Guideline to Customer-supplier relationships (Supply chain management- SCM) ISO/IEC 27036 Information security for supplier relationships
The standard address suppliers/service providers as well as their customers. Mainly deals with B2B transactions, even when it is between two business units in the same organization.
Part 1: ISO/IEC 27036 -1:2014 - Overview and concepts
Not for certification. (Servs as an explanation)
Describes terminologies, and define the situations of Customer/Supplier relationships exist, risks
Also, the purpose of the other parts of the standard.
Part 2: ISO/IEC 27036 -2 :2014 - Requirements
Not for certification. Describes in principle the 5 processes of Supply chain management, (One or several), goals and activities
Part 3: ISO/IEC 27036 -3 :2013 - Guidelines for information and communication technology supply chain security
For certification: of customer or supplier - describes in detail the process and requirement for SCM, based on ISO/IEC 12207 (SW development life cycle - SDLC and ISO/IEC 5288 (System engineering life cycle), as well as ISO/IEC 2700 (ISMS controls)
Part 4: ISO/IEC 27036 - 4 :2016 - Guidelines for security of cloud services
For certification: Based on various types of cloud services business models as described in ISO/IEC 17788, and other ISO/IEC cloud standard dedicated to information security aspects (ISO/IEC 27018, ISO/IEC 27017)
Suitable for various types of cloud (Public, private and hybrid) and for their offering (Networks, storage, application, protection of privacy. etc.)
The road to certification
To initiate the process, we recommend purchasing the standard at the Standards Institution of Israel Information Center
Certification follows the successful implementation an organization's in-house quality management system pursuant to the requirements of the standard. To start this process, it is recommended to purchase the standard at the Standards Institution of Israel Information Center, study the requirements, and participate in appropriate training. It is also possible to consult with the quality management experts and undergo an audit by Standards Institution of Israel to check for shortcomings.
The process ought to be seen as an opportunity for improvement via the organization team which will receive management commitment and involvement. At the end of the process, independent Standards Institution of Israel auditors will perform an audit that confirms that the organization's management system is compatible to the specifications of the standard.
The Standards Institution of Israel – the right choice for you!
- The Standards Institution of Israel has a longstanding reputation for quality and professionalism
- Our people are among the best experts in the quality assurance field, with experience and familiarity of customers' needs
- The Standards Institution of Israel is the country's largest certification body
- The Standards Institution of Israel has accreditation from the largest certification bodies in the world
- The Standards Institution of Israel offers a range of services under one roof: certification (individual and integrated), a range of laboratory tests, and a training center
- The Standards Institution of Israel is member of international standardization committees and has cooperation agreements with top certification bodies in the world.
- The Standards Institution of Israel is a member of IQNet Association - The International Certification Network, which incorporates certification bodies from all over the world. Standards Institution of Israel customers obtain exclusive IQNet certification for free and may also obtain mutual recognition from IQNet members as a marketing tool.
ISO/IEC 27001