The recent revelation that Debenhams was responsible for the exposure of 26,000 customer records showed just how important it is to practice effective supply chain management.
The breach is reported to have been initiated through a malware attack on the e-commerce site of its online florist business, delivered by a 3rd party vendor. Debenhams claim it has not affected their main online store and all activities have been suspended through affected sites.
It’s a timely reminder of the need to understand and mitigate the risks involved in partners handling information assets. Certainly, with GDPR just a year away from coming into effect, it’s crucial to look at not just how data privacy is managed but also how you will assure regulators and other stakeholders that you meet the requirements for robust information security management throughout the supply chain.
Many organisations favour a comply or die approach to vendor selection, using lengthy standard questionnaires to establish information security credibility. These may describe technical and operational processes but do little to demonstrate they are being effective.
An externally accredited ISO 27001offers those assurances, although SME partners have struggled with the financial and administrative burden of compliance in the past and this has placed them at a disadvantage.
That is, until ISMS.online, a secure cloud software solution which makes effective information security management more cost-effective and easier to achieve than previous traditional methods.
At ISMS.online, we promote a Responsible Customer approach where supporting supply chain partners through engagement and collaboration delivers results for both parties, and helps to secure the valuable information assets of all parties.
With Valentine's Day approaching, our thoughts naturally turned to... l’amour. But we’re standards obsessives, with ISO 27001 ever-present in our mind. So we ended up…
Keep reading >
We all know Single Sign-On holds the key to security and convenience. Our version boosts your ability to securely manage different levels of access and…
Keep reading >
It’s that strange time between Christmas and New Year, when everything goes quiet and hardly anyone’s around. It’s one of our favourite moments, because it’s…
Keep reading >
For those in the infosec world, (or indeed anyone that values their own data, bank balance and privacy), password security is a black and white…
Keep reading >
#21 Vampire: Vampires are terrifying. But they’re also charming. That’s because most of them can only enter your house if you invite them in.
Keep reading >
As Xero’s global security standard deadline arrives, we discuss its implication for partners and ponder what’s next. Will the ICAEW and ACCA follow in the…
Keep reading >
There is always a price to pay for poor information security management.Yahoo paid that price and reacted by penalising those individuals it held personally accountable.
Keep reading >
Stay Informed
Join our club of infosec fans for a monthly fix of news and content.
