template

3rd Party Supplier Security Requirements Policy

Chris Young

Nov, 01 2022

When to use this template

This policy is used to ensure the company's 3rd party suppliers (such as those providing technology software to the company) adhere to certain security standards as required by ISO27001 or SOC2 for instance

Key issues covered in this template

Supplier security requirements
Backups and physical media
Security logs and monitoring
Security incident management
Malware protection
Intrusion prevention system
Communication over networks
Software development
Physical security
PCI DSS
Disputes

What to watch out for

Everything after the Introduction can and should be copy and pasted into supplier legal agreements, or else the supplier agreements should reflect this policy
The company may not have such stringent requirements on suppliers processing non-critical data as defined by the company.

Used by