Organizations should draft and record supplier agreements to clearly define the expectations and responsibilities of organizations and suppliers about meeting the necessary information security standards. Agreements can include requirements related to what information is available for access, how the information should be classified, and the different classifications among the organization and supplier, requirements related to data protection, how to handle PII, and the control obligations of each party.
Conformance1
Tools for conforming to standards, goals and processes
