Supply chain risk is higher than ever but as a security community, we’ve relied far too heavily on questionnaires and “blind” 3rd party risk assessment platforms. The sheer level of resources from the customer and vendor security communities creating, answering, and reviewing questionnaires answered by people and tools is not improving security but rather, further impacting our staffing challenges. We need a common standard that 3rd parties (like us) can build to and evidence accordingly
…..Read More
Supply chain risk is higher than ever but as a security community, we’ve relied far too heavily on questionnaires and “blind” 3rd party risk assessment platforms. The sheer level of resources from the customer and vendor security communities creating, answering, and reviewing questionnaires answered by people and tools is not improving security but rather, further impacting our staffing challenges. We need a common standard that 3rd parties (like us) can build to and evidence accordingly such that public and private sector operations consuming technologies and services can rapidly assess and consume with confidence. This is that standard and, from an entity that we already trust to build and measure effective programs that deliver material benefits to the operations that we’re protecting. This will be rapidly adopted and in turn, will enable our ability to select and consume the right technologies and services with confidence while returning resources on both sides of the equation to further optimize the security of products and programs.
Read Less
