How cyber security standards can help to safeguard supplier relationships

British Standards contain the combined knowledge of experienced UK subject experts often working together with their international colleagues in an open, consensus-based process.

You can read a description of these standards and some other relevant publications that are available from BSI or other organizations below:

Standard number/name Description/Benefits Published by
BS ISO/IEC 27002 Code of practice for information security controls BS ISO/IEC 27002 covers the main security issues arising from supplier relationships. BSI
BS ISO/IEC 27036-1 Information security for supplier relationships. Overview and concepts This part of ISO/IEC 27036 describes the key concepts in securing supplier relationships from the viewpoints of both acquirers and suppliers. It also provides an introduction to the other parts of ISO/IEC 27036. Please note that 27036-2 (fundamental requirements) will be available shortly, and 27036-4 (supplier relationships in the cloud) is still under development. BSI
BS ISO/IEC 27036-3 Information security for supplier relationships. Guidelines for information and communication technology supply chain security This specialist part of ISO/IEC 27036 provides guidance on managing the information security risks caused by physically dispersed and multi-layered ICT supply chains; responding to the information security risks from global ICT supply chains; and integrating processes and practices to support information security controls into wider system and software lifecycle processes. BSI
BS ISO 28000 Specification for security management systems for the supply chain There are well-established International Standards in the ISO/IEC 28000 series for managing security aspects of supply chain relationships. These are not cyber security standards, but may well help when considering supply chain cyber security issues. BSI
PCI-DSS The PCI Security Standards Council is responsible for the PCI-DSS standard that covers payment card security. All major payment processors will insist that you comply with this standard if you want to accept online payments. PCI Security Standards Council