ID.IM-02.184

Has your organization tested its contingency plans for responding to and recovering from supply chain compromise incidents where products or services were found to be counterfeit or tampered with?

Explanation

This question assesses whether your organization has practiced its response to supply chain security incidents where received products or services were not authentic or were modified before delivery. Such exercises help verify that your organization can effectively detect, respond to, and recover from supply chain compromises that could introduce vulnerabilities or malicious code into your systems. Evidence could include documentation of supply chain compromise tabletop exercises, after-action reports from simulated or actual supply chain incidents, updated contingency plans based on exercise findings, or records of training sessions focused on supply chain compromise scenarios.

Implementation Example

Exercise contingency plans for responding to and recovering from the discovery that products or services did not originate with the contracted supplier or partner or were altered before receipt

ID: ID.IM-02.184

Context

Function
ID: IDENTIFY
Category
ID.IM: Improvement
Sub-Category
Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron