Originally published on 13 Dec 2016
Updated on 12 Nov 2021
Our Information Security Consultant, Todd Gifford CISSP, shares his thoughts on supply chain risk here at Optimising IT.
Think about what would happen to your organisation if one or more of your key suppliers had an Information security breach? Or imagine the huge problems if they suffered a cyber attack or other supply chain disruption that left them unable to fulfil their services to you? How much of your business relies on the supply chain and third parties? Exactly how much of your data is in their hands?
I’ve spoken to several companies recently about risk management and supply chain risk and found that these companies often have very limited, or no, visibility of their suppliers’ Information Security approach. This poor supply chain management is not uncommon, according to the Chartered Institute of Procurement & Supply. Supply chain efficiency is considered the most significant risk to any organisation. When this is coupled with Information Security risk, you are faced with an even greater problem that is more likely to cause you an issue. Therefore, in the hope of avoiding such issues and ensuring your company knows how to reduce and mitigate supply chain risk, supply chain audits and risk management strategies should become the focus for many firms.
Supply Chain Risk Management
Appropriate risk management for your supply chain is essential for the successful running of your business since it will allow you to understand where your supply chain risks are and how best to treat them. Third-party management is a key element of good Information Security practice and is a requirement for standards such as ISO27001. These standards will help mitigate supply chain risk.
Optimising IT has carried out over 30 Information Security Reviews for suppliers to our customers this year. As a result, we have made previously unknown and unimagined risks visible to our customers. Our comprehensive Information Security Review highlights the risk areas and offers advice on reducing such risk, giving it real value.
The team here can also help with project work and additional consultancy to ensure that your Information Security risks are managed appropriately for your organisation. We help identify areas of supply chain risk management that require focus and point out potential threats to help make your company safe from security breaches.
Find out more about how Optimising IT can help your business understand and address your Information Security risks, get in touch with our cyber-security team.