Startups and Maintaining the Security of Supply Chain
Elizabeth Press:
And there's always this question of the supply chain of the partnerships. And I would like to also highlight that a startup or another sort of partner's ability to prove that they have good cybersecurity hygiene is so critical to being able to onboard into these corporate programs, or also corporations being able to offer something really innovative in quick manner to their end customers.
Hannah Suarez:
Yes, startups, they are execution focused. And the thing with security is that it may be seen as a cost centre, some “homework” that someone has to do.
Now, I can give you a story that for one of the projects that I'm involved in called Loyalty Status Co, they have used their ISMS (heir ISO certificate) to be able to ship a new campaign forwards.
Extended Notes
How can startups leverage cyber security and ISO 27001 in moving campaigns forwards?
Third party attestations according to set standards provides an additional layer of trust when onboarding a new vendor.
The IEC/ISO 27001:2022 standards have controls which play a role in risk assessment of third parties and vendors.
New controls related to cloud services:
A.5.21 Managing information security in the information and communication technology (ICT) supply-chain
A.5.23 Information security for use of cloud services
New 27001:2022 controls related to sensitive data will play a role when assessing risks of third parties processing sensitive data:
A.5.34 Privacy and protection of personal identifiable information (PII)
A.8.11 Data masking
A.8.12 Data leakage prevention
A combination of data protection and cyber security management enables a startup to continue to be execution focused while also managing risks.
Supply Chain Security beyond ISO 27001
Are there more standards beyond ISO 27001 for managing supply chain and third party risks?
There are in fact more standards, guidelines and frameworks that can be adopted for managing third party and supply chain risks. Below is a list:
ISO 27001:2013 standards Annex 15 Supply Chain Risk Management
ISO/IEC 27036-1:2021 standards “Cybersecurity — Supplier relationships — Part 1: Overview and concepts”
ISO/IEC 27036-1:2021 “Information technology — Security techniques — Information security or supplier relationships — Part 2: Requirements”
ISO/IEC 27036-1:2021 “Information technology — Security techniques — Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security”
ISO/IEC 27036-4:2016 ”Information technology — Security techniques — Information security for supplier relationships — Part 4: Guidelines for security of cloud services”
NIST 800-161 Supply Chain Risk Management Practice
NIST Cybersecurity Framework
Watch the Preview from D3M Labs:
View Full Video Below
Coming soon
Share This Article
If you found this helpful, feel free to share your thoughts with us on LinkedIn. As always, don’t forget to leave your comments below!
Contact Us Today
Have a question? Find the following resources on our Services Page for other enquires,
contact us.
Register your interest for upcoming new products and services or stay up-to-date by subscribing to our mailing list.
