Supplier Assessment and Leadership & Management – 2 topics we will address from the Business Side. For Supplier Management we have designed a standard Procedure, selection, profile, onboarding assessment and the in-depth assessment procedure for medium and high risks suppliers. Supplier assessment is split between Business and Tech, depending on the profile of suppliers. And standard documentation for your Leadership & Management – with respect to compliance topics.
The secret to the Compleye Approach is that we designed our ISMS Framework inspired by the Mark Twain quote: “I apologize for such a long letter – I didn’t have time to write a short one.” Compliance Documentation normally is a large pile of paper – policies, procedures, forms, controls etc. I think that is the lazy way of compliance – and comparable with lazy developers, writing a lot of code (content or text) so you have done your job, without considering if that will work for your product (or processes) for the long run. What we did is stripping all of the unnecessary content of compliance documentation and stick to the core and intention of ISO27001 norm. Making our standards and templates simple and easy to understand for everyone. That is why it is possible to push and pull so many topics in 1 hour.
Security policies, procedures and IT Supplier Management – on the Agenda today for Tech. There are a lot of topics where we need to define a policy for – Open Source, Cryptography, Tooling etc. – it is our job today to define policies while interviewing the CTO. And it might sound strange, but we do not need to define something new – we just need to document what your current position is with respect to these IT Topics.
IT Suppliers are a special and important topic in the ISO27001. It is not only the providers of your cloud environment that you need to take into consideration. We need to dive into the tools that your Tech Team is using to monitor the Cloud and develop the source code. Your SDLC (software development life cycle) is key in this process and if not yet in place – we push you to create your first one.