ISO/IEC 27036-1:2021
Cybersecurity - Supplier relationships - Part 1: Overview and concepts
This document is an introductory part of ISO/IEC 27036. It provides an overview of the guidance intended to assist organizations in securing their information and information systems within the context of supplier relationships. It also introduces concepts that are described in detail in the other parts of ISO/IEC 27036. This document addresses perspectives of both acquirers and suppliers.
| Get this standard | Prices exclude GST | |
|---|---|---|
| PDF ( Single user document) |
$126.00 NZD
|
|
| Networkable PDF |
Price varies
|
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Problem definition and key concepts
5.1 Motives for establishing supplier relationships
5.2 Types of supplier relationships
5.2.1 Supplier relationships for products
5.2.2 Supplier relationships for services
5.2.3 ICT supply chain
5.2.4 Cloud computing
5.3 Information security risks in supplier relationships and associated threats
5.4 Managing information security risks in supplier relationships
5.5 ICT supply chain considerations
6 Overall ISO/IEC 27036 structure and overview
6.1 Purpose and structure
6.2 Overview of ISO/IEC 27036-1: Overview and concepts
6.3 Overview of ISO/IEC 27036-2: Requirements
6.4 Overview of ISO/IEC 27036-3: Guidelines for information and communication technology (ICT) supply chain security
6.5 Overview of ISO/IEC 27036-4: Guidelines for security of cloud services
Bibliography
Keep me up-to-date
Sign up to receive updates when there are changes to this standard
Related Information
Similar Standards
-
AS/NZS ISO/IEC 27001:2023
Information security, cybersecurity and privacy protection – Information security management systems – Requirements
-
AS/NZS ISO/IEC 27001:2023 A1
Information security, cybersecurity and privacy protection - Privacy enhancing data de-identification framework
-
AS/NZS ISO/IEC 27002:2022
Information security, cybersecurity and privacy protection — Information security controls
-
AS/NZS ISO/IEC 27035.1:2025
Information technology – Information security incident management – Part 1: Principles and process
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Problem definition and key concepts
5.1 Motives for establishing supplier relationships
5.2 Types of supplier relationships
5.2.1 Supplier relationships for products
5.2.2 Supplier relationships for services
5.2.3 ICT supply chain
5.2.4 Cloud computing
5.3 Information security risks in supplier relationships and associated threats
5.4 Managing information security risks in supplier relationships
5.5 ICT supply chain considerations
6 Overall ISO/IEC 27036 structure and overview
6.1 Purpose and structure
6.2 Overview of ISO/IEC 27036-1: Overview and concepts
6.3 Overview of ISO/IEC 27036-2: Requirements
6.4 Overview of ISO/IEC 27036-3: Guidelines for information and communication technology (ICT) supply chain security
6.5 Overview of ISO/IEC 27036-4: Guidelines for security of cloud services
Bibliography