Most (if not all) organizations around the world, whatever their size or domains of activities, have relationships with suppliers of different kinds that deliver products or services. Such suppliers can have either a direct or indirect access to the information and information systems of the acquirer, or will provide elements (software, hardware, processes, or human resources) that will be involved in information processing. Acquirers can also have physical and/or logical access to the information of the supplier when they control or monitor production and delivery processes of the supplier. Information security risks in supplier relationships are a matter of concern, not only for the acquirer and supplier, but also for customers and other interested parties. It is a question of trust in business activities in society. Both the supplier and acquirer should consider the inherent and residual information security risks associated with establishing a supplier relationship.
Supply Chain Security Assurance Services provided by BESECURE provide a holistic approach to vendor assurance by supporting nationally and globally accepted standards and risk, threat and maturity based scoring that allows enterprises to effectively measure monitor and benchmark their suppliers risks beyond the usual compliance check-box approach. Our proven supplier assurance methodology effectively mitigates against increasing security threats. Supply Chain Security Assurance Service approach is based on ISO 27001, ISO 270036, COBIT, NIST PCI and ISF SoGP internationally standards.