Title: Supplier Register Template
Document ID: [REG-SUPPLIER-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CISO (Paul Jenkins)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]

# Supplier Register Template

## Purpose

This template provides the structure for recording suppliers relevant to the ISMS and tracking their assurance and review status.

## Scope

This register applies to suppliers, service providers, subprocessors, hosting providers, and other third parties that may affect information security, privacy, resilience, or service delivery.

## Data Fields / Expected Columns

The supplier register should record at least:

- supplier name
- service provided
- internal supplier owner
- risk tier
- information or access profile
- contract status
- assurance status
- last review date
- next review date
- open actions
- status
- linked risks or incidents

## Ownership

This register should be owned by [Role]. Each supplier entry should have a named internal owner responsible for review and follow-up.

## Update Frequency

The register should be updated when suppliers are onboarded, reassessed, changed, renewed, suspended, or offboarded. Review dates should reflect risk-based oversight.

## Retention

Supplier records should be retained in line with business, contractual, legal, and assurance needs.

## Template Table

| Supplier Name | Service Provided | Internal Owner | Risk Tier | Information / Access Profile | Contract Status | Assurance Status | Last Review Date | Next Review Date | Open Actions | Status | Linked Risks / Incidents |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| [Supplier] | [Service] | [Role] | [Low/Medium/High] | [Access / data handled] | [Draft / Active / Expiring] | [Pending / Reviewed / Limited] | [DD Month YYYY] | [DD Month YYYY] | [Summary] | [Proposed / Active / Offboarded] | [Risk / incident refs] |

## Related Documents

- Supplier Security Policy
- Supplier Due Diligence Standard
- Supplier Onboarding and Review Procedure
- Risk Register Template