The weakest link in information security and risk management within an organization is the supply chain.
The supply chain introduces risk into an organiza-tion via its exposure to sensitive data concerning the organization, its employees, and its customers. Further, suppliers have the ability to connect to the organization remotely, process data, and gain physi-cal access to the organization’s facilities.
There is a great deal of difficulty involved in evaluat-ing and controlling the level of security and readiness of suppliers. In recent years, many of the serious at-tacks against organizations have occurred through attacks exploiting and breaching the weaknesses of vendors in the supply chain.
Additionally, important regulatory developments in the areas of privacy and data protection, together with regulatory guidance within specific sectors (fi-nance, insurance, health, critical infrastructure, and others) require that organizations prepare for and manage risk coming from the supply chain.
Creating and managing a Vendor Risk Management (VRM) program is a complex task that requires a holistic methodology and a significant time investment on behalf of an organization. Findings has developed its automated VRM platform to assist organizations in creating, improving, and managing their VRM programs.