Company Certification Int. offers a professional conformity assessment service based on ISO/IEC 27036, the international guideline that helps organizations manage information security risks in supplier and third-party relationships. While it is not a certifiable standard, this assessment supports businesses in aligning with best practices to secure their supply chain.

What Is ISO/IEC 27036?

ISO/IEC 27036 is a multi-part guideline that provides structured advice on managing information security in supplier relationships. It focuses on:

• Risk identification and mitigation in outsourcing and procurement

• Secure information exchange with suppliers and service providers

• Lifecycle security from onboarding to contract termination

• Integration with broader information security management systems

This guideline supports compliance with ISO/IEC 27001, especially in environments where third-party vendors, cloud services, or outsourcing are involved.

What We Offer

Our conformity assessment services for ISO/IEC 27036 include:

• Evaluation of supplier security risk controls

• Assessment of policies, contracts, and SLAs

• Review of due diligence, onboarding, and monitoring processes

• Identification of vulnerabilities and gaps in supplier relationships

• Issuance of a Conformity Assessment Certificate (non-accredited)

Key Benefits

• Strengthens third-party risk management

• Reduces risk of data breaches via supply chain channels

• Improves contract-based security governance

• Supports ISO 27001 Annex A control requirements (A.15 & A.6)

• Demonstrates responsible vendor management to clients and regulators

Who Should Consider This Assessment?

• Organizations that outsource IT, cloud, or business processes

• Enterprises with complex vendor ecosystems

• Government and regulated industries

• Any business pursuing ISO 27001 or general cybersecurity enhancement

Our Delivery Method

• 100% remote or hybrid assessments

• Efficient, tailored reviews for your supply chain context

• Clear reporting and remediation advice

What You’ll Receive

• Supplier Security Assessment Report

• Actionable recommendations

• Certificate of Conformity (showing alignment with ISO/IEC 27036)

• Optional consultation on supplier onboarding and contract controls

Frequently Asked Questions (FAQ)

Q1: Is ISO/IEC 27036 a certifiable standard?
A1: No, it’s a guideline. Organizations can align with it and obtain a conformity assessment certificate, but not ISO certification.

Q2: Is this useful if we’re already ISO 27001 certified?
A2: Absolutely. ISO/IEC 27036 deepens your control over supplier-related security, which is part of ISO 27001’s Annex A controls.

Q3: Can this help us prepare for client audits or RFPs?
A3: Yes. Many clients and contracts demand supplier risk management. This assessment shows your proactive approach.

Q4: Do you review actual supplier contracts?
A4: Yes. Our assessors evaluate relevant clauses and SLAs to check alignment with ISO/IEC 27036 best practices.

Ready to Secure Your Supplier Network?

Reach out to Company Certification Int. today to schedule your ISO/IEC 27036 conformity assessment and strengthen your supplier relationships with confidence.