If you were not convinced about the importance of managing your supply chain and assuring its approach to information security, how about a £200k fine to improve your focus?
The Crown Prosecution Service (CPS) has been fined that sum by the Information Commissioner's Office for what appears to be ineffective controls at a supplier that was handling laptops with sensitive information on them.
It is no surprise that ISO 27001, the leading standard for information security, has increased emphasis on the supply chain in its 2013 version. With outsourcing juxtaposed against a drive for saving money with cheaper services, supply chain information security risks are going to increase. Whilst you can contract away responsibility for the work, brands can't easily abdicate accountability and this fine is an expensive example; what price the reputational impact on top?
What could you achieve with £200k? Maybe hire Wayne Rooney from Manchester United for a few days (now he has started scoring again).....or, if you are considering ways to mitigate that risk occurring again, you could get about 15 years of ISMS.online! Yes seriously, spend just over £1k per month and you can help secure your supply chain as part of an integrated approach to your controlling your information security management system (ISMS). And you don't need to commit for 15 years!
Learn more about how we can help with your supply chain information security goals here.