Supply chain risk
Our Information Security Consultant, Todd Gifford CISSP, shares his thoughts on supply chain risk.
What would happen to your organisation if one or more of your key suppliers had an Information Security breach? Or if they suffered a cyber-attack that left them unable to fulfil their services to you? How much of your business relies on third parties? How much of your data is in their hands?
I’ve spoken to several companies recently that have very limited, or no, visibility of their suppliers’ Information Security approach. This is not uncommon according to this recent article from the Chartered Institute of Procurement & Supply. The supply chain is considered the biggest risk to any organisation, but when coupled with Information Security risk, the problem is not only bigger, but also more likely to cause you an issue.
Appropriate risk management for your supply chain will allow you to understand where your risks are and how best to treat them. Third party management is a key element of good Information Security practice and is a requirement for standards such as ISO27001.
Optimising IT have carried out over 30 Information Security Reviews for suppliers to our customers this year and, as a result, have given visibility of previously unknown risks. Our comprehensive Information Security Review not only highlights the risk areas, but also offers advice on how to reduce risk as well, giving it real value.
The team here can also help with project work and additional consultancy to ensure that your Information Security risks are managed appropriately for your organisation.
Need some advice?
To find out more about how Optimising IT can help your business understand and address your Information Security risks, get in touch with our cyber-security team.