Intelligent CISO Issue 49 | Page 75

A robust security strategy is dependent on visibility . Ensure your company understands who your suppliers are and what data they can access . necessary for software , or can existing processes be modified ?

A robust security strategy is dependent on visibility . Ensure your company understands who your suppliers are and what data they can access . necessary for software , or can existing processes be modified ?

When onboarding new suppliers , organisations should consider security as a foundational requirement , building it into their procurement processes and contracts . Security is a competitive differentiator to be considered among factors like cost . It may be tempting to go with the cheapest supplier based purely on price , but could you later be paying that difference , or more , out of lost revenue and service disruption ?
Your SCRMP should review and address threats specific to your organisation and supplier relationships . Are there concerns about your customers ’ data ? Could a loss of service from your supplier stop you from supplying your customers ? Expecting a supplier to be perfect in all areas of security is unrealistic , ensure you know the potential risks most relevant to you .
Be fair , open and honest with suppliers : Everyone uses suppliers and everyone supplies someone else . We hope that those we supply to are reasonable with their expectations ; it is worth keeping this in mind when setting expectations of your suppliers . www . intelligentciso . com
75