Supply-Chain-Security-Management

Supply Chain Information Risk Management

Identify, minimise & manage the risks to the sensitive information in your supply chain

Request a Quote

Supply Chain Information Risk Management

As demonstrated in recent hacks, the security of 3rd party suppliers connected to your systems and processing your information assets is critical to your information risk management challenges. Your systems are only as secure as the systems connected to them. Supplier connectivity and shared information assets are the primary challenges in identifying, minimising and managing the security risks to your business information assets.

Risk Crew implement a simple 8-step process to assist you in meeting and successfully managing these challenges:

Supply-Chain-Security

Features and Components

Risk Crew can empower you to manage your supply chain by helping define, model, assess and evaluate. We also offer a full-service Supply Chain Information Security Risk Management programme wherein you can fully outsource your requirements to us for delivery.

Supplier Definitions

We begin by establishing the “definitions of a Supplier” as this is often misunderstood across the business and can result in unidentified 3rd party connections going unaddressed.

READ MORE

Supplier Definitions

We begin by establishing the “definitions of a Supplier” as this is often misunderstood across the business and can result in unidentified 3rd party connections going unaddressed.

Its then crucial to identify and classify the information assets in the business that may be processed, stored or transmitted by a 3rd party followed by an audit of existing service level agreements to identify suppliers and the specific information assets they process.

Risk Assessment Model

Risk Crew customise a supply chain risk assessment model based on your existing risk appetite and risk classification metrics.

READ MORE

Risk Assessment Model

Risk Crew customise a supply chain risk assessment model based on your existing risk appetite and risk classification metrics.

The model is then applied to triage your Suppliers based on the volume and sensitivity of the information assets they process, their connectivity to your systems and any applicable information security compliance requirements such as the DPA or the PCI DSS.

Risk Assessment Frameworks

Once triaged in applicable risk categories (such as LOW, MEDIUM & HIGH), applicable risk assessment frameworks (questionnaires) are sent to Suppliers for completion.

READ MORE

Risk Assessment Frameworks

Once triaged in applicable risk categories (such as LOW, MEDIUM & HIGH), applicable risk assessment frameworks (questionnaires) are sent to Suppliers for completion.

Upon return they can be reviewed and assign risk-driven remedial measures which are tracked through remediation and residual risk status logged for annual review. Metrics applied through the process are easily available for reporting and management purposes.

Once established the process can be manually managed through spreadsheets or commercially available project management tools.

3PA Triage©

Alternatively, Risk Crew can provide 3PA Triage© - our fast, simple and cost-effective supplier information risk classification portal tool.

READ MORE

3PA Triage©

Alternatively, Risk Crew can provide 3PA Triage© - our fast, simple and cost-effective supplier information risk classification portal tool.

3PA Triage© is designed to quickly classify the service providers in your supply chain into customised risk categories, defined by your business risk metrics. Your suppliers simply log on to a secure web portal and complete 10 questions we design for you. Quick and easy; it takes no more than 5 minutes. Once completed, the portal will evaluate and assign a risk.

Supply Chain Information Risk Management Benefits

Quite simply, this critical service provides answers to the fundamental questions: What should we protect? Why should we protect it? What happens if we fail to protect it?

All information security management starts with answers to these basic questions and benefits from the following: An information security threat assessment provides the data on which to measure your business’ risk appetite, tolerance and capacity. It provides the framework to identify, minimise and manage the cyber threats to your business.

Why Choose Risk Crew

Risk Crew are industry leaders in designing and delivering effective supply chain risk management solution.

Our experienced information security governance, risk and compliance consultants implement proven assessment methodologies for measuring and documenting the security risks to the information in your supply chain. All our consultants are thoroughly vetted and subject to in-depth professional, criminal and credit records checks.

When you choose Risk Crew, you’re electing to work with qualified experts.

Find out how Risk Crew can help you identify, minimise and manage the security risks to the information assets in your supply chain.

Frequently Asked Questions

Is the supply chain a high-risk cyber-attack vector?
Yes. Over 75% of breaches publicly identified since 2015 have been attributed to “trusted” 3rd party connections.
What are supply chain cyber-attacks?
A supply chain cyber-attack is a cyber-attack that seeks to damage or breach an organization by targeting less-secure elements in the supply network of that organisation.
What is an example of a supply-chain cyber-attack?
The first high-profile supply chain cyber-attack identified was the Target breach in 2013 wherein attackers entered into Target systems through a heating and cooling supplier connection and removed 78 million credit cards. A more recent example is the NotPetya ransomware attack identified in 2017 which specifically spread through supplier systems resulting in over 10 billion dollars in damage.