The Supplier Management Model described above introduces the so-called Product Requirement Document (PRD) which plays a major role for the interaction between the consuming party on the one hand and the supplying party on the other hand. The PRD defines the security measures which need to be implemented by the individual IT service or product provided by the supplying party. This document is a means for agreements between the two parties and is an important element for implementing a seamless security concept in case that the end user IT service is composed of products, components and IT services coming from different sources. A template for such a PRD can be downloaded here which also provides guidance for its use.
In the next release we will publish the template for a Product Requirement Document (PRD) including an example.