ISO/IEC 27036 – Supplier Relationship Security Assessment

Company Certification Int. offers a professional conformity assessment service based on ISO/IEC 27036, the international guideline that helps organizations manage information security risks in supplier and third-party relationships. While it is not a certifiable standard, this assessment supports businesses in aligning with best practices to secure their supply chain.

What Is ISO/IEC 27036?

ISO/IEC 27036 is a multi-part guideline that provides structured advice on managing information security in supplier relationships. It focuses on:

  • Risk identification and mitigation in outsourcing and procurement

  • Secure information exchange with suppliers and service providers

  • Lifecycle security from onboarding to contract termination

  • Integration with broader information security management systems

This guideline supports compliance with ISO/IEC 27001, especially in environments where third-party vendors, cloud services, or outsourcing are involved.

What We Offer

Our conformity assessment services for ISO/IEC 27036 include:

  • Evaluation of supplier security risk controls

  • Assessment of policies, contracts, and SLAs

  • Review of due diligence, onboarding, and monitoring processes

  • Identification of vulnerabilities and gaps in supplier relationships

  • Issuance of a Conformity Assessment Certificate (non-accredited)

Key Benefits

  • Strengthens third-party risk management

  • Reduces risk of data breaches via supply chain channels

  • Improves contract-based security governance

  • Supports ISO 27001 Annex A control requirements (A.15 & A.6)

  • Demonstrates responsible vendor management to clients and regulators

Who Should Consider This Assessment?

  • Organizations that outsource IT, cloud, or business processes

  • Enterprises with complex vendor ecosystems

  • Government and regulated industries

  • Any business pursuing ISO 27001 or general cybersecurity enhancement

Our Delivery Method

  • 100% remote or hybrid assessments

  • Efficient, tailored reviews for your supply chain context

  • Clear reporting and remediation advice

What You’ll Receive

  • Supplier Security Assessment Report

  • Actionable recommendations

  • Certificate of Conformity (showing alignment with ISO/IEC 27036)

  • Optional consultation on supplier onboarding and contract controls

Frequently Asked Questions (FAQ)

Q1: Is ISO/IEC 27036 a certifiable standard?
A1: No, it’s a guideline. Organizations can align with it and obtain a conformity assessment certificate, but not ISO certification.

Q2: Is this useful if we’re already ISO 27001 certified?
A2: Absolutely. ISO/IEC 27036 deepens your control over supplier-related security, which is part of ISO 27001’s Annex A controls.

Q3: Can this help us prepare for client audits or RFPs?
A3: Yes. Many clients and contracts demand supplier risk management. This assessment shows your proactive approach.

Q4: Do you review actual supplier contracts?
A4: Yes. Our assessors evaluate relevant clauses and SLAs to check alignment with ISO/IEC 27036 best practices.

Ready to Secure Your Supplier Network?

Reach out to Company Certification Int. today to schedule your ISO/IEC 27036 conformity assessment and strengthen your supplier relationships with confidence.

Get Certified

Free consultation & quotation

We respond within 24 hours