The Covid-19 pandemic, shifts in the global economy and the Ukraine conflict have further strained an already imperfect global supply chain. Based on a recent ISACA survey of more than 1,300 IT professionals, there is reason to be concerned about any supply chain-reliant organisation’s ability to fulfill business objectives.
Myriad global, geographic and geopolitical factors increase an already dynamic threat landscape, making governance, coordination and risk management all the more important. However, implementing, executing and optimising strategies, plans and processes are challenging with an increasingly complex global supply chain. Three of the top concerns from the ISACA survey are highlighted below, with recommendations on how to tackle each.
To improve your organisation’s supply chain governance, identify critical business functions and how your particular supply chain impacts them. To do this:
Governance is all about prioritisation, communication and responsibility. Recommendations include:
Supply chain incident response can be addressed through governance, planning and risk management. Tabletop exercises are useful exercises and should include critical suppliers to review your supplier’s incident response plan alongside yours. Key outputs may include:
Tabletop exercises should begin as basic common theoretical incidents. These initial exercises can help to identify concerns and issues, especially with roles, responsibilities and the incident management chain of authority. After completing several tabletops, conduct planned and unplanned walkthroughs of the shared incident playbooks. Walkthroughs help to identify potential issues before an actual incident, such as who the backups are if the primary contacts are not available or in what circumstances should you and your supplier switch to alternative means of communication.
Of note, there are incident scenario vendors in the market that produce and facilitate training incidents, which increases the realism. In these situations, clearly scoped and approved rules of engagement make the training as authentic as possible without impacting operations. The key output is a list of lessons learned to improve the resilience of your supply chain.
Good governance, secure, frequent communications and solid risk management are three basic components available to enterprises to improve the strength of their supply chain. Communication is key – with suppliers/vendors, stakeholders and decision-makers to identify critical services and resources. Documentation is important to outline and carry out activities necessary to protect critical services and resources. Establishing and maintaining clear communication channels with critical suppliers is paramount. Frequently review risks to your organisation, especially critical services, resources and supply chains. Contingency processes and procedures improve response and should be developed and handy when real-world events occur.
Good governance, communication and risk management will improve the resilience of your supply chain and better prepare your organisation for the next global crisis.
Brian Fletcher is a cyber assessment practices advisor for ISACA.
Experts debate whether antitrust law enforcement should go beyond promoting competition and focus on other factors.
During the American Antitrust Institute's annual conference, Sen. Richard Blumenthal spoke on the importance of antitrust law for...
CIOs face a tough challenge in 2022 as they balance the need for technology investment and growth amid a growing call for fiscal ...
Hertzbleed, a family of new side-channel attacks, was first reported to Intel in the third quarter of 2021, and it's unclear why ...
This Risk & Repeat episode discusses RSA Conference 2022 and major themes such as the evolving ransomware landscape and the ...
Key cloud security takeaways from RSA 2022 include the need to shore up cloud application security, consolidate tools and ...
Cisco CEO Chuck Robbins said companies could reduce spending but are unlikely to slash budgets because technology has become a ...
The latest addition to the cloud-based Cisco Meraki console expands the company's subscription-based pricing for network ...
SD-WAN and SASE have both seen widespread adoption throughout the networking industry, but service providers must work to address...
VMware users are taking a wait-and-see stance on the Broadcom acquisition, keeping their fingers crossed that Broadcom remains ...
Quantinuum has added parallel processing capabilities to its H1-1 quantum system making it more suitable for solving complex ...
SUSECON featured several key product launches and trends, including business-critical Linux, containers and the edge. But how ...
Startup emerges to launch a new developer-focused cloud database as a service based on open source PostgreSQL, with capabilities ...
The CEO of the data platform vendor, which is a leading contributor to the open source Cassandra database, details why the vendor...
The data warehouse vendor is growing its hybrid data warehouse capabilities with version 6.0 of its namesake platform that is now...
All Rights Reserved, Copyright 2000 - 2022, TechTarget Privacy Policy Cookie Preferences Do Not Sell My Personal Info