ISO 270ß01 Supplier Register

Third Party Supplier Register Ultimate Guide

The Third Party Supplier Policy sets our how we manage the risk associated with our suppliers. The Third Party Supplier Register is the tool we use to actively manage them.

What is a supplier register?

For suppliers we are looking to seek a level of assurance they are doing the right thing for information security.

The easiest way to achieve this is to check that we have an up to date and in date contract that includes clauses for information security and data protection. In addition to this an industry level certification that covers the products and / or services we are buying such as an ISO 27001 certification can provide us with adequate assurance.

Fay Barker Smile - High Table Client Director

The level of assurance we require is based on risk. We also record what they do for us and how reliant upon them we are. This will lead to how we manage them. It may be we add them to the risk register and manage them via risk management. Every supplier in the register should be reviewed at least annually. We cover how the supplier fits into the information security management system in the ISO 27001 Templates Documents Ultimate Guide.

Download Supplier Register Templates

These ISO 27001 templates are part of the ISO 27001 Toolkit and can be downloaded individually as part of your supplier management.

Third Party Supplier Register Template
Third Party Supplier Register Template

How to create and use a Supplier Register Tutorial

In this tutorial video I show you how to create a supplier register / third party register in around 5 minutes. Supplier management is a foundation of data security and many industry certifications including GDPR, ISO 27001, PCI DSS, SOC and a host of others. Supplier management doesn’t have to be hard and it really is easy to create a basic functioning supplier register from scratch.

Third Party Supplier Register FAQ

What is the third party supplier risk assessment checklist?

Suppliers are risk assessed relative to what they do for you and how critical they are to you. You will assess that you have a current, in date contract, that includes the products and services you are buying. You will assess the level of assurance that you have that the supplier is doing the right thing for information security and this usually means that they have relevant in date certifications that cover the products and services that you are buying. You would use this third party risk assessment checklist and record it in the third party supplier register.

Where can I get a vendor database template in Excel?

A trusted vendor database template can be downloaded from High Table at this link:

Where can I get a vendor list template in Word?

Word is not the best tool for recording a list of vendors. A trusted Excel vendor database template can be downloaded from High Table at this link:

Where can I get an approved supplier list template?

An approved supplier list templated can be can be downloaded from High Table at this link:

What is a supplier register?

A supplier register is a list of all of your suppliers. It is ranked on how critical the supplier is to your business and it tracks key information such as if you have a relevant contract with them and the level of assurances that you have for information security.

What is the best format for a supplier register?

The best format for a supplier register is a spreadsheet. Microsoft Excel is more than adequate.

Do I need a supplier register for ISO 27001?

Yes. Supplier management and security of the supply chain is a key requirement of information security. After employees, suppliers represent your biggest security risk.

ISO 27001 Certification

ISO 27001 Templates Toolkit: Business Edition

ISO 27001 Policy Templates: Professional Edition

Shopping Cart