ramsac’s internal security practices – supply chain security        

Posted on April 5, 2023 by Louise Howland

What is Supply Chain Security?

Understanding your suppliers’ cybersecurity risks is an important part of supply chain security. Supply chains can be large and complex making them vulnerable to cybersecurity attacks and indirectly, your suppliers lack of protection could make you vulnerable, if that supplier has data on your organisation, or access to your systems.  Supply chain security involves assessing the potential threats and vulnerabilities that your suppliers may introduce to your IT environment and data, as well as the mitigations and controls they have in place to prevent or respond to cyberattacks.

Some examples of supply chain cybersecurity risks include:

• Data breaches or leaks due to inadequate encryption, authentication or access control by your suppliers
• Malware infection or compromise of your systems or devices due to malicious software or hardware components from your suppliers
• Ransomware attacks or denial-of-service attacks due to compromised network connections or servers from your suppliers
• Intellectual property theft or sabotage due to insider threats or espionage by your suppliers or their subcontractors
• Regulatory fines or reputational damage due to non-compliance with cyber laws or standards by your suppliers

Supply chain security strategy

A cybersecurity strategy is a document that outlines the rules, guidelines and best practices for protecting your organisation and your supply chain from cyber threats. It defines the roles and responsibilities of different stakeholders, the standards and expectations for cyber security performance, and the procedures and processes for incident response and recovery. A cybersecurity strategy can help you communicate your security requirements to your suppliers to ensure and ensure they comply with them.

ramsac internal security practices

We have created a document outlining the security approach ramsac takes and our internal practices to reassure our supply chain that we take cybersecurity and the protection of the supply chain and its data seriously.  This document aims to demonstrate how we, as a key link in your supply chain, are doing our part to keep your data safe. It can be used to demonstrate security to your own auditors or interested parties.

The policy is available below, if you have any questions please speak to your Relationship Manager who will be happy to set up a call with our Head of Security to answer any questions.