Improving Supply Chain Security for Better Business Governance
This paper examines the common risks presented by third party suppliers, the options available to organizations to streamline assessment programs, particularly how to approach both cybersecurity supply chain security risk management within a GRC framework.
Supply chains magnify enterprise risk.
A wide array of potential threats comprising an enormous diversity of risks lie buried within different layers of every company’s supplier network.
No company is immune. Some of these threats manifest far upstream while others lurk just outside an organization’s operational core.
Companies need insight into which risks to mitigate and which to absorb.
Today’s major global organizations with hundreds of locations and thousands of employees and suppliers must efficiently address risk.
Governance, risk, and compliance (GRC) management provides a sound structure:
- Identifying redundancies as well as gaps in complex compliance requirements,
- Accurately managing and reporting risks and threats across the enterprise and extended network of third-party suppliers, and
- Achieving efficient governance of all operations
Effective governance and threat mitigation is nearly impossible without enhancing enterprise risk management to include both
- Vendor risk management, and
- Supply chain security management
The common silo approach to vendor risk and supply chain security leaves organizations wide open to threats they “should” know about.
More importantly, evaluating risk from the perspective of cyber security or physical security alone ignores an important opportunity to identify and leverage synergies between the two approaches.
What’s Related
Favorites
