ISO 27001 Supplier Management Controls

In this episode of InfoSec Insider, Wayne Armstrong, Senior Consultant at URM, breaks down the 5 supplier management-related controls in the ‘Organisational’ control theme of ISO 27001’s Annex A.  Wayne draws upon 30+ of experience with information security to discuss: 

• Why your organisation should consider supplier management as part of information security  

• What each of the following 5 controls cover and how to implement them: 

• A5.19 – Information security in supplier relationships 

• A5.20 – Addressing information security within supplier relationships 

• A5.21 – Managing information security in the ICT supply chain 

• A5.22 – Monitoring, review and change management of supplier services 

• A5.23 – Information security for use of cloud services.  

Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-2022-a-5-organisational-controls-supplier-management 

 If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider     

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   

Brought to you by URM, the UK’s leading information and cyber security specialists.