• MSP Partners
  • Consultancy
    • Cloud Security
    • Cyber Security
    • Data Protection
    • DevOps
    • Penetration Testing
    • Secure Design
    • UK Government (HMG)
  • Certification
    • Cyber Essentials
    • Cyber Essentials Plus
    • IASME Governance
    • ISO 27001
  • Services
    • Dark Web Monitoring
    • Security Awareness Training
    • Vulnerability Scanning
    • CS-360 Managed Service
  • About
    • About us
    • Work with us
    • Our Blog
  • Contact us
  • Linkedin
  • Twitter
Cyber Security Specialists
  • MSP Partners
  • Consultancy
    • Cloud Security
    • Cyber Security
    • Data Protection
    • DevOps
    • Penetration Testing
    • Secure Design
    • UK Government (HMG)
  • Certification
    • Cyber Essentials
    • Cyber Essentials Plus
    • IASME Governance
    • ISO 27001
  • Services
    • Dark Web Monitoring
    • Security Awareness Training
    • Vulnerability Scanning
    • CS-360 Managed Service
  • About
    • About us
    • Work with us
    • Our Blog
  • Contact us
Menu

The increasing importance of Supplier Assurance

Posted on Monday, September 20th, 2021 at 4:54 pm

Supplier assurance has long been a component of a company’s procurement process. You need to know that you can rely on a supplier, that they are dependable and financially sound. The procurement team will assess financial risk, insurance, standards, supply chain and continuity. They will determine the risk of working with a prospective supplier and whether a long-term working relationship can be established. 

Cyber Security was often considered irrelevant or was overlooked, however several high prominence data breaches reported in the press over the past few years have made many procurement teams start including Cyber Security in their supplier assurance programs. Often the IT department is tasked with carrying out a one-off Cyber Security assessment of a supplier and feeding back to the procurement team with either a positive or negative result. This approach does not accurately portray a true image of a supplier’s Cyber Security assurance. 

A more comprehensive starting point is to consider the impact criteria to assess how much inherent risk each supplier presents in cyber security terms. Do they process any personal or confidential data? Do they have access to your networks or systems? Do they have access to any APIs on your cloud-based systems? What level of harm will affect your business if a supplier suffers a breach and data loss? With these questions a cyber impact level can be determined, which will then determine the path to follow for cyber assurance. 

Suppliers with the highest cyber impact should be adhering to the highest standards set out in ISO27001 or IASME Governance and should be assessed accordingly. Suppliers with lower impact should be demonstrating that they at least match the standards set by Cyber Essentials and should be assessed according to this framework. Using standards-based assessments gives the supplier the responsibility of demonstrating the level of cyber security controls they have in place, avoiding the need for hours of audit work. 

There also needs to be a system in place to monitor suppliers ongoing compliance with cyber security standards. Repeat assessments should be carried out at least annually to ensure that suppliers are maintaining standards, or more often if there are concerns with an individual supplier or if improvement needs to be demonstrated. 

The impact of the Covid-19 pandemic and the rush to provide remote working solutions for staff has only heightened the potential risk of cyber attacks to suppliers. Some companies may have already had secure solutions in place for remote workers, however many others had to act quickly to put systems in place without full consideration of the cyber security risks involved. Many will leave things as they are and not revisit their implemented solution to ensure it complies with security standards. This only increases the importance of including cyber security in your supplier assurance program. 

For more information on how we can help to manage your Supplier Risk, please contact us on 0161 706 0244 or email info@cybersecurityspecialists.co.uk to speak with a member of the team.

Our Supplier Assurance Service can be delivered independently or as part of our CS360 Managed Security Service.

Our accreditations & Certifications

Consultancy

  • Cyber Security
  • Cloud Security
  • Data Protection
  • DevOps
  • Penetration Testing
  • Secure Design
  • UK Government (HMG)

Certification

  • ISO 27001
  • Cyber Essentials
  • Cyber Essentials Plus
  • IASME Governance

Services

  • Dark Web Monitoring
  • Security Awareness Training
  • Vulnerability Scanning
  • CS-360 Managed Service

Contact

Grove House
774-780 Wilmslow Rd
Manchester
M20 2DR

info@cybersecurityspecialists.co.uk
0161 706 0244

  • Linkedin
  • Twitter
© 2022 Cyber Security Specialists
  • Privacy Policy
Web Design by Carbon Creative