Annex A 5.19 - Information Security in Supplier Relationships

Processes and procedures shall be defined and implemented to manage the information security risks associated with the use of supplier’s products or services.