Vendor Security Requirements

Last updated on May 25, 2020

As organizations engage vendors/contractors to undergo pieces of work, vendors should understand and maintain the same (or higher) security posture as the organization. Security requirements for vendors should be clearly stated in contracts, and contracts should be review regularly, ensuring vendors are keeping to the requirement, before it is renewed.

Expert Opinion - Vendor Security Requirement

Control Objective

Vendor requirements are documented, followed, reviewed, and updated regularly
Require vendors to meet or exceed organizations’ security policy
Vendors are required to demonstrate evidence of compliance
Supply chain security risks are identified, mitigated, and reviewed regularly

Resources

Step-by-Step Guide: Contractors

Information Security Guidebook for Small and Medium Businesses

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics

Vendor Security Requirements

Expert Opinion - Vendor Security Requirement

Control Objective

Resources