Supply Chain News / eSupply Chain / Risk & Compliance

Securing the Supply Chain Report Released

May 1, 2013
/ Print / Reprints /
/ Text Size+

According to the Information Security Forum (ISF), a global, independent information security body focused on cyber security and information risk management, organizations go to great lengths to secure intellectual property and other sensitive information internally. Yet, when that information is shared across the supply chain, security is only as strong as the weakest link.

"There is a 'black hole' of undefined supply chain information risk in many organizations"

The ISF’s latest report, Securing the Supply Chain, made the point that information compromised in the supply chain is just as damaging as that compromised from within the organization as evidenced by numerous recent incidents.

“Supply chains are inherently insecure and organizations create unintended information risk when sharing information with their suppliers,” said Michael de Crespigny, CEO of ISF. “There is a 'black hole' of undefined supply chain information risk in many organizations – they understand and manage this risk internally but have difficulty identifying and managing this risk across their hundreds or thousands of suppliers. Our Securing the Supply Chain report provides executives with a way for the organization to identify and manage risk in the supply chain and addresses how information risk management can be integrated into procurement and vendor management processes and activities. Our latest research will help them to better identify and understand the risks, and then respond in a proportionate, scalable and efficient manner”.

Sharing information with suppliers is an essential part of an organization’s daily business operation, however doing so increases information risk: the risk that the confidentiality, integrity or availability of that shared information could be compromised. Supply chains are difficult to secure, they create risk that is hard to identify, complicated to quantify, costly to address – the last of which can be disruptive to supplier relations. Think about the consequences of a supplier providing accidental, but harmful, access to your intellectual property, customer or employee information, commercial plans or negotiations.

Do you know if your most valuable and sensitive information is being protected by your suppliers as you would protect it? You can’t outsource this risk – it is yours to manage and regulators and stakeholders will look poorly on such incidents. By considering the nature of their supply chains, determining what information is shared, and assessing the probability and impact of potential compromises, organizations can balance information risk management efforts across their supplier base.

“When suppliers share your information with their suppliers, the risk is extended further up the supply chain and visibility and control diminish. This aspect of supply chain information risk often goes unseen and unmanaged,” continued de Crespigny. “The key to managing information risk in the supply chain is an information-led, risk-based approach to identify what information is being shared and assess the probability and impact of a compromise”.

To help organizations manage their supply chain information risk, the ISF has created the Supply Chain Information Risk Assurance Process (SCIRAP), an approach for larger organizations to manage this risk across their thousands or tens of thousands of suppliers. This focuses on identifying information shared in the supply chain and focusing attention on the contracts that create the highest risk.

This provides a scalable way to manage contracts so that efforts are proportionate to the risk. SCIRAP integrates with existing procurement and vendor management processes, providing a mechanism to make supply chain information risk management a part of normal business operation. As a result, organizations will be able to better understand their supply chain information risk, identify the assurance or actions required, and work with procurement or vendor management to manage information risk.

The Securing the Supply Chain report is available free of charge to ISF Members and available via ISF Live, a facilitated forum for ISF Members to discuss related issues and share solutions, along with additional resources including a webcast and presentations.

Non-members can purchase a copy of the report by contacting Steve Durbin by email.

You must login or register in order to post a comment.



Image Galleries

Five Wearable Manufacturing Technologies of the Future

Video applications, Employee Monitoring, Field service, Plant monitoring, Improving employee safety.

For more manufacturing insights, visit



Assurance of Supply: A Top Concern for Manufacturers

Every manufacturer has an assurance of supply problem to some extent due to the complexity of global sourcing. For years, manufacturers were blessed with high margins but margins have grown paper thin. You can’t fill up your distribution centers with excess inventory – not only is there a cost factor but the pace of business and consumer buying trends causes goods to quickly turn obsolete. Assurance of supply provides the speed and agility that is essential to being able to compete in today’s market.


Speaker info: Diane Palmquist, VP Manufacturing Industry Solutions


More Podcasts

World Trade 100 Magazine

wt october 2014

2014 October

Check out the October 2014 edition of World Trade WT100, featuring our cover story: Logistics Drives Site Selection, plus much more!

Table Of Contents Subscribe

Transportation Capacity

As peak season has gotten underway, what is your experience with transportation capacity?
View Results Poll Archive


World-Class Warehousing and Material Handling, 1st Edition

Filled with proven operational solutions, it will guide managers as they develop a warehouse master plan, one designed to minimize the effects of supply chain inefficiencies as it improves logistics accuracy and inventory management - and reduces overall warehousing expense.

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Use our interactive maps to locate service providers across North America.Interactive Map

Logistics Development Partners 

IWLA Members