UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ISO/IEC 27036-2

Information technology - Security techniques - Information security for supplier relationships - Part 2: Requirements

active, Most Current
Buy Now
Organization: ISO
Publication Date: 1 August 2014
Status: active
Page Count: 46
ICS Code (Information coding): 35.040
scope:

This part of ISO/IEC 27036 specifies fundamental information security requirements for defining, implementing, operating, monitoring, reviewing, maintaining and improving supplier and acquirer relationships.

These requirements cover any procurement and supply of products and services, such as manufacturing or assembly, business process procurement, software and hardware components, knowledge process procurement, Build-Operate-Transfer and cloud computing services.

These requirements are intended to be applicable to all organizations, regardless of type, size and nature.

To meet these requirements, an organization should have already internally implemented a number of foundational processes, or be actively planning to do so. These processes include, but are not limited to, the following: governance, business management, risk management, operational and human resources management, and information security.

Document History

ISO/IEC 27036-2
June 1, 2022
Cybersecurity — Supplier relationships — Part 2: Requirements
This document specifies fundamental information security requirements for defining, implementing, operating, monitoring, reviewing, maintaining and improving supplier and acquirer relationships....
ISO/IEC 27036-2
August 1, 2014
Information technology - Security techniques - Information security for supplier relationships - Part 2: Requirements
This part of ISO/IEC 27036 specifies fundamental information security requirements for defining, implementing, operating, monitoring, reviewing, maintaining and improving supplier and acquirer...

References

This document references:
ISO 22301 - Security and resilience — Business continuity management systems — Requirements
Published by ISO on October 1, 2019
This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from...
This document references:
ISO 22313 - Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301
Published by ISO on February 1, 2020
This document gives guidance and recommendations for applying the requirements of the business continuity management system (BCMS) given in ISO 22301. The guidance and recommendations are based on...
This document references:
ISO 31000 - Risk management - Guidelines
Published by ISO on February 1, 2018
This document provides guidelines on managing risk faced by organizations. The application of these guidelines can be customized to any organization and its context. This document provides a common...
This document references:
ISO/IEC 27000 - Information technology - Security techniques - Information security management systems - Overview and vocabulary
Published by ISO on February 1, 2018
This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is...
This document references:
ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements
Published by ISO on October 1, 2013
This International Standard specifies the requirements for establishing, implementing, maintain and continually improving an information security management system within the context of the...
This document is referenced by:
AS/NZS ISO/IEC/IEEE 15288 - Systems and software engineering – System life cycle processes
Published by SNZ on November 3, 2023
This document establishes a common framework of process descriptions for describing the life cycle of systems created by humans, defining a set of processes and associated terminology from an...
This document is referenced by:
ITU-T X.1631 - Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services
Published by ITU-T on July 1, 2015
This Recommendation | International Standard gives guidelines for information security controls applicable to the provision and use of cloud services by providing: – additional implementation...
This document is referenced by:
ISO/IEC 27011 - Information technology - Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations TECHNICAL CORRIGENDUM 1
Published by ISO on September 1, 2018
A description is not available for this item.
This document is referenced by:
ISO 27799 - Health informatics - Information security management in health using ISO/IEC 27002
Published by ISO on July 1, 2016
This International Standard gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of...
This document is referenced by:
ITU-T X.1051 - Information technology – Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for telecommunications organizations
Published by ITU-T on April 1, 2016
The scope of this Recommendation | International Standard is to define guidelines supporting the implementation of information security controls in telecommunications organizations. The adoption of...
View Less
View All
Advertisement