Third Party (or Supply Chain) Assurance
Business these days is an interconnected experience; supply chains are no longer linear but are complex and convoluted, more like a business ecosystem. Information is the lifeblood of this model.
Allowing another company to access, store or otherwise manage your valuable data, is one of the biggest risks any organisation can take. For instance, outsourcing technical services to a third party (like software), or business processes (like payroll or customer management) are increasingly available and popular, as the benefit to business can be transformational.
Data sharing and interlinked communication with your supply chain (like order management), and using a third party to host in the cloud – is also increasing. This creates a big increase in the potential for data loss and breach.
The success of the inter-connected business information paradigm, is completely dependent on all the partners involved understanding the risks, and putting in place, and being able to evidence, the appropriate and proportionate response to these risks. The most comprehensive and internationally recognised standards for supply chain assurance, are available from ISO 27001. This includes cloud based services for customers and suppliers (ISO 27036).
What Advent IM can do to minimise the risk of data sharing or process outsourcing
All standards are based on ISO 27001- and recognised by all organisations.
- Sharing data or outsourcing or moving to the cloud for the first time? Advent IM can evaluate all your risks and recommend the best and most appropriate responses.
- Renewing contracts? All existing supplier or cloud contract renewals should have a review and update of data security terms and conditions. Advent IM can help you draft the right standards you should expect a supplier to have in place, and audit the supplier to help them achieve it.
- Appointing a new suppliers (or shortlisted suppliers) on new projects? Advent IM will work with you to ensure your data risks have the appropriate response in your contract and will audit all shortlisted suppliers.
- Are you a supplier and wanting to win new business? Working to the standards of ISO 27001 is a clear competitive advantage, when tendering.
- Advent IM can audit any supplier you deem necessary at any time, to ensure your specified data security standards are in place
- Additional supplier checks can be done on UK GDPR compliance, physical and environmental controls, business recovery plans, and network management.
- Penetration testing and red teaming is also available.
The investment to review and implement the best data security standards within your supplier base is minimal, and is an on-going business discipline. The benefit for your partners is that if they operate to these standards, their security competence will be recognised by their other customers.
There is a growing requirement to show evidence of security posture for a variety of contracts, so choosing this route to assurance has solid commercial benefits in addition to the practical organisational resilience considerations.
For a confidential conversation on how it could work for your organisation – call our experts on 0121 559 6699 or email bestpractice@advent-im.co.uk
From our Blog
Supply chain: A data dependent future, means knowing your suppliers as well as you know your customers.
From the Advent IM Head of Client Development, Derek Willins. Delighting your customers and stakeholders is the foundation of all commerce. But how to do this, continually changes. For example, for the last few years and particularly since covid struck, ‘digital transformation’ has accelerated amongst most organisations. Digital transformation is about making everything you do […]