Vendor Security Requirements

As organizations engage vendors/contractors to undergo pieces of work, vendors should understand and maintain the same (or higher) security posture as the organization. Security requirements for vendors should be clearly stated in contracts, and contracts should be review regularly, ensuring vendors are keeping to the requirement, before it is renewed.   


Expert Opinion - Vendor Security Requirement


Control Objective

  • Vendor requirements are documented, followed, reviewed, and updated regularly
  • Require vendors to meet or exceed organizations’ security policy
  • Vendors are required to demonstrate evidence of compliance
  • Supply chain security risks are identified, mitigated, and reviewed regularly


Step-by-Step Guide: Contractors

Information Security Guidebook for Small and Medium Businesses