GV.SC-06.097

Does your organization have a formal process to verify the authenticity, integrity, and security of critical products before acquisition and deployment?

Explanation

This question assesses whether you have established procedures to evaluate critical products before they enter your environment. This includes verifying the legitimacy of the vendor, checking for tampering during delivery, and evaluating security vulnerabilities or weaknesses in the products themselves. These checks help prevent supply chain attacks, counterfeit products, and the introduction of compromised software or hardware into your systems. Evidence could include a documented product security assessment procedure, vendor verification checklists, digital signature verification processes, or reports from security testing performed on critical products before deployment.

Implementation Example

Assess the authenticity, integrity, and security of critical products prior to acquisition and use

ID: GV.SC-06.097

Context

Function
GV: GOVERN
Category
GV.SC: Cybersecurity Supply Chain Risk Management
Sub-Category
Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron