template

3rd Party Supplier Security Requirements Policy

by
C
Chris Young
Nov, 01 2022

When to use this template

This policy is used to ensure the company's 3rd party suppliers (such as those providing technology software to the company) adhere to certain security standards as required by ISO27001 or SOC2 for instance

Key issues covered in this template

  • Supplier security requirements
  • Backups and physical media
  • Security logs and monitoring
  • Security incident management
  • Malware protection
  • Intrusion prevention system
  • Communication over networks
  • Software development
  • Physical security
  • PCI DSS
  • Disputes

What to watch out for

  • Everything after the Introduction can and should be copy and pasted into supplier legal agreements, or else the supplier agreements should reflect this policy

  • The company may not have such stringent requirements on suppliers processing non-critical data as defined by the company.

79

Used by

Author

C

Chris Young

@chris75410632
Genie AI Team

DID
Wintervest Capital
DGNCT LLC
Robora AI Limited
Wayne Phares
KTG
Teamtailor
DAS
Back in Action Consultancy Ltd
PrivacyHero
A
F
+67 more
Technology
29%
Consultancy
15%
Manufacturing
7%
Legal Services
6%
Education
6%
Agriculture, Forestry and Fishing
5%
Finance
5%
Retail
5%
Energy
5%
Other
5%
Consumer, Public & Health Services
4%
Public Administration
2%
Real Estate
2%
Sport & Entertainment
1%
Wholesale
1%
Construction
1%
Insurance
1%

Additional information

Business categories

Relevant sectors

Agriculture, Forestry and Fishing

Mining

Construction

Transport

Wholesale

Manufacturing

Energy

Retail

Finance

Real Estate

Consumer, Public & Health Services

Media

Insurance

Legal Services

Education

Technology

Sport & Entertainment

Consultancy

Public Administration

Other

Relevant company sizes

1 - 3

20 - 49

250 - 999

4 - 19

50 - 249

1000 +

Governing law

England and Wales

Language

English UK

Gender neutral

Yes