Initial commit
This commit is contained in:
Paul Jenkins
61
04-registers/supplier-register-template.md
Normal file
61
04-registers/supplier-register-template.md
Normal file
@@ -0,0 +1,61 @@
|
||||
Title: Supplier Register Template
|
||||
Document ID: [REG-SUPPLIER-001]
|
||||
Version: 0.1 Draft
|
||||
Status: Draft
|
||||
Owner: CISO (Paul Jenkins)
|
||||
Approver: CISO (Paul Jenkins)
|
||||
Classification: Internal
|
||||
Effective date: [DD Month YYYY]
|
||||
Review date: [DD Month YYYY]
|
||||
|
||||
# Supplier Register Template
|
||||
|
||||
## Purpose
|
||||
|
||||
This template provides the structure for recording suppliers relevant to the ISMS and tracking their assurance and review status.
|
||||
|
||||
## Scope
|
||||
|
||||
This register applies to suppliers, service providers, subprocessors, hosting providers, and other third parties that may affect information security, privacy, resilience, or service delivery.
|
||||
|
||||
## Data Fields / Expected Columns
|
||||
|
||||
The supplier register should record at least:
|
||||
|
||||
- supplier name
|
||||
- service provided
|
||||
- internal supplier owner
|
||||
- risk tier
|
||||
- information or access profile
|
||||
- contract status
|
||||
- assurance status
|
||||
- last review date
|
||||
- next review date
|
||||
- open actions
|
||||
- status
|
||||
- linked risks or incidents
|
||||
|
||||
## Ownership
|
||||
|
||||
This register should be owned by [Role]. Each supplier entry should have a named internal owner responsible for review and follow-up.
|
||||
|
||||
## Update Frequency
|
||||
|
||||
The register should be updated when suppliers are onboarded, reassessed, changed, renewed, suspended, or offboarded. Review dates should reflect risk-based oversight.
|
||||
|
||||
## Retention
|
||||
|
||||
Supplier records should be retained in line with business, contractual, legal, and assurance needs.
|
||||
|
||||
## Template Table
|
||||
|
||||
| Supplier Name | Service Provided | Internal Owner | Risk Tier | Information / Access Profile | Contract Status | Assurance Status | Last Review Date | Next Review Date | Open Actions | Status | Linked Risks / Incidents |
|
||||
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
|
||||
| [Supplier] | [Service] | [Role] | [Low/Medium/High] | [Access / data handled] | [Draft / Active / Expiring] | [Pending / Reviewed / Limited] | [DD Month YYYY] | [DD Month YYYY] | [Summary] | [Proposed / Active / Offboarded] | [Risk / incident refs] |
|
||||
|
||||
## Related Documents
|
||||
|
||||
- Supplier Security Policy
|
||||
- Supplier Due Diligence Standard
|
||||
- Supplier Onboarding and Review Procedure
|
||||
- Risk Register Template
|
||||
Reference in New Issue
Block a user