The role that supply chain security faults have played in high-profile data breaches – including those that hit Target and Home Depot – has become clearer, and so the issue of supply chain security should now be at the forefront of information security concerns. Experts have warned that suppliers have become an attractive target for hackers. Individuals with malicious intentions can enter organisations’ networks through their suppliers, or even their suppliers’ suppliers, especially where important functions have been outsourced to the Cloud or to smaller providers.
Geraint Williams, Head of Technical Services at IT Governance
, says, “When trusted third parties have access to your corporate network, you need to implement due diligence checks and ensure their security is at least as strong as yours.
“As part of due diligence checks, you should be ensuring that your suppliers meet the basic security controls as well as your security profile.”
is regarded as the international best-practice framework that enables organisations to systematically and consistently protect their information assets and customers’ data, while giving companies a competitive edge and the opportunity to tender for projects for which ISO27001 is a prerequisite.
ISO27001 certification is often a supply-chain requirement, demonstrating that third parties take information security seriously and that their security controls have been independently audited. In the UK, Cyber Essentials
is increasingly a requirement for those in the supply chain (alongside ISO27001) as it mandates a minimum set of security controls.
Williams adds, “Ensuring your suppliers are ISO27001-compliant is a step in the right direction.”
Good security practice has increasingly become a client requirement and it can prove a decisive criterion for clients staying with a particular vendor, especially at a time when the current economic climate forces once loyal clients to look around.
Other ISO27001 benefits include: enhanced reputation, increased stakeholder trust, meeting regulatory and compliance requirements, and improved internal processes.
IT Governance offers a cost-effective route to ISO27001 compliance in the form of ‘all-in’ ISO27001 packaged solutions
that are accessible online and can be deployed by any company, anywhere in the world, that wishes to implement the ISO27001 standard and prepare for certification.
The packaged solutions, which are available at a transparent price that enables every organisation to know exactly what their chosen journey to ISO27001 certification will cost them, include the following options:
Alternatively, organisations can call +44 (0)845 070 1750 or send an email
to request a custom quote.