The Information Security Forum has released its “Securing the Supply Chain” report

Apr 15, 2013 20:01 GMT  ·  By

According to a new study published last week by the Information Security Forum (ISF), an independent organizations that focuses on information risk management and cyber security, supply chains can be highly problematic from an information security standpoint.

Most organizations invest a great deal in keeping their intellectual property and other sensitive information secure. However, the valuable information can be easily compromised if one link from the supply chain is weak.

Sharing information with suppliers is crucial for many businesses, but organizations must take steps to assess the risks and address them.

Companies must consider the nature of their supply chains, determine what type of information is shared, and calculate the impact of a possible incident. This way they can balance information risk management efforts across their supplier base.

“Supply chains are inherently insecure and organizations create unintended information risk when sharing information with their suppliers,” explained Michael de Crespigny, chief executive officer at ISF.

“There is a ‘black hole’ of undefined supply chain information risk in many organizations – they understand and manage this risk internally but have difficulty identifying and managing this risk across their hundreds or thousands of suppliers,” Crespigny added.

“Securing the Supply Chain provides executives with a way for the organization to identify and manage risk in the supply chain and addresses how information risk management can be integrated into procurement and vendor management processes and activities.”

In order to address these issues, the ISF has developed the Supply Chain Information Risk Assurance Process (SCIRAP). SCIRAP is an approach that allows organizations to manage the risks across their suppliers.

The approach integrates with existing procurement and vendor management processes, focusing on identifying the contracts that create the highest risk in the supply chain.

The complete “Securing the Supply Chain” report can be purchased here. A free executive summary can be found here.