Half of cybersecurity incidents affecting organizations are vendor related. With adequate supervision you can guarantee the security and continuity of your own business.
Not only the security of technology providers can impact your business.
Think that they can be of three types:
Suppliers “connected” to their information systems
Providers “not connected” but who have information about the organization or its customers
Suppliers whose activity impacts the organization's operations.
Classify the criticality of your suppliers by levels, ideally there can be four (very low/low, medium, high and critical).
Factors to consider:
Economic, operational, legal, reputational, security of people.
A one-size-fits-all approach is not appropriate. Higher-risk suppliers/services should be monitored more closely than those with lower risk levels.
Articulate monitoring along two axes:
Required level of security
Assurance in monitoring
With the cybersecurity rating of your suppliers you have a scale with 5 levels of security, with three different forms of execution, which offer the appropriate levels of assurance for your monitoring needs.
Determining the criticality of each of your suppliers can only be done in-house. Once established, our solutions offer you the most efficient way to manage risk in your supply chain..
The guidelines of the European regulator oblige to supervise outsourced services. For this reason, we have participated, together with the Center for Interbank Cooperation, in the creation of the Pinakes platform, which facilitates compliance with maximum efficiency and advantages.