Most Popular Posts

Subscribe by Email

Your email:

Browse by Tag

About the Risk Intelligence Blog

The Evantix Blog offers insight, tips and intelligence from leading risk authorities in enterprise vendor risk management and compliance.

Managing Vendor Risk, Performance and Compliance just got a whole lot easier || Evantix Risk & Compliance Portal ™  delivers a low cost high value solution to managing Vendor Exposure, Performance, Regulatory Compliance, Privacy and Information Risk across your entire portfolio of vendors and suppliers.

Risk Intelligence Blog

Current Articles | RSS Feed RSS Feed

What's The Inherent Risk in your Supply Chain?

Posted by Rene Barraza on Mon, Sep 13, 2010 @ 10:00 AM
  
  
  
Add to delicious  delicious  
  

Supply chain.According to the Verizon Cybertrust 2010 Data Breach Investigations Report, 70 percent of IT security breaches investigated by Verizon occurred from external agents.

This is an eye-opening statistic because most companies use external agents or vendors to handle sensitive tasks like payroll, transaction processing and business processing. This report highlights the risk of data loss and exposure that companies face when they place their confidential information in the hands of external service providers.

What's the inherent risk that your business could become part of this troubling statistic? Do you know how well your service providers are protecting your data?  Do you have a handle on the  level of risk exposure across your whole supplier portfolio?

How can you calculate inherent risk in your supply chain?
There are ways to calculate and understand the inherent risks you have to potential security breaches from external agents. Evaluating inherent risk requires companies to take the following three steps:

1. Identify third party relationships and services
First identify what type of third party relationships your business is engaged in, including supplier-vendor relationships, agent-broker relationships or business partnerships like marketing co-development or resale. Within each type of relationship call out all of the business processes and services that are being outsourced. Pay attention to processes involving information technology, HR, financial services, customer support services (e.g. call centers) and product development as these processes are especially vulnerable.

2. List the information that could be exposed
For each type of relationship and service provided, list the specific information, data or corporate assets that are being exchanged or exposed to your third parties. Highlight data regulated under U.S. and international privacy laws, such as Social Security Numbers, health care information and consumer financial or credit card information. Also note any potentially compromising corporate assets such as financial data or intellectual property.

3. Determine strategic, geographic and contract exposure
Finally, look at the exposure your company faces with respect to its relationships with third party vendors. To determine strategic exposure, ask yourself, if the vendor went out of business,  what would the impact to your company be? How long would it take to replace that supplier? It's also important to understand the different risk profiles for companies based on their country and location. Finally, analyze the contracts you have in place, or are negotiating, with vendors. Are there specific requirements for vendors to protect your data? Do you have the ability to audit these companies? Can you assess the vendor’s IT controls as part of the negotiation?  These are all questions that will help to further determine exposure.

It can challenging for some organizations to share this knowledge about your vendors gathered  from all of the areas mentioned above, since this information tends to be housed in separate silos or departments.  Yet understanding inherent risk exposure is imperative to effectively combat against the increase in data breaches involving external vendors .

To stay ahead of the growing trend of external security breaches, you must continue to monotor risk exposure as your business processes and relationships with third-party vendors evolve and your dependency increases.

What is your company's strategy for understanding and monitoring security risks? How will the findings from the Verizon Cybertrust report affect your future safeguards?

About the Author: Chris Bell is a founder and VP of Product Management at Evantix, who provides an on-demand risk management solution that helps companies assess, manage, and monitor risk across their complex business relationships. He builds innovative risk management solutions for the market and advises companies about how to improve their programs.  You can read more from Chris on the Evantix blog.

Find out how risk reporting software can help you manage supplier risk.

Free Webinar
 In this educational personal webinar, you’ll learn how Evantix’s risk intelligence solution creates a credit bureau for your vendors enabling you to make intelligence decisions about your business risk.  Register for your personal webinar today.
Tags: , , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics