What is EN ISO 27036-1:2018 ?

EN ISO 27036-1:2018 and EN ISO 27035-1:2018 are both part of the ISO/IEC 27000 series, which is a set of global standards for managing information security. These standards provide guidance to organizations on how to effectively manage the risks associated with information security when engaging with external suppliers.

EN ISO 27036-1:2018 is focused on information security for supplier relationships, while EN ISO 27035-1:2018 is focused on managing information security incidents within an organization. Both standards are designed to minimize the impact of information security incidents on the organization's operations and reputation.

EN ISO 27036-1:2018 provides guidance on setting up and maintaining a risk management program for suppliers, as well as specifying the information security risks associated with the organization's business operations and the controls that can be implemented to mitigate those risks.

EN ISO 27035-1:2018, on the other hand, provides guidelines for establishing a structured and systematic approach to information security incident management within an organization. It includes the key components of incident management, such as incident detection, reporting, assessment, and response.

In conclusion, EN ISO 27036-1:2018 and EN ISO 27035-1:2018 are two important international standards that provide organizations with guidance on managing the risks associated with information security when engaging with external suppliers. By implementing these standards, organizations can minimize the impact of information security incidents on their operations and reputation..