When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this to record periodic supplier reviews, security report reviews, service delivery issues, supplier changes, incidents, and follow-up actions.
Review log
| Date | Supplier | Service | Owner | Review type | Evidence reviewed | Findings/issues | Risk reassessment needed | Actions | Owner | Due date | Status |
|---|---|---|---|---|---|---|---|---|---|---|---|
Change log
| Date | Supplier change | Security impact | Stakeholders consulted | Management approval | Contract update needed | Risk decision | Follow-up action |
|---|---|---|---|---|---|---|---|
Related notes
- Template
- Supplier security
- Supplier monitoring
- Change management
- Iso27001
Note Metadata
Aliases: Supplier Review Log
Source: 90 Templates/Supplier Service Review and Change Log.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.5.21 - Managing Information Security in the ICT Supply Chain
- ISO 27001 A.5.22 - Monitoring, Review and Change Management of Supplier Services
- ISO 27001 A.5.30 - ICT Readiness for Business Continuity
- ISO 27001 A.5.37 - Documented Operating Procedures
- A.5.22 Audit Evidence Pack
- A.5 Organizational Controls Implementation Guide
- ISO 27002 Annex A Control Interpretation Map
- A.5.22 Audit Checklist
- Template - Corrective Action Tracker
- Network Service Provider Review Checklist
- Supplier Security Register
- Templates MOC