Find out more about this ISO 27001 based Cyber Security Questionnaire for Suppliers
Who should use this ISO 27001 based Supplier Cyber Security Questionnaire
With increasing threats of cyber-terrorism, malware and data theft, the prioritisation of good information security practices within a business is key to avoiding fines, reputational damage and loss of business. Common weak are often from the supply chain or third parties which, given a widespread of risk makes it useful to have a risk-proportional approach to assessment in this area. Organisations that wish to avoid dealing with non-compliant businesses and minimise exposure to high-risk data practices can use this Standard Questionnaire within Rizikon Assurance. This comprehensive checklist will assist with ensuring a high level of information security within an organisation, especially where the risk and impact of a data breach are considered to be high.
How this ISO 27001 based Supplier Cyber Security Checklist was developed
This checklist is based on ISO27001 standard, designed to help organisations to manage their information security processes in line with international best practice while optimising costs. The questions in this Standard Questionnaire in Rizikon Assurance are derived from those that an organisation will answer when being assessed for ISO 27001 certification.
ISO 27001 based Supplier Cyber Security Questionnaire Questions, sections and scoring
The structure of the ISO27001 standard questionnaire covers a comprehensive list of areas, including sections on Information Security Policy, Human Resource Security, Asset Management, Access Control, Communications Security, Operations Security, Supplier Relationships and more. There are 14 of these sections, ensuring an in-depth assessment of information security. The questions are scored on a tiered basis – answers provided are either scored High, Medium or Low, whereas compliant answers will simply remain unhighlighted. Low scores indicate advisory notes, whereas Medium and High scores indicate serious non-conformity with best practices as outlined in ISO 27001 standard guidelines. The overall questionnaire score will be inherited from the most severe question score provided, highlighting their point of least compliance.