OWASP Risk Calculator

Security vulnerability assessment

ISO 22317:2021 compliant

Supplier Risk Assessment

ISO 27036-1:2021 & ISO 27036-2:2022

DPIA Calculator

GDPR Article 35 Privacy Impact

🔒 ISO 27036-1:2021 & ISO 27036-2:2022 Compliant

Supplier Risk Assessment

Evaluate and manage information security risks in supplier relationships

Overall Risk

30

Control Effectiveness

60%

Inherent Risk

60%

Before controls

Risk Level

LOW

Acceptable risk. Standard monitoring procedures.

Risk Distribution

Control Maturity

Risk Comparison

Supplier Information

Supplier Name *

Supplier Type

Country

Annual Contract Value

$

Relationship Duration

years

Data Sensitivity Level

Criticality Assessment

Business Criticality

Low1

Non-critical, easily replaceable

Minor2

Some business impact if unavailable

Moderate3

Significant business dependency

High4

Critical business operations dependent

Critical5

Business cannot operate without supplier

Data Access Level

Low1

Non-critical, easily replaceable

Minor2

Some business impact if unavailable

Moderate3

Significant business dependency

High4

Critical business operations dependent

Critical5

Business cannot operate without supplier

Service Dependency

Low1

Non-critical, easily replaceable

Minor2

Some business impact if unavailable

Moderate3

Significant business dependency

High4

Critical business operations dependent

Critical5

Business cannot operate without supplier

Risk Assessment Categories

Information Security Risk

Moderate risk requiring monitoring

Operational Risk

Moderate risk requiring monitoring

Financial Risk

Moderate risk requiring monitoring

Compliance Risk

Moderate risk requiring monitoring

Reputational Risk

Moderate risk requiring monitoring

Control Maturity Assessment

Access Control & Identity Management

Documented and standardized

Data Protection & Encryption

Documented and standardized

Incident Response & Management

Documented and standardized

Compliance Management

Documented and standardized

Auditing & Monitoring

Documented and standardized

About ISO 27036 Supplier Risk Assessment

This calculator implements ISO 27036-1:2021 and ISO 27036-2:2022 standards for information security in supplier relationships, helping organizations identify, assess, and manage security risks throughout the supplier lifecycle.

Key Components:

• Supplier criticality assessment
• Risk category evaluation
• Control maturity analysis
• Inherent vs residual risk

Risk Categories:

• Information Security
• Operational Risks
• Financial Impact
• Compliance & Legal
• Reputational Damage

ISO 27036 Focus:

• Supplier agreements
• Security requirements
• Ongoing monitoring
• Incident management
• Audit & review processes

InfoSecFlow

Your trusted source for information security insights, news, and best practices.

Quick Links

→Blog
→About Us

Connect

Stay updated with the latest in information security.

📧

🔗

© 2025 InfoSecFlow. All rights reserved. Built with ❤️ for the security community.