template

3rd Party Supplier Security Requirements Policy

by
C
Chris Young
Nov, 01 2022

When to use this template

This policy is used to ensure the company's 3rd party suppliers (such as those providing technology software to the company) adhere to certain security standards as required by ISO27001 or SOC2 for instance

Key issues covered in this template

  • Supplier security requirements

  • Backups and physical media

  • Security logs and monitoring

  • Security incident management

  • Malware protection

  • Intrusion prevention system

  • Communication over networks

  • Software development

  • Physical security

  • PCI DSS

  • Disputes

What to watch out for

  • Everything after the Introduction can and should be copy and pasted into supplier legal agreements, or else the supplier agreements should reflect this policy

  • The company may not have such stringent requirements on suppliers processing non-critical data as defined by the company.

79

Used by

Author

C

Chris Young

@chris75410632
Genie AI Team

Be Secure Cyber Ltd
DALC
Dose of Tech Services Ltd
Kameleoon
Teamtailor
Plan-IT Consilting Ltd
Kuppa
Plural AI
Genie AI
kaibe
DID
Q
+67 more
Technology
29%
Consultancy
15%
Manufacturing
7%
Legal Services
6%
Education
6%
Agriculture, Forestry and Fishing
5%
Finance
5%
Retail
5%
Energy
5%
Other
5%
Consumer, Public & Health Services
4%
Public Administration
2%
Real Estate
2%
Sport & Entertainment
1%
Wholesale
1%
Construction
1%
Insurance
1%

Terms of use

This is not legal advice - see more
Genie AI terms and conditions
Code of conduct

2 years ago

C

Chris Young

A static version of the document with guidance notes was uploaded.

3 years ago

Genie

Genie Team

Description updated

4 years ago

C

Chris Young

Minor updates to version table.

4 years ago

C

Chris Young

This policy is used to ensure the company's 3rd party suppliers (such as those providing technology software to the company) adhere to certain security standards as required by ISO27001 or SOC2 for instance. Everything after the Introduction can and should be copy and pasted into supplier legal agreements, or else the supplier agreements should reflect this policy. The company may not have such stringent requirements on suppliers processing non-critical data as defined by the company.

Additional information

Business categories

Policies

Business activities

Create A Policy For Supplier Security Requirements

Contract type

Supplier Security Requirements Policy

Relevant sectors

Agriculture, Forestry and Fishing

Mining

Construction

Transport

Wholesale

Manufacturing

Energy

Retail

Finance

Real Estate

Consumer, Public & Health Services

Media

Insurance

Legal Services

Education

Technology

Sport & Entertainment

Consultancy

Public Administration

Other

Relevant company sizes

1 - 3

20 - 49

250 - 999

4 - 19

50 - 249

1000 +

Governing law

England and Wales

Language

English UK

Gender neutral

Yes