Content library
ISO 27001 (2013): Full
15.1.2: Addressing security within supplier agreements

How to fill the requirement

ISO 27001 (2013): Full

15.1.2: Addressing security within supplier agreements

Task name
Priority
Status
Theme
Policy
Other requirements
Inventory and documentation of data processing agreements
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Data transfer and disclosure
16
requirements

Task is fulfilling also these other security requirements

28. Data processor
GDPR
15.1.2: Addressing security within supplier agreements
ISO27 Full
13.2.2: Agreements on information transfer
ISO27 Full
A.8.2.4: Infringing instruction
ISO 27701
5.14: Information transfer
ISO27k1 Full
1. Task description

The processors of personal data (e.g. providers of data systems, other partners using our employee or customer data) and the agreements related to the processing of personal data have been documented. The documentation includes e.g.:

  • Processor name and location
  • Purpose of processing data
  • Status of agreement
Evaluation of data processing agreement for important data processors
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Partner management
Agreements and monitoring
7
requirements

Task is fulfilling also these other security requirements

28. Data processor
GDPR
15.1.2: Addressing security within supplier agreements
ISO27 Full
TSU-04.1: Henkilötietojen käsittelijä - Sopimukset
Julkri
5.20: Addressing information security within supplier agreements
ISO27k1 Full
P6.5: Notification of unauthorized disclosure of personal information from third parties
SOC 2
1. Task description

Data processing agreements bind the actions of a personal data processing partner.

It can be important for us to require an important partner to take care of e.g. ensuring the confidentiality requirements for its personnel and restricting the use of other processors of personal data in connection with our data.

Data processing agreement analysis for most important system providers
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Data system procurement
11
requirements

Task is fulfilling also these other security requirements

28. Data processor
GDPR
15.1.2: Addressing security within supplier agreements
ISO27 Full
14.1.1: Information security requirements analysis and specification
ISO27 Full
HAL-16.1: Hankintojen turvallisuus - sopimukset
Julkri
TSU-04.1: Henkilötietojen käsittelijä - Sopimukset
Julkri
1. Task description

The processing agreement binds the actions of the data processor (such as the system vendor).

It can be important for us to ensure an important partner takes responsibility of e.g. access control (logging) and data recovery at the end of the contract according to our preferred policies.

No items found.