Panorays and SANS Collaborate on Whitepaper and Webcast
Panorays has collaborated with the SANS Institute to produce “Success Patterns for Supply Chain Security,” a whitepaper authored by noted analyst John Pescatore, which was also the subject of a recent webcast.
The paper explores different patterns and key components of supply chain security effectiveness. It focuses on defining where organizations stand with their supply chain security and how they can progress towards more effective approaches.
Get the best third-party security content sent right to your inbox
Thanks for subscribing!
In particular, Pescatore covered five elements of a successful supply chain security program. They include:
Find a Friend
Security must have a champion in the management chain responsible for supply chain decisions, such as a board member, CEO, COO or head of procurement. This person should try to find areas where increased supply chain security aligns with business metrics, plans and strategies.
Discovery of Suppliers
You can’t secure what you don’t know is there; and if you know it is there, you must be able to detect when risk status changes. For this reason, it’s important to be aware of all supply chain partners, conduct regular assessments of vulnerabilities and detect any changes in exposure.
Mix of Assessment Approaches at Scale
A “one-size-fits-all” risk assessment approach will not work for most businesses. A mix of techniques is necessary to support both business responsiveness demands and to enable more continuous monitoring of risk levels. These techniques include vendor questionnaires, external risk-rating services, shared assessments and active testing. An effective supply chain security program will require a combination of these capabilities.
Extension of Dashboard/Reporting to BU and IT Managers
Supply chain security processes and tools should provide visibility into current risk views to non-security personnel and enable them to incorporate risk information in their decision-making processes. If your organization already uses some standard approach for rating the financial or viability risk of suppliers and partners, the supply chain security reporting and monitoring should ideally integrate into that.
Closing the Loop
Years ago, the manufacturing industry learned that quality programs couldn’t succeed just by rejecting low-quality suppliers; they also had to close the loop to drive all suppliers to adopt higher-quality processes. An effective supply chain security program must include feedback to vendors and visibility into the results of assessments and ratings to drive improvement overall.
Want to learn more? Click here to download the complete whitepaper.