These days anyone in business acknowledges that they cannot do everything for themselves and they have to rely on other skills to support their business whether it be an IT provider, a Publisher or other skilled persons. These people, who regularly support your business processes, together with your business, form what is commonly known as the supply chain.
In order for these people to support your business they need access to your business systems, data or processes for them to fulfil their contractual obligations to your business. It is this ‘access’ that can leave you exposed to risk if it is not properly identified and managed.
Supply chain security should be a high priority for organisations, as a breach within the supply chain system could damage or disrupt operations, whilst also potentially creating a breach under Data Protection Law.
It is clear that malicious actors are taking advantage of the increasing interconnectivity between businesses. Because close collaboration is often required between businesses, suppliers and resellers, computer networks may become intertwined or sensitive data shared. This can result in a breach of one organisation affecting many.
Wherever a third-party has access to your systems, data or premises, there are security risks to your organisation. Too many organisations inherently trust their vendors to have adequate security controls in place but this trust must be earned.
Supply chain cyber risk management, at its core, is about creating a formal programme for assessing and controlling the security risks associated with using third-party vendors.
A fundamental aspect of risk management is the use of supplier assurance questionnaires that examine each risk that a new or existing supplier presents to the business. These questionnaires allow prospective and existing suppliers to demonstrate compliance with your cyber security controls and your cyber risk profile. In short, it establishes a level of expectation that will provide assurance.
OCSIA have created a supplier questionnaire template that your organisation can use to examine the risks of any new supplier. This word template can downloaded below.
OCSIA Supplier Security Questionnaire Download