GV.SC-03.081

Does your organization have a documented process for escalating material cybersecurity risks identified in your supply chain to senior management and addressing them within your enterprise risk management framework?

Explanation

Escalation of supply chain risk is what's being checked: whether material risks identified in your supply chain are formally raised to senior management and handled within enterprise risk management.

Material cybersecurity risks in the supply chain (such as critical vulnerabilities in third-party components, security breaches at key vendors, or compliance issues with suppliers) must be communicated upward to decision-makers who can allocate resources and authorize mitigation strategies.

Evidence of fulfillment could include a documented escalation procedure specific to supply chain risks, meeting minutes from executive risk committee discussions of supply chain security issues, a supply chain risk register that includes escalation thresholds, or integration documentation showing how supply chain cybersecurity risks feed into the enterprise risk management system.

Implementation Example

Escalate material cybersecurity risks in supply chains to senior management, and address them at the enterprise risk management level

ID: GV.SC-03.081

Context

Function
GV: GOVERN
Category
GV.SC: Cybersecurity Supply Chain Risk Management
Sub-Category
Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes

Related questions

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron