You may be taking robust measures to sort out information security, cybercrime, and data privacy in your own business, but are weak links in your supply chain leaving you exposed? Len Simmons, technical director of Altius VA, has the answer.
In 2016, the need to build a ‘firewall’ around your entire supplier base is becoming more urgent. This is driven by the development of the ‘internet of things’, greater connectivity, accelerated use of mobile and stronger data protection laws.
If you are entrusting large stockpiles of data to smaller companies, who might not have the same resources to apply to data protection and information security, you are treading on dangerous ground.
It is essential to check IT security and data compliance among suppliers, which means ensuring they follow strict policies and procedures to prevent common security failures. Failure to gain control of information security within your supply chain could expose your business to data and security breaches that have the power to destroy reputations, business partnerships and profit margins. There’s also the risk of large financial penalties for negligence that may be served by regulators.
There is no doubt that information security and cyber-threats are growing exponentially. A study by PwC found that 81 percent of large organisations and 60 percent of small businesses had been the victim of a security breach over a 12 month period, and that the cost of those data breaches had increased significantly.
There are many simple processes that you and your suppliers can take to minimise risk and ensure compliance with data protection laws and it doesn’t need to cost the earth.
The IS0 27001 standard sets out best practice for managing your information assets and a process for setting up and operating a successful Information Security Management System. This provides a systematic method for the management of sensitive company information to ensure its security. It applies a risk management process to people, processes and ICT systems.
The international standard provides a clear compliance and management framework to assure both your information security assets and those of your stakeholders. As part of the ISO ‘family’, ISO 27001 is compatible with other popular management systems, including ISO 14001 and ISO 9001. It is applicable to paper-based records and assets as well as ICT assets and will help manage the security of assets such as financial information, intellectual property, employee details or third party information.
Exigo compliance software
Our new cloud-based Exigo software helps organisations to affordably manage information security and data protection across complex supply-chains. The Exigo assurance and compliance software can be used to support Information Security Management Systems and is compatible with ISO 27001.
The Exigo software is cloud-based, so requires no hardware or software installation. It enables organisations to configure their own compliance framework by adapting supplied templates and processes, or by using built-in tools to create their own. Software integrates with existing enterprise systems and has an in-built audit trail for full supplier visibility and information retrieval. It also provides automated report generation and data exportation.
Len is technical director for Altius VA, supply chain performance solution experts based in Derby.