614-322-2222 or 877-770-8324

Blinded by cutting corners: Non-compliant vendors in the supply chain

Aug

21

Blinded by cutting corners: Non-compliant vendors in the supply chain

Just like most of you, we hear from many experts, and we listen to their cyber ideas. However, when you sit down with a CISO that has had a breach, there is a common thread. Non-compliant vendors in their Supply Chain. Third-party data breaches have affected 51% of all businesses, according to a report by Ponemon Institute. This is an issue with our major OEMs and IT Support in Ohio and in the US as they even display non-compliant vendors on their own partner webpage. So how do we fix this problem in the US Supply Chain? The US government has already started it with the CMMC program. It is basically built on the NIST 800-171 CSF where the organization has an external auditor verify your compliance. That is designed to affect the entire supply chain of hundreds of thousands of businesses.

Next, top level executive education. When you have a serious discussion with an OEM executive, they do not know about the third-party vendor problem in their own organization. That they are violating their own written cybersecurity policies. This happens in both private and government offices. Then lastly, legal and procurement. In 2021, you would expect legal to review Service Agreements for cyber compliance, but as we review RFPs, it is rare to see the CSF certification requirement with the bid submittal. To recap, start the process to implement a NIST CSF, educate top executives how to spot noncompliant partners in their own organization, and add third party CSF certification to contracts. These three initiatives will close many data security holes in our leaky defensive posture.

 

Related article: June 2021 Vendor Management News (venminder.com)

TechR2 is NIST CSF compliant for years, and we realize we need to help our clients in their efforts to become CSF compliant. It is about leadership.



  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.


  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.


  • Why risk it? Get started today!
    Call 614-322-2222 or use this form.