ISO/IEC 27036 – Supplier Relationship Security Assessment

EnglishEnglish
EnglishEnglishArabicArabicChinese (Simplified)Chinese (Simplified)FrenchFrenchGermanGermanHindiHindiRussianRussianSpanishSpanishUrduUrdu

Company Certification Int. offers a professional conformity assessment service based on ISO/IEC 27036, the international guideline that helps organizations manage information security risks in supplier and third-party relationships. While it is not a certifiable standard, this assessment supports businesses in aligning with best practices to secure their supply chain.

What Is ISO/IEC 27036?

ISO/IEC 27036 is a multi-part guideline that provides structured advice on managing information security in supplier relationships. It focuses on:

  • Risk identification and mitigation in outsourcing and procurement

  • Secure information exchange with suppliers and service providers

  • Lifecycle security from onboarding to contract termination

  • Integration with broader information security management systems

This guideline supports compliance with ISO/IEC 27001, especially in environments where third-party vendors, cloud services, or outsourcing are involved.

What We Offer

Our conformity assessment services for ISO/IEC 27036 include:

  • Evaluation of supplier security risk controls

  • Assessment of policies, contracts, and SLAs

  • Review of due diligence, onboarding, and monitoring processes

  • Identification of vulnerabilities and gaps in supplier relationships

  • Issuance of a Conformity Assessment Certificate (non-accredited)

Key Benefits

  • Strengthens third-party risk management

  • Reduces risk of data breaches via supply chain channels

  • Improves contract-based security governance

  • Supports ISO 27001 Annex A control requirements (A.15 & A.6)

  • Demonstrates responsible vendor management to clients and regulators

Who Should Consider This Assessment?

  • Organizations that outsource IT, cloud, or business processes

  • Enterprises with complex vendor ecosystems

  • Government and regulated industries

  • Any business pursuing ISO 27001 or general cybersecurity enhancement

Our Delivery Method

  • 100% remote or hybrid assessments

  • Efficient, tailored reviews for your supply chain context

  • Clear reporting and remediation advice

What You’ll Receive

  • Supplier Security Assessment Report

  • Actionable recommendations

  • Certificate of Conformity (showing alignment with ISO/IEC 27036)

  • Optional consultation on supplier onboarding and contract controls

Frequently Asked Questions (FAQ)

Q1: Is ISO/IEC 27036 a certifiable standard?
A1: No, it’s a guideline. Organizations can align with it and obtain a conformity assessment certificate, but not ISO certification.

Q2: Is this useful if we’re already ISO 27001 certified?
A2: Absolutely. ISO/IEC 27036 deepens your control over supplier-related security, which is part of ISO 27001’s Annex A controls.

Q3: Can this help us prepare for client audits or RFPs?
A3: Yes. Many clients and contracts demand supplier risk management. This assessment shows your proactive approach.

Q4: Do you review actual supplier contracts?
A4: Yes. Our assessors evaluate relevant clauses and SLAs to check alignment with ISO/IEC 27036 best practices.

Ready to Secure Your Supplier Network?

Reach out to Company Certification Int. today to schedule your ISO/IEC 27036 conformity assessment and strengthen your supplier relationships with confidence.

The Certification Process

Online gap analysis allows us to see the current

  • quality benchmark within your organization,
  • the finances required
  • the time required for this project (System and Certification Fee)

Your Estimate will be shared with you in 24 hours.

Upon Estimate Approval the project starts:

  • A client executive is assigned to your project
  • Contact information is shared with you
  • The Payment details are provided to you

All Support is delivered Online.

The Client Executive will provide the Documentation Templates and explain to you how to amend it.
You will be required to perform the following tasks:

  1. Identify your core or business processes.
  2. Amend documentation that meets your business needs. (Policy statements, objectives, manuals, work instructions, job descriptions, forms.)
  3. Encourage employees to be aware of the new documented system
  4. Review, approve, and distribute the documents to those who need access to the information.

  • Ensure procedures are being performed as documented.
  • Ensure employees are trained properly for the tasks they are performing.
  • Create effective reporting systems.
  • Monitor the effectiveness of your processes through the use of measurable data, where possible.
  • Review and take action to improve in the areas required.
  • Plan internal auditing activities.
  • Submit your management system documentation for review to ensure it complies with the applicable standard.
  • Prepare for review by an external auditor to confirm that the system’s requirements are being satisfied and that the management system is implemented effectively.
  • Obtain ISO Certifcaiton
  • This periodic on-site review is usually conducted annually.
  • It ensures that the certified business continues to comply with Standard requirements, as confirmed during the Recertification Audit at the certification cycle's outset.
  • Most are conducted remotely.

Refer to learn more about Types of Audits

FAQ's

How long does it take to get ISO Certified?

Starting with your initial consultation with our ISO specialists and progressing through certification, the timeline can be as short as 15 days. However, the duration is contingent upon the size and complexity of your business. It's worth noting that we can often expedite the process and reduce costs by preparing the Documented Management System Manual on your behalf, which can also accelerate the certification for your business.

What is the duration of the certification?

Following ISO 17021 guidelines, accredited certification bodies must provide certified organizations with certificates covering a 3-year certification cycle. Extensions beyond this timeframe are possible with the completion of necessary external audits and adherence to the certification cycle. ISO Certification, for instance, commonly issues certificates throughout a ten-year contract period.

What is the cost associated with obtaining ISO certification?

At Company Certification, our dedication is to ensure that ISO certification remains cost-effective for all our clients. The expenses involved depend on various factors including your industry sector, annual turnover, number of employees, and other considerations. Feel free to utilize our complimentary calculator to receive an instant quote.

Is it possible for an individual to obtain ISO certification?

ISO certification is reserved for organizational entities, and not for individual professionals.

Apply Online

 
1 Start 2 Company Info 3 Complete
ISO Certification: This is an official, globally recognized certification proving that your management system meets international standards. Conformity Assessment Certificate: This is useful for demonstrating basic adherence to specific CE/ISO/EU guidelines and Norms.
Use control key to select multiple

Related Sectors

Menu