Vendor Security Requirements

As organizations engage vendors/contractors to undergo pieces of work, vendors should understand and maintain the same (or higher) security posture as the organization. Security requirements for vendors should be clearly stated in contracts, and contracts should be review regularly, ensuring vendors are keeping to the requirement, before it is renewed.   

Control Objective

  • Vendor requirements are documented, followed, reviewed, and updated regularly
  • Require vendors to meet or exceed organizations’ security policy
  • Vendors are required to demonstrate evidence of compliance
  • Supply chain security risks are identified, mitigated, and reviewed regularly

Resources

Step-by-Step Guide: Contractors