SME suppliers demand ISO 27001 certification

Organisations are realising that it’s just as important to secure their supply chain as it is to secure their own networks.

According to a report from CybSafe, one in three small and medium-sized enterprises (SMEs) have had their cyber security precautions questioned when winning contracts in the past year, and 50% of SMEs have had cyber security clauses added to new contracts in the past five years.

The CybSafe Supplier Cyber Security Study surveyed 250 IT decision-makers at SMEs that sell to enterprise. It claims to “track trends in enterprise approach to cyber security among suppliers, providing a definitive check-up on the state of supply chain information security”.

ISO 27001

The report also noted that 44% of respondents received requests from their enterprise customers to implement a cyber security standard such as ISO 27001, with 28% of these coming in the past year. This supports the ISO 27001 Global Report 2016, which found that 71% of respondents said that clients, partners or suppliers asked them to provide evidence of ISO 27001 certification.

An ISO 27001-compliant information security management system (ISMS) plays a crucial role in supply chain assurance and helps organisations create business opportunities, which is why we encourage all organisations that are looking to satisfy clients to achieve certification to ISO 27001.

According to Alan Calder, founder and executive chairman of IT Governance: “Due to the nature of cyber attacks, organisations are taking extra caution when working with suppliers. ISO 27001 certification allows organisations to assure clients and suppliers that they have implemented best-practice information security processes, meeting any tender of contract requirements.”

Emphasis on supply chain

Oz Alashe, CEO and founder of CybSafe, said: “[Our] study shows the extent to which enterprise focus on securing the supply chain has increased in recent years, in light of increased sanctions for data loss and high-profile data breaches.

“This represents a unique opportunity for enterprise to affect cyber security change on a much greater scale. By insisting on a greater focus on cyber security from their SME suppliers, these businesses can play an influential role in reducing overall cyber risk and increasing mass awareness of cyber security throughout the business community, from supplier to enterprise.

“This can only be a positive impact on the progression of cyber risk awareness in society as a whole. The more enterprise sees cyber security as a value-add, the more SMEs will change online practices to become that trusted vendor.”

Our ISO 27001 DIY packages provide everything you need to implement the Standard without any of the usual associated complexities and costs. Our five packages offer a unique blend of expertly developed ISO 27001 tools and resources to meet different needs and project approaches.

We are the only company in the world offering global online access to training and consultancy services for ISO 27001, and we have more than ten years’ experience helping organisations implement an ISMS and achieve certification to ISO 27001.

Find out more about our ISO 27001 DIY packages >>