UnixTime

Research Note

Supplier Security Register

Use this as the master security view of suppliers, products, and services that can affect information security.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this as the master security view of suppliers, products, and services that can affect information security.

Register

Supplier Product/service Internal owner Information exposed Access type Security tier Agreement reference Subcontractors Last review Next review Issues/actions
TBD TBD TBD TBD Physical / Logical / Remote / Data / None Low / Medium / High TBD TBD TBD TBD TBD

Maintenance checklist

  • Supplier owner assigned.
  • Information exposure identified.
  • Physical/logical access identified.
  • Risk tier assigned.
  • Contract or agreement reference recorded.
  • Subcontractor use recorded.
  • Review date defined.
  • Supplier changes and incidents trigger review.