Companies should also use a robust, scalable and reproducible process to address information-related risks in the supply chain – to achieve security commensurate with risk. Supply chain risk management should be integrated into the procurement and supplier management processes of existing suppliers, so that managing supply chain information risks is part of the regular business. While there are a number of ways to reduce your exposure to risk, an important aspect of an effective supply chain risk management program is to understand that things do not always go as planned and that managing information security risks is just another part of building a more resilient business. Organizations of all sizes need to think about the consequences that a supplier offers with accidental access but harmful to intellectual property, customer or employee information, business plans or negotiations. And this thinking should not be limited to manufacturing or distribution partners. It should also include your professionals, lawyers and accountants – who often share access to your most valuable data resources. The results of the upstream assessment, combined with the supply chain map, may draw attention to a significant concentration of information risk among upstream suppliers. This may trigger the need to identify controls or requirements that the organization may have to submit to its suppliers in order to protect its information when these enterprise information providers are unlocked in advance. CSI, the Container Security Initiative, is a program in which financial statements and maritime patrols (CBP) negotiate bilateral cargo security agreements with U.S. governments to establish procedures for verifying and inspecting high-risk marine cargo containers before they are shipped to U.S. ships.
CSI is now in service at 58 ports in North America, Europe, Asia, Africa, the Middle East and Latin America and Central America. Look at CSI`s current ports. Learn more about CBP on CSI. Most organizations have contracts with suppliers ranging from hundreds to hundreds of thousands who do not have the resources to evaluate all of these contracts, associated suppliers or information security agreements. Scirap proposes a practical method for sorting existing contracts into groups in order to prioritize the effort on the basis of the information risk and the discrepancy between the information security measures required by the organization. Individual contracts within a group can then be evaluated with approaches such as auditing. Security is as strong as the weak link. Despite organizations` efforts to secure intellectual property and other sensitive information, limited progress has been made in effectively managing information risks in the supply chain.