Supply Chain Management
Protecting you and your suppliers.
Your organisation needs to determine how it will manage its external relationships. This includes the identification of organisations, conducting assessments from which capable suppliers can be determined, and ensuring that supplier relationships are being properly managed on an ongoing basis.
Supplier management is a core element of ISO9001 (quality management), ISO27001 (information security management) and the EU General Data Protection Regulation (GDPR). It is essential for proactive steps to be taken to ensure your organisation is properly protected from weaknesses within its supply chain.
Risk Assessment for Outsourced Products and Services
Your dependencies on third-party products and services will increase your exposure to additional risks. These weaknesses need to be promptly identified, properly assessed and effectively managed by your organisation.
Third-party assets should be risk assessed to ensure that everything is in order. With cloud-based services, the location and security controls applicable to the hosted data need to be understood and contractually agreed. InfoSaaS risk assessments include templates which can be used as a foundation for understanding third-party organisations, including the consumption of Software-as-a-Service (SaaS) and cloud services.
Supplier Capability Assessments
Traditional approaches to determining a supplier’s capabilities and security posture have been manual and very time-consuming processes.
InfoSaaS provides a unique Supplier Capability Assessment framework, which can be quickly and easily implemented and customised to reflect your organisation’s individual needs.
Each assessment can be customised to include only that content which is relevant to the specific supplier. Each is electronically tracked and issued, allowing suppliers to complete their responses online. Your organisation can track progress in real-time, and when submitted InfoSaaS can assess their responses and automatically score their capabilities.
It is likely that some of your suppliers will be required to have access to process personal data (either of your own personnel or perhaps your customers), You have legal responsibilities to understand their capabilities and compliance with the EU General Data Protection Regulation (GDPR).
You will gain valuable insights from the responses using our Supplier Capability Assessments. This information can be used to complete detailed Data Protection Impact Assessments within InfoSaaS where these are required by Article 35 of GDPR.Get started