01
A.15.1.1: Information security policy for supplier relationships
02
A.15.1.2: Security requirements agreed with each supplier
03
A.15.1.3: ICT supply chain risks addressed specifically
04
A.15.2.1: Supplier service delivery monitored and audited
International Standard for Information Security Management Systems
ISO 27001 requires managing information security risks from suppliers. Annex A.15 mandates structured vendor risk assessment and monitoring.
A.15.1.1: Information security policy for supplier relationships
A.15.1.2: Security requirements agreed with each supplier
A.15.1.3: ICT supply chain risks addressed specifically
A.15.2.1: Supplier service delivery monitored and audited
Continuous scoring satisfies A.15.2.1 monitoring requirements.
QFX questionnaires aligned to Annex A controls.
Certificates of Diligence for A.15.1 compliance.
Breach monitoring supports A.16 Incident Management.
ISO 27001 compliance is critical for organizations in these sectors.
Assess your first vendors free — no credit card, no contract, no gym membership required.
Try 5 Vendors for Free →