ISO/IEC 27001 Control 5.22: Monitoring, review and change management of supplier services


The organization should regularly monitor, review, evaluate and manage change in supplier information security practices and service delivery.

Necessity of MidPoint

MidPoint's contribution to implementation of this control is marginal.

Implementation of the control is mostly outside the scope of identity governance and administration (IGA), therefore midPoint cannot provide significant advantage. However, midPoint can still provide minor supporting information and functionality.

Implementation Overview

MidPoint can provide some monitoring and inventory capabilities for applications.

Implementation Details

This controls deals mostly with organizational procedures, not so much with technical controls and measures. However, there are some advantages that midPoint can provide. Application inventory can be used to catalog third-party (cloud) services used by the organization, which can be used as a basis for regular review, e.g. review of classifications. MidPoint can monitor some activity of users on the applications. E.g. midPoint can detect an application that was used recently, or application that is used only by a fraction of users that have access to it.

Was this page helpful?
Thanks for your feedback