AS/NZS ISO/IEC 27036.2:2024 identically adopts ISO/IEC 27036 2:2022, which specifies fundamental information security requirements for defining, implementing, operating, monitoring, reviewing, maintaining and improving supplier and acquirer relationships
Table of contents
Header
About this publication
Preface
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Structure of this document
5.1 Clause 6
5.1.1 General
5.1.2 Organizational project-enabling processes
5.1.3 Technical management processes
5.2 Clause 7
5.3 Relationship between Clause 6 and Clause 7
5.4 Annexes
6 Information security in supplier relationship management
6.1 Agreement processes
6.1.1 Acquisition process
6.1.1.1 Objective
6.1.1.2 Activities
6.1.2 Supply process
6.1.2.1 Objective
6.1.2.2 Activities
6.2 Organizational project-enabling processes
6.2.1 Life cycle model management process
6.2.2 Infrastructure management process
6.2.2.1 Objective
6.2.2.2 Activities
6.2.3 Project portfolio management process
6.2.3.1 Objective
6.2.3.2 Activities
6.2.4 Human resource management process
6.2.4.1 Objective
6.2.4.2 Activities
6.2.5 Quality management process
6.2.6 Knowledge management process
6.3 Technical management processes
6.3.1 Project planning process
6.3.1.1 Objective
6.3.1.2 Activities
6.3.2 Project assessment and control process
6.3.3 Decision management process
6.3.4 Risk management process
6.3.4.1 Objective
6.3.4.2 Activities
6.3.5 Configuration management process
6.3.6 Information management process
6.3.7 Measurement process
6.3.7.1 Objective
6.3.7.2 Activities
6.3.8 Quality assurance process
6.4 Technical processes
6.4.1 Business or mission analysis process
6.4.1.1 Objective
6.4.1.2 Activities
6.4.2 Architecture definition process
6.4.2.1 Objective
6.4.2.2 Activity
7 Information security in a supplier relationship instance
