What is EN ISO 27013:2018 ?

EN ISO 27036-2:2018 is an essential standard for organizations that work with external suppliers. It provides guidelines on how to effectively manage the risks associated with information security when engaging with these suppliers.

The standard is part of the ISO/IEC 27000 series, which is a set of global standards for managing information security. It is designed to help organizations develop a proactive approach towards information security, ensuring compliance with legal, regulatory, and contractual requirements.

The key elements of EN ISO 27036-2:2018 include:

* The importance of due diligence: The standard emphasizes the need for organizations to conduct thorough due diligence when engaging with external suppliers. This includes evaluating the supplier's security controls and procedures to ensure they align with the organization's requirements.

* The need for a written agreement: EN ISO 27036-2:2018 recommends that organizations enter into a written agreement with external suppliers that outlines their security controls and procedures. This helps to ensure that both parties are on the same page and understand their roles and responsibilities.

* The importance of regular risk assessments: The standard encourages organizations to conduct regular risk assessments to identify potential vulnerabilities in their information systems. This allows organizations to take proactive steps to mitigate these risks.

* The need for a risk management plan: EN ISO 27036-2:2018 recommends that organizations develop a risk management plan to address potential vulnerabilities in their information systems. This plan should include a risk assessment process, a risk treatment process, and a risk monitoring process.

* The importance of regular audits: The standard encourages organizations to conduct regular audits of their information security management systems to ensure that they are operating effectively. This helps organizations to continuously improve their security posture.

How EN ISO 27013:2018 Can Help OrganizationsThe purpose of EN ISO 27015:2018 is to provide guidelines and best practices for establishing, implementing, maintaining, and continually improving an organization's information security management system. By following the guidelines outlined in this standard, organizations can effectively manage risks, protect sensitive information, and strengthen their overall security posture.

EN ISO 27015:2018 can help organizations develop a proactive approach towards information security, ensuring compliance with legal, regulatory, and contractual requirements. It is important for organizations to regularly review and update their information security management systems to ensure that they are operating effectively and to continuously improve their security posture.

In conclusion, EN ISO 27015:2018 is an essential standard for organizations that work with external suppliers. It provides guidelines on how to effectively manage the risks associated with information security when engaging with external suppliers, including the importance of due diligence, a written agreement, regular risk assessments, a risk management plan, and regular audits. By following these guidelines, organizations can effectively manage risks, protect sensitive information, and strengthen their overall security posture.