GV.SC-08.105

Does your organization include critical suppliers in incident response exercises and simulations?

Explanation

Including critical suppliers in incident response exercises ensures coordinated response capabilities during security incidents that may involve or impact your supply chain. This practice helps identify communication gaps, clarify roles and responsibilities, and test the effectiveness of response procedures across organizational boundaries. Evidence could include documentation of joint incident response exercises with suppliers, such as exercise plans, after-action reports, or meeting minutes that demonstrate supplier participation in tabletop exercises or simulations. Screenshots of collaborative incident management platforms showing supplier involvement would also serve as appropriate evidence.

Implementation Example

Include critical suppliers in incident response exercises and simulations

ID: GV.SC-08.105

Context

Function
GV: GOVERN
Category
GV.SC: Cybersecurity Supply Chain Risk Management
Sub-Category
Relevant suppliers and other third parties are included in incident planning, response, and recovery activities

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron