Four Steps To Securing Your Supply Chain

Published on 27/11/2018

Most organisations rely on at least one third party supplier to deliver products, systems and services, utilising additional organisations and their capabilities to deliver enhanced service offerings. (A key reason SES have partnered with UKFast – read the article here)

However, as supply chains grow and become more complex with multiple suppliers delivering different aspects of your product, securing your supply chain can become difficult as vulnerabilities can be introduced and exploited at any point in the supply chain which can cause significant damage and disruption to your business and even compromise you or your internal systems directly.

According to the Cyber Security Breaches Survey 2016, only 13% of businesses set security standards for their suppliers. With the rise in high profile attacks and breaches in recent months this is a very worrying statistic.

In addition, the introduction of GDPR legislation has meant that companies could now face fines of up to €20m or 4% of global annual turnover, for the loss of Personally Identifiable Information (PII) for which you are the data controller. Yet another reason to ensure the security of your supply chain.

To help you establish effective control and oversight of your supply chain, SES has created a four step process which can be found below:

1. Understand The Risk

It is difficult to establish any control over your supply chain until you fully understand it.

Begin by reviewing your suppliers and the level of protection they need to provide for your information or assets, for the products and services you deliver and for the wider supply chain. What would the impact be if one of your suppliers failed to secure their system and your customers information was released? Or one of your supplier’s members of staff failed to properly handle or manage your information?

2. Gain Control Of Your Supply Chain

Once you have a better understanding of your supply chain and gain better control over it, you will be able to analyse the strategic risk. This will help you to:

  • Identify any suppliers that continually fail to meet your security and performance expectations.
  • Identify critical assets and any over reliance on single suppliers. This will help you to build further diversity and redundancy into your planning.

Ensure that your suppliers understand their responsibility to provide appropriate protection for your information, products and services and the implications of failing to do so. If you allow your suppliers to subcontract your work then ensure that they require their subcontractor to adhere to these security requirements.

Setting and documenting minimum security requirements for your suppliers to adhere to, maintains your security posture and compliance. It is important to produce guidance to help suppliers you intend to on-board to manage these engagements.

Prospective suppliers should provide evidence of their approach to security and their ability to meet the minimum security requirements you have established.

Finally, whilst it is reasonable for your suppliers to manage security risks in accordance with the contract, you should be prepared to provide support and assistance where security incidents have the potential to affect your business or the wider supply chain.

3. Check Your Arrangements

In addition to providing clear guidelines on security standards for organisations which are part of your supply chain it is also important to check that these arrangements are being followed correctly. This can be achieved in a number of ways.

  • Requiring suppliers who are integral to your supply chain to provide reports of their security performance and build the right to audit into all contracts.
  • Build justified assurance requirements into your security requirements for suppliers. These can include Cyber Essentials, Penetration Testing and External Auditing of their security systems.
  • Establish key performance indicators to measure the security of your supply chain management practices.

4. Continuous Improvement

As your organisation grows and your supply chain evolves it is essential that your supply chain evolves with you.

Allow time for your current suppliers to achieve any necessary improvements to their security to avoid jeopardising existing relationships, but require your suppliers to provide you with timescales and plans to demonstrate how they intend to achieve the required changes.

Keep your suppliers notified of changes you are planning to your products and services and encourage existing suppliers to continue improving their security arrangements, emphasising how this might enable them to compete for and win future contracts with you. This will also help you to grow your supply chain and choice of potential suppliers.

This list is intended to serve as a simple guide to help you improve the security of your organisations supply chain and improve your organisations overall security against malicious threats. To speak to our specialists about how you can implement the points featured in this article or to discuss any other security queries you may have, please get in touch to speak to one of our specialists.

© SES Secure Limited and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content

Stay updated with SES by signing up for our newsletter

Find out how SES can help your business
Contact us

Contact us

If you would like further information, discuss your requirements, get a free no obligation quotation or just a friendly chat on how we could possibly help please fill in the details below and one of our team will get back to you as soon as possible.
Tick the box to receive regular updates and industry insights