Does your organization conduct formal lessons learned sessions with suppliers after significant projects or security incidents?
Explanation
Collaborative lessons learned sessions with suppliers help identify areas for improvement in security practices, communication, and incident response. These sessions can reveal vulnerabilities in the supply chain, enhance supplier relationships, and lead to improved security controls across organizational boundaries.
Evidence could include meeting minutes from lessons learned sessions, documented action items resulting from these sessions, formalized process documentation for conducting supplier reviews, or reports summarizing findings and recommendations from previous supplier collaboration sessions.
Implementation Example
Conduct collaborative lessons learned sessions with suppliers
ID: ID.IM-03.186
Context
- Function
- ID: IDENTIFY
- Category
- ID.IM: Improvement
- Sub-Category
- Improvements are identified from execution of operational processes, procedures, and activities
Related questions
- Does your organization regularly conduct self-assessments of critical services that incorporate current threat intelligence and adversary tactics, techniques, and procedures (TTPs)?
- Has your organization conducted third-party assessments or independent audits of your cybersecurity program within the past 12 months?
- Does your organization utilize automated tools or systems to continuously evaluate compliance with your established cybersecurity requirements?
- Does your organization have a process to identify and implement improvements to incident response procedures based on findings from exercises, tests, and reviews?
- Does your organization have a formal process to identify and implement improvements to business continuity, disaster recovery, and incident response plans based on exercises conducted with critical service providers and suppliers?
- Does your organization involve internal stakeholders (such as senior executives, legal, and HR) in security tests and exercises?

