GV.SC-04.083

Does your organization maintain a comprehensive supplier inventory that includes criticality ratings for each supplier?

Explanation

A supplier inventory helps organizations track all third parties that provide goods or services, while criticality ratings identify which suppliers pose the greatest risk or are most essential to operations. This enables proper allocation of resources for supplier risk management, focusing more attention on high-risk or critical suppliers. For example, a cloud hosting provider might be rated as highly critical, while an office supply vendor might receive a lower criticality rating. Evidence could include a spreadsheet or database containing a list of all suppliers with columns for criticality ratings (e.g., high/medium/low or numerical scores), assessment dates, and criteria used for determining criticality such as data access levels, operational impact, and regulatory requirements.

Implementation Example

Keep a record of all suppliers, and prioritize suppliers based on the criticality criteria

ID: GV.SC-04.083

Context

Function: GV: GOVERN
Category: GV.SC: Cybersecurity Supply Chain Risk Management
Sub-Category: Suppliers are known and prioritized by criticality

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub