How should the supplier organise information security?

1.1.The Supplier shall have a management framework established to initiate and control the implementation of security.

1.2.The Supplier shall have an operational and documented process regarding internal personnel changes. All staff changes that affect or may affect personnel with access to COMPANY NAME’s systems shall be reported to COMPANY NAME within 30 days. Staff changes shall be documented and stored for review and the Supplier shall be able to show documented staff changes upon COMPANY NAME’s request.