External suppliers are an essential component of business operations. Suppliers may have access to a wide range of information from the supported organisation; therefore, creating mutually beneficial supplier relationships is one of the core fundamentals of running any management system.
Annex A.15 optimises business operations between you and your suppliers by requiring the creation of a data-sharing agreement. This would clearly define roles and responsibilities of both parties. It is also a crucial step of the ISO 27001 certification process.
This article can help you understand the ISO Annex A controls needed to protect your organisation’s information when building supplier relationships. It also provides an idea of why these relationships are important.