systems”, according to the DPC investigation findings2. Meanwhile, some of the third party companies for whom Loyaltybuild were providing data processing services “were unaware of their role in the control of the data held on the Loyaltybuild Ltd’s systems”, according to the DPC.
Even simple traditional supplier relationships like cloud storage, cloud email, cloud DR/BC if not properly assured and managed, pose potentially serious threats to organisations using these services.
Protect your supply chain from cyber se- curity threats
Here are eight recommendations to secure your supply chain:
• Identify all of your information assets within the supply chain.
• Examine your supply chain and identify who has access to information assets, the purpose of that access and if it is necessary.
• Review your policies, procedures and controls to address supply chain risks to your information sys tems and data.
• Perform a gap analysis identifying gaps that you have in all of the above. For example: no policies for outsourced data retention, no contracts in place between you and the provider for data retention or data processing
• Put a work programme in place to address these gaps on a priority basis. For example: identify the issues that pose the biggest risks – the ones that would have the greatest negative impact on your organisation.
• Implement an information security governance, risk management and operations framework to ensure that your supply chain data security is man ageable. Include a holistic information security management system (ISMS) for your organisation.
• Audit your supply chain to ensure compliance. Ward advises clients to formally request an inde pendent audit of their service regularly. Ideally, these audits should be benchmarked against a rel evant verified standard. For example: OWASP for software; ISO27001 for general info security; PCI/ DSS for payment processing; and Data Protection legislation for data processing.
• Incorporate a holistic incident detection
and management process to detect anomalies or
non-conformance to your information security throughout the supply chain. Once these have been identified, agree to a response plan with your supplier.
We highly recommend that Irish organisations seek the help of experts to ensure these standards are being met and that they are not at risk of cyber security threats from the supply chain. Want to know more? Contact Ward Solutions today:
Tel: +353 1 6420100 Email: sales@ward.ie
  The CharTered InsTITuTe of LogIsTICs & TransporT 87
  CYBER SECURITY