Developing a Supply Chain Risk Management Program

Vendors, contractors, consultants, and integrators are vital parts of the supply chain. These relationships must be assessed and better managed for the risks they pose to the overall risk profile of an organization. Yet many organizations fail to adequately manage the risk posed from these trusted third party relationships. As discussed in the Security & Resilience Update on Tuesday, even a ransomware attack on a third party partner can negatively impact an organization when stolen data is leaked. Prior to ransomware adopting the data breach paradigm, partner organizations likely only experienced a service impact while the third party victim recovered from the unfortunate incident. Nowadays, every partner organization carries a risk from a ransomware attack on a third party. This recent blog post on Tripwire addresses the overall task of supply chain risk management, including managing the vendors, mitigating the risks, and maturing the program. This post is well-developed guidance and perfectly complements #13 – Secure the Supply Chain in WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities. Members are encouraged to read the post at Tripwire.