Home /

ISO/IEC 27036 Cybersecurity Standard Series 

ISO/IEC 27036 Cybersecurity Standard Series 

Talk to an expert

+ 44 (0) 203 9833 166
CONTACT
CONTACT US

ISO/IEC 27036 Cybersecurity Standard Series 

Offers guidelines for managing information security risks in supplier relationships

The ISO/IEC 27036 standard series is a multi-part standard that guides organisations on securing information and information systems within supplier relationships. This series offers guidelines for managing information security risks in supplier relationships. 

ISO/IEC 27036 can be used with several ISO standards, including ISO/IEC 27001, 27002, 27005, 28000, 27017, and 27701. Integrating these standards is crucial for ensuring information security in supplier relationships, managing risks, and securing cloud services. 

ISO/IEC 27036 Series Components 

The ISO/IEC 27036 series consists of the following parts: 

  1. ISO/IEC 27036-1:2021 – Cybersecurity – Supplier relationships – Part 1: Overview and concepts: This part introduces the series, offering an overview and fundamental concepts for ensuring information security in supplier relationships. 
  1. ISO/IEC 27036-2:2022 – Cybersecurity – Supplier relationships – Part 2: Requirements: This section defines the requirements for ensuring information security in supplier relationships. 
  1. ISO/IEC 27036-3:2023 – Cybersecurity – Supplier relationships – relationships—Part 3: Guidelines for hardware, software, and services supply chain security: This part guides the management of information security risks within the supply chain for hardware, software, and services. 
  1. ISO/IEC 27036-4:2016—Cybersecurity—Supplier relationships—Part 4: Guidelines for security of cloud services: This section provides guidance for cloud service providers and customers on managing information security risks in cloud services. 

Which other ISO standards can ISO/IEC 27036 be used in accordance with? 

ISO/IEC 27036 is a guidance standard for managing information security in supplier relationships and can be integrated with several ISO/IEC 27000 series standards, including: 

Compatibility with the ISO/IEC 27000 Series 

ISO/IEC 27036 can be used alongside general information security management system standards in the ISO/IEC 27000 series, including: 

  • ISO/IEC 27001 – Information Security Management System (ISMS): While ISO/IEC 27036 addresses information security risks in supplier relationships, ISO/IEC 27001 defines the general framework for managing information security. 
  • ISO/IEC 27002 – Code of Practice for Information Security Controls: The security controls for supplier security management in ISO/IEC 27036 can be integrated with the ISO/IEC 27002 control framework. 
  • ISO/IEC 27005 – Information Security Risk Management: The risk management processes in ISO/IEC 27036 align with the general risk management methodology outlined in ISO/IEC 27005. 
  • ISO/IEC 27019 – Information Security for the Energy Sector: This standard is relevant to supplier management risks in the energy sector, making it compatible with ISO/IEC 27036. 
  • ISO/IEC 27701 – Privacy Information Management System (PIMS): ISO/IEC 27036 can be used alongside ISO/IEC 27701 to ensure that personal data processed by suppliers is protected. 

Compatibility with Supply Chain and Cybersecurity Standards 

ISO/IEC 27036 can also be used alongside the following supply chain security standards: 

  • ISO/IEC 28000 – Supply Chain Security Management System: This standard, which focuses on the physical security of the supply chain, can be integrated with the information security aspects of ISO/IEC 27036. 
  • ISO/IEC 20243 – Open-Trusted Technology Provider Standard (O-TTPS): This standard ensures the security of hardware and software suppliers, making it compatible with ISO/IEC 27036. 
  • NIST SP 800-161 – Supply Chain Risk Management: Used alongside ISO/IEC 27036, this standard enhances supplier security in critical infrastructure. 

Compatibility with Cloud Security Standards 

Since ISO/IEC 27036-4 focuses on cloud security, it is closely related to the following standards: 

  • ISO/IEC 27017 – Security Controls for Cloud Services: The supplier security measures outlined in ISO/IEC 27036-4 align with the additional controls for cloud security defined in ISO/IEC 27017. 
  • ISO/IEC 27018 – Protection of Personal Data in Cloud Computing: ISO/IEC 27036-4 can be used alongside ISO/IEC 27018 to protect personal data processed by cloud service providers. 

 

ISO 9001 QMS

ISO 9001 is the international standard designed to help organisations implement a Quality Management System (QMS).

 Learn More
About Cert Areas Services Process Events & News UKAS Accreditation IAS Accreditation CPD Accreditation Contact Us
cfe cert linkedin
iso 27001 certification iso 22301 certification iso 37001 certification iso 20000 certification bs 10012 certification gdpr certification
© 2021 - CFECERT | All rights reserved
Cookies Policy Privacy Policy Terms & Conditions
About Cert Areas Services Process Events & News UKAS Accreditation IAS Accreditation CPD Accreditation Contact Us Cookies Policy Privacy Policy Terms & Conditions
cfe cert linkedin
© 2021 - CFECERT | All rights reserved
iso 27001 certification iso 22301 certification iso 37001 certification
iso 20000 certification bs 10012 certification gdpr certification