GV.SC-06.096

Does your organization perform risk assessments of suppliers against business requirements and cybersecurity standards?

Explanation

Supplier risk assessments help identify potential security vulnerabilities in your supply chain that could impact your organization's security posture. These assessments evaluate suppliers based on their access to your systems/data, the criticality of their services, and their own security controls implementation against your requirements and industry standards. Evidence could include a documented supplier risk assessment methodology, completed supplier assessment reports, a supplier risk register showing risk ratings and mitigation plans, or third-party assessment results for critical suppliers.

Implementation Example

Conduct supplier risk assessments against business and applicable cybersecurity requirements

ID: GV.SC-06.096

Context

Function: GV: GOVERN
Category: GV.SC: Cybersecurity Supply Chain Risk Management
Sub-Category: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub