Third party suppliers are often overlooked as a risk to the organisation and it’s assets, however, they can present one of the greatest risks.
Those suppliers who have direct access to your network have, if not properly controlled, effective super administrator access rights to all your organisation’s data. Privacy legislation like the EU GDPR would consider this to be a data breach if there is no proper business justification documented.
Other Standards and best practices advise that supplier relation should be well documented with access levels and procedures agreed in advance. Policies should exist that mandate the types of controls that should be in place internally in order to safeguard your organisation from the risks posed by third party suppliers.
Each supplier should be given a bespoke level of access to your network in order enforce the principle of least privilege.
All suppliers should be monitored for compliance with policy, procedure and terms of contracts. When onboarding new suppliers, they should undergo a screen and due diligence process the ensures their level of security meets the required level of your organisation. This should be followed up at regular intervals to ensure standards continue to be met. Using a recognised standard, like ISO27001, to measure your suppliers against can be a useful benchmark to apply.
Talk with an Expert
Speak with a solutions expert or architect. Give us a call or leave a message. Our team is ready for your business.