GV.SC-08.107

Does your organization conduct formal lessons learned sessions with critical suppliers following significant projects, incidents, or on a regular cadence?

Explanation

Collaborative lessons learned sessions with critical suppliers help identify areas for improvement in security practices, communication protocols, and incident response procedures. These sessions can uncover vulnerabilities in the supply chain, establish better coordination mechanisms, and strengthen relationships with key suppliers who may have access to sensitive systems or data. Evidence of fulfillment could include meeting minutes or reports from lessons learned sessions, documented action items resulting from these sessions, a formal process document outlining how and when these sessions are conducted, or a schedule of planned and completed supplier review meetings that include lessons learned components.

Implementation Example

Conduct collaborative lessons learned sessions with critical suppliers

ID: GV.SC-08.107

Context

Function
GV: GOVERN
Category
GV.SC: Cybersecurity Supply Chain Risk Management
Sub-Category
Relevant suppliers and other third parties are included in incident planning, response, and recovery activities

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron