2.1 KiB
Title: Supplier Register Template Document ID: [REG-SUPPLIER-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CISO (Paul Jenkins) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]
Supplier Register Template
Purpose
This template provides the structure for recording suppliers relevant to the ISMS and tracking their assurance and review status.
Scope
This register applies to suppliers, service providers, subprocessors, hosting providers, and other third parties that may affect information security, privacy, resilience, or service delivery.
Data Fields / Expected Columns
The supplier register should record at least:
- supplier name
- service provided
- internal supplier owner
- risk tier
- information or access profile
- contract status
- assurance status
- last review date
- next review date
- open actions
- status
- linked risks or incidents
Ownership
This register should be owned by [Role]. Each supplier entry should have a named internal owner responsible for review and follow-up.
Update Frequency
The register should be updated when suppliers are onboarded, reassessed, changed, renewed, suspended, or offboarded. Review dates should reflect risk-based oversight.
Retention
Supplier records should be retained in line with business, contractual, legal, and assurance needs.
Template Table
| Supplier Name | Service Provided | Internal Owner | Risk Tier | Information / Access Profile | Contract Status | Assurance Status | Last Review Date | Next Review Date | Open Actions | Status | Linked Risks / Incidents |
|---|---|---|---|---|---|---|---|---|---|---|---|
| [Supplier] | [Service] | [Role] | [Low/Medium/High] | [Access / data handled] | [Draft / Active / Expiring] | [Pending / Reviewed / Limited] | [DD Month YYYY] | [DD Month YYYY] | [Summary] | [Proposed / Active / Offboarded] | [Risk / incident refs] |
Related Documents
- Supplier Security Policy
- Supplier Due Diligence Standard
- Supplier Onboarding and Review Procedure
- Risk Register Template