Problem

Even the smallest company today has a number of business partners, consultant, vendors and external customers who can reach into the company’s infrastructure. This means that the end point security problems have moved beyond the laptops of a mobile sales force or the home computers or remote employees to the extensive network of third party suppliers. Most if not all companies do not have a complete understanding of the weaknesses posed by suppliers, or the threats to their data once it leaves a controlled environment. Policies and procedures are needed to implement a minimal level of security over supplier access to company data and infrastructure. Suppliers have very granular access into the company environment and can pose a great danger if they are not monitored, tracked, blocked and reported.

Solution

An end to end Supplier Assessment process can be developed in conjunction with the company’s security staff and vendor management teams to ensure all vendor access is appropriate and tracked. This involves ensuring that any technical system and connectivity security issues associated with the supplier is controlled but we also look at the business functions of your partners such as having proper contracts and Service Level Agreements (SLAs) in place. We can develop the following measures to improve supplier security management:

1. Develop Supplier assessment process for all suppliers, with specific tailored mechanisms for categories of suppliers

2. Conduct testing of Supplier networks where allowed

3. Assess the strengths and weaknesses of the current countermeasures

4. Examining the threats to the availability and integrity of the assets managed by suppliers

5. Review SLAs

6. Work with necessary vendors, write detailed steps and conduct key supplier assessments in critical areas once new process is in place

7. Develop controls matrix for Supplier Assessment

8. Develop Policy for Supplier Assessments

9. Conduct follow-up 1 day review of Supplier process 4 months after completion of Supplier Assessment project

How the Process Work

We will go onsite and interview your staff and review key policies and procedures regarding how suppliers are managed and how access and data are handled. We will develop new procedures around different risk levels posed by categories of suppliers. You will have a detailed plan to conduct tests of suppliers, deliver security questionnaires and procedures to fix weak supplier security technology. A detailed process along will all appropriate procedures and policies will be in place at the conclusion of this project. This Supplier Assessment framework can then be used to ensure the security of all vendor activity.