Other audit applications
The provision of a specification for ISMSs lends itself to supplier or second-party audits. This means that buyers can rely on the standard to provide a recognised and widely available framework against which to conduct supplier audits in order to assure themselves of the level of security their suppliers are affording information that is provided as a result of the contract between the two organisations.
Second-party audits can be used by both the auditing and audited parties along similar lines as first-party (see Internal audits in Chapter 3) and third-party (see Certification audits in this chapter) audits, benefiting both organisations and driving continuous improvement through the supply chain.
Get An Introduction to Information Security and ISO27001: A Pocket Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
