psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
870a576aa41f4352748d27ff98463e52fb324d9a
ISMS/04-registers/supplier-register-template.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

62 lines
2.1 KiB
Markdown
Raw Blame History

Title: Supplier Register Template
Document ID: [REG-SUPPLIER-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CISO (Paul Jenkins)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]
# Supplier Register Template
## Purpose
This template provides the structure for recording suppliers relevant to the ISMS and tracking their assurance and review status.
## Scope
This register applies to suppliers, service providers, subprocessors, hosting providers, and other third parties that may affect information security, privacy, resilience, or service delivery.
## Data Fields / Expected Columns
The supplier register should record at least:
- supplier name
- service provided
- internal supplier owner
- risk tier
- information or access profile
- contract status
- assurance status
- last review date
- next review date
- open actions
- status
- linked risks or incidents
## Ownership
This register should be owned by [Role]. Each supplier entry should have a named internal owner responsible for review and follow-up.
## Update Frequency
The register should be updated when suppliers are onboarded, reassessed, changed, renewed, suspended, or offboarded. Review dates should reflect risk-based oversight.
## Retention
Supplier records should be retained in line with business, contractual, legal, and assurance needs.
## Template Table
| Supplier Name | Service Provided | Internal Owner | Risk Tier | Information / Access Profile | Contract Status | Assurance Status | Last Review Date | Next Review Date | Open Actions | Status | Linked Risks / Incidents |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| [Supplier] | [Service] | [Role] | [Low/Medium/High] | [Access / data handled] | [Draft / Active / Expiring] | [Pending / Reviewed / Limited] | [DD Month YYYY] | [DD Month YYYY] | [Summary] | [Proposed / Active / Offboarded] | [Risk / incident refs] |
## Related Documents
- Supplier Security Policy
- Supplier Due Diligence Standard
- Supplier Onboarding and Review Procedure
- Risk Register Template
Reference in New Issue View Git Blame Copy Permalink