Supply Chain Management
Protecting you and your suppliers.
Your organisation needs to determine how it will manage its external relationships. This includes the identification of organisations, conducting assessments from which capable suppliers can be determined, and ensuring that supplier relationships are being properly managed on an ongoing basis.
Supplier management is a core element of ISO9001 (quality management), ISO27001 (information security management) and the EU General Data Protection Regulation (GDPR). It is essential for proactive steps to be taken to ensure your organisation is properly protected from weaknesses within its supply chain.
A combination of our Supplier Capability Assessments (see below), Risk Management services and supporting material from our Document Packs combine to deliver an effective approach.
Risk Assessment for Outsourced Products and Services
Your dependencies on third-party products and services will increase your exposure to additional risks. These weaknesses need to be promptly identified, properly assessed and effectively managed by your organisation.
Third-party assets should be risk assessed to ensure that everything is in order. With cloud-based services, the location and security controls applicable to the hosted data need to be understood and contractually agreed. InfoSaaS risk assessments include templates which can be used as a foundation for understanding third-party organisations, including the consumption of Software-as-a-Service (SaaS) and cloud services.
Our solution
Supplier Capability Assessments
Traditional approaches to determining a supplier’s capabilities and security posture have been manual and very time-consuming processes.
InfoSaaS provides a unique Supplier Capability Assessment framework, which can be quickly and easily implemented and customised to reflect your organisation’s individual needs.
Each assessment can be customised to include only that content which is relevant to the specific supplier. Each is electronically tracked and issued, allowing suppliers to complete their responses online. Your organisation can track progress in real-time, and when submitted InfoSaaS can assess their responses and automatically score their capabilities.
GDPR considerations
It is likely that some of your suppliers will be required to have access to process personal data (either of your own personnel or perhaps your customers), You have legal responsibilities to understand their capabilities and compliance with the EU General Data Protection Regulation (GDPR).
You will gain valuable insights from the responses using our Supplier Capability Assessments. This information can be used to complete detailed Data Protection Impact Assessments within InfoSaaS where these are required by Article 35 of GDPR.
Get started
“The Bluemetrix team have found the InfoSaaS solution to be both comprehensive and easy to use: it has made a significant contribution to the maturity and robustness of our information security and data protection activities”.
“The InfoSaaS platform has been enormously helpful as we work towards our ISO27001 certification goal. The structure, support and documentation available have allowed us to make quick progress now that we can easily track all of our assets, risks and actions.”
“At the end of the certification audit process, the auditor commented how effective our ISMS is. For me it is very satisfying to hear, from an external point of view, that we’re doing things right”.
“If we weren’t using InfoSaaS, we would have had to use countless documents and spreadsheets – and that would have required far more effort!”
“InfoSaaS provides an effective and integrated GRC solution, which makes a significant contribution to the information security posture of our clients. It has provided invaluable in guiding customers towards GDPR compliance, and we remain impressed by the new features which are added on a regular basis. Great work!”
“It was clear that InfoSaaS was going to be the easiest to use … and was going to help us keep on top of everything properly.”
Learn more
“InfoSaaS provides established and credible solutions for delivering information security and data governance, proven time and again with successful certification results amongst our client portfolio. We have no hesitation in recommending InfoSaaS.”