What is a Supplier?

A supplier is any third-party provider that delivers goods, services, or support critical to your business.
Under ISO 27001 Control 5.19 (and Clause 8.4 in ISO 9001), you are required to identify and manage
supplier-related risks, particularly where suppliers have access to your systems, data, or operational
processes.

Suppliers can include:
- IT service providers (MSPs, cloud hosting, software vendors)
- Contractors or consultants
- Outsourced payroll, HR, or finance teams
- Security services
- Manufacturing partners or logistics providers

Whether they're supporting your infrastructure or delivering services to your customers, your suppliers can create vulnerabilities - or drive your competitive edge. Managing them effectively is key.