Security Certifications for Suppliers
Check your arrangements
- When suppliers are critical to the security of your supply chain, make it a condition of their contracts to:
- Report security performance to your senior management team.
- Follow risk management policies and processes you specify.
Include the “right to audit” in all contracts and enforce it. Require your suppliers to do the same for contracts they sublet. Audits may include inspecting the service provider’s premises, records, and equipment (though this may not be possible or desirable when the service is cloud-based).
Justify and incorporate assurance requirements into your security requirements when possible, such as assurance reporting, penetration tests, external audits, and formal security certifications.
Establish key performance indicators to evaluate the effectiveness of your supply chain security management.
Review and act on any findings and lessons learned.
Encourage suppliers to promote good security practices.