The recent revelation that Debenhams was responsible for the exposure of 26,000 customer records showed just how important it is to practice effective supply chain management.
The breach is reported to have been initiated through a malware attack on the e-commerce site of its online florist business, delivered by a 3rd party vendor. Debenhams claim it has not affected their main online store and all activities have been suspended through affected sites.
It’s a timely reminder of the need to understand and mitigate the risks involved in partners handling information assets. Certainly, with GDPR just a year away from coming into effect, it’s crucial to look at not just how data privacy is managed but also how you will assure regulators and other stakeholders that you meet the requirements for robust information security management throughout the supply chain.
Many organisations favour a comply or die approach to vendor selection, using lengthy standard questionnaires to establish information security credibility. These may describe technical and operational processes but do little to demonstrate they are being effective.
An externally accredited ISO 27001offers those assurances, although SME partners have struggled with the financial and administrative burden of compliance in the past and this has placed them at a disadvantage.
That is, until ISMS.online, a secure cloud software solution which makes effective information security management more cost-effective and easier to achieve than previous traditional methods.
At ISMS.online, we promote a Responsible Customer approach where supporting supply chain partners through engagement and collaboration delivers results for both parties, and helps to secure the valuable information assets of all parties.
As Xero’s global security standard deadline arrives, we discuss its implication for partners and ponder what’s next. Will the ICAEW and ACCA follow in the…
Keep reading >
#12 Phantom: Unfinished business in the past leads to undead creatures bothering the present. That’s your average phantom for you. They’re pretty unsettling until you…
Keep reading >
Table Of Contents:0.0.1 - Ensuring that passwords are strong and secure has always been a hot topic in the world of information security. All Alliantist…
Keep reading >
Halloween’s here, the spookiest time of year. That set us thinking about our favourite monsters. They have a lot in common with the infosec challenges…
Keep reading >
With Valentine's Day approaching, our thoughts naturally turned to... l’amour. But we’re standards obsessives, with ISO 27001 ever-present in our mind. So we ended up…
Keep reading >
As infosec specialists, we’re in awe of Santa Claus. He runs one of the planet’s largest, most effective and most public data gathering and management…
Keep reading >
#18 Werewolf: The thing about werewolves is that you always know when they’re going to pop up. Every full moon, regular as clockwork, there’s some…
Keep reading >
Learn some onboarding lessons from marketersThe marketing department can teach us a lot about onboarding. Whilst they work hard to ensure a user’s first impression…
Keep reading >
The UK Government has recognised some of its biggest information security risks come through the supply chain and G Cloud 9 is the first serious…
Keep reading >
Stay Informed
Join our club of infosec fans for a monthly fix of news and content.
