The recent revelation that Debenhams was responsible for the exposure of 26,000 customer records showed just how important it is to practice effective supply chain management.
The breach is reported to have been initiated through a malware attack on the e-commerce site of its online florist business, delivered by a 3rd party vendor. Debenhams claim it has not affected their main online store and all activities have been suspended through affected sites.
It’s a timely reminder of the need to understand and mitigate the risks involved in partners handling information assets. Certainly, with GDPR just a year away from coming into effect, it’s crucial to look at not just how data privacy is managed but also how you will assure regulators and other stakeholders that you meet the requirements for robust information security management throughout the supply chain.
Many organisations favour a comply or die approach to vendor selection, using lengthy standard questionnaires to establish information security credibility. These may describe technical and operational processes but do little to demonstrate they are being effective.
An externally accredited ISO 27001 offers those assurances, although SME partners have struggled with the financial and administrative burden of compliance in the past and this has placed them at a disadvantage.
That is, until ISMS.online, a secure cloud software solution which makes effective information security management more cost-effective and easier to achieve than previous traditional methods.
At ISMS.online, we promote a Responsible Customer approach where supporting supply chain partners through engagement and collaboration delivers results for both parties, and helps to secure the valuable information assets of all parties.