before it is renewed.   

 

Expert Opinion - Vendor Security Requirement

 

Control Objective

  • Vendor requirements are documented, followed, reviewed, and updated regularly
  • Require vendors to meet or exceed organizations’ security policy
  • Vendors are required to demonstrate evidence of compliance
  • Supply chain security risks are identified, mitigated, and reviewed regularly

Resources

Step-by-Step Guide: Contractors

Information Security Guidebook for Small and Medium Businesses