Supplier Information Security Manager
Description: After completing the course, participants will be able to demonstrate the following competences:
- Standards Application – apply ISO 27036-1 to 4 guidelines in managing supplier relationships,
- Risk Assessment – identify, assess, and prioritize supplier-related information security risks,
- Control Implementation – select and apply appropriate security controls throughout supplier engagement,
- Supply Chain Security – manage visibility, traceability, and security across hardware and software supply chains,
- Cloud Security Management – manage information security risks in cloud-based services.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
- Basic understanding of information security management and supplier risk concepts,
- Familiarity with ISO/IEC 27001 terminology and principles,
- Awareness of the role and importance of third-party/vendor security.
Authorized Partners:
Teaching requirements: Trainers should meet the following requirements:
- Subject Matter Expertise – In-depth knowledge and practical experience with the ISO 27036 series (Parts 1–4), covering supplier relationships and information security throughout the supplier lifecycle.
- Certifications – Recommended certifications include ISO/IEC 27001 Lead Auditor or Implementer, with familiarity with ISO 27036:2021–2023.
- Training & Practical Experience – At least 2–3 years in managing information security in supplier relationships and delivering interactive workshops.
Objectives to achieve: The course aims to achieve the following objectives:
- Understand key requirements and guidelines of ISO 27036‑1 to 4 for supplier relationship security,
- Identify and assess information security risks associated with different types of supplier relationships,
- Implement suitable controls throughout the supplier lifecycle,
- Address hardware, software, and cloud service supply chain guidance per ISO 27036‑3 and ISO 27036‑4,
- Develop strategies for secure communications, visibility, and risk management with suppliers.
