ISO/IEC 27036:2016-2023 – Information Security for Supplier Relationships

ISO/IEC 27036:2016-2023 - Information Security for Supplier Relationships

ISO/IEC 27036 is a multi-part standard offering guidance on the management of information risks involved in the acquisition of ICT products (goods and services) from suppliers. The standards avoid referring to selling and buying since the issues are much the same whether the transactions are commercial or not e.g. when one part of an organization or group acquires ICT products from another, or uses free/open-source products.