Secure your ICT supply chain with ISO27036-3:2013.
ISO/IEC 27036-3:2013 offers guidance on the implementation of information security systems to secure complex ICT supply chains
You may have confidence in the strength of your own information security systems, but how can you guarantee the security of your information and communication technology (ICT) supply chain?
This new addition to the ISO27000 series of information security standards, ISO/IEC 27036-3:2013, gives guidance on ICT supply chain security, and as such is a key support for ISO27001:2013, which introduced supply chain management as a control category.
Applicable to product and service acquirers and suppliers, ISO27036-3 provides guidance on:
ISO/IEC 27036-3:2013 does not include business continuity management/resiliency issues involved with the ICT supply chain, which is covered by ISO/IEC 27031.