• +44 (0)1273 454525
  • Call us
  • info@firstbase.co.uk
  • Email

Supply Chain Security Assessments

Why Supply Chain Security Assessment?

When companies think about security, they usually focus on securing their networks, software, and digital assets against cyber attacks and data breaches. However the supply chain, whether a traditional supply chain or the ‘data supply chain’ that most large companies rely on, is also vulnerable to attack.

With information shared across a supply chain, the cyber security of any organisation in the chain is only as strong as the weakest link. A determined attacker will make use of this by identifying the organisation with the weakest cyber security and use their vulnerabilities to gain access to other members of the supply chain.

Many businesses outsource their data to third party companies which aggregate, store, process, and broker the information, sometimes on behalf of clients in direct competition. Such sensitive data is not necessarily just about customers, but could also cover business structure, financial health, strategy, and exposure to risk.
Addressing the risk through a programme of Supply Chain Security Assessments is critical to your Cyber Resilience and defence.

What’s involved in Supply Chain Security Assessment?

Our Supply Chain Security Assessments are founded on in-person interviews and on-site inspection. This provides the opportunity to gauge the supplier’s implementation of their policies and standards firsthand, revealing any shortcomings which may otherwise be missed.

In addition, where the supplier is critical to your operation, we also verify their technical controls by a combination of inspection and technical testing.

We recognise that it may not be economically viable to carry out on-site assessments for ad-hoc suppliers or those with minimal access to your data. In these cases, we conduct telephone interviews to give our consultants the opportunity to evaluate the veracity of the organisation’s claimed security controls.

All our Supply Chain Security Assessments use a detailed questionnaire based on the ISF Standard of Good Practice for Information Security and an ISO27001:2013 ISMS Gap Analysis Tool. We work with you prior to the first engagement to ensure that the questionnaire content is relevant and appropriate to your internal standards.

Contact us to discuss your requirements in detail and to arrange a scoping meeting.

Contact us for more information

Call us on +44 (0)1273 454525 or use our enquiry form