Professional Documents
Culture Documents
RISK MANAGEMENT
YOUR PRESENTERS
KEY INFO
• 45 minute webinar
• Questions asked in
the chat box
• Recording of webinar
circulated shortly
AGENDA
• Context
• Cybercrime and the Supply Chain
Threats
Case Studies
Lessons Learned
• Risk Management Framework
Information is an asset
Information Governance
• Supply Chain Assurance and Standards
• Risk Mitigation Strategies
• Q&A
SUPPLY CHAIN CYBER
ASSURANCE CONTEXT
CONTEXT
Understanding of Controls -
Mitigation
Software Vulnerabilities
Hold to Account
Case Study
Reliance on outsourcing
Embedded malware
Case Study
Incidents of fraud
Reputational damage
Lessons Learned
Certification
As a small or micro business, improving your cyber resilience is invaluable, both from the point
of view of protecting your own business but also to protect the organisations you may supply
as part of their supply chain.
Includes:
NCSC Guidance - How organisations can protect themselves in cyberspace,
including the 10 steps to cyber security from the Government NCSC division.
Product Catalogue
Service Line
Customers
Suppliers
Information is valuable Employees
Marketing material
Intellectual Property
“Know How”
Orders & Invoices
Regulatory submissions
INFORMATION ASSETS AND DATA FLOWS
Remote Cloud
employees systems
Customers
Offsite
Head
store, e.g.
Office
DR site
Sub-
Suppliers
contractors
Supervisory
authorities
INFORMATION GOVERNANCE (IG)
IG
framework
User guides,
templates etc.
SUPPLY CHAIN ASSURANCE
SUPPLY CHAIN CYBER ASSURANCE STANDARDS
Standard Controls
• ISO 27001 – Information Security Management System 27001 114
Enhanced New
Pre-contract In-life
• Review the sourcing strategy • Increase supplier conversations
• Contracts with cyber sec KPIs • Performance monitor against KPIs
• Only use certified suppliers • Do SLAs meet RTOs?
• Online supplier performance • Conduct audits
research • Heat maps
• Use questionnaires effectively. • Operate a Plan-Do-Check-Act
framework.
THANK YOU
ANY QUESTIONS?
Tim Pinnell Hinesh Mehta Dom Owen
tim.pinnell@nqa.com hinesh.mehta@wmcrc.co.uk dom.owen@tunedtorisk.co.uk
nqa.com www.wmcrc.co.uk tunedtorisk.co.uk
Warwick House | Houghton Hall Park | Houghton Regis | Dunstable | LU5 5ZX | United Kingdom
0800 052 2424 | info@nqa.com | www.nqa.com
OUR
PURPOSE
IS TO HELP CUSTOMERS
DELIVER PRODUCTS THE
WORLD CAN
TRUST LONDON
BOSTON
SHANGHAI
NQA specialises in
certification in high
AMERICA’S NO.1 TOP 3 IN THE UK CHINA’S NO.1
Certification body in ISO 9001, ISO 14001, Certification body in
technology and Aerospace sector ISO 45001, ISO 27001 Automotive sector
engineering sectors.
GLOBAL NO.1 GLOBAL NO.3 UK’S NO.2
Certification body in Certification body in Certification body in
telecommunications and Aerospace sector Aerospace sector
Automotive sector
CERTIFICATION AND TRAINING SERVICES
Virtual
Learning
MEDICAL BUSINESS AEROSPACE INTEGRATED
DEVICES CONTINUITY MANAGEMENT
e-Learning /
Live Webinars • e-Learning Introduction
• 1 day Introduction Courses
• 2 day Implementation Courses
In-house • 2 day Internal Auditor – NQA or IRCA
Training • 5 day Lead Auditor – NQA or IRCA
• Advanced Training
Public Training
Nationwide
Locations