NEN-ISO/IEC 27036-3
Cybersecurity - Supplier relationships - Part 3: Guidelines for hardware, software, and services supply chain security
Organization: | NEN |
Publication Date: | 1 June 2023 |
Status: | active |
Page Count: | 46 |
ICS Code (IT Security): | 35.030 |
scope:
This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding:
a) gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains;
b) responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services;
c) integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, while supporting information security controls, as described in ISO/IEC 27002.
This document does not include business continuity management/resilienc
Document History

