Cyber Supply Chain Risk Management

Loricca’s Cyber Supply Chain Risk Management Strategy

Surveys by the Office of Civil Rights show 73% of healthcare organizations are not confident in their Business Associates’ ability to handle sensitive information.

Managing cyber supply chain risks requires ensuring the integrity, security, quality and resilience of the supply chain and its products and services.  When considering third parties, ask these questions:

• What is the data processing environments used by a third party?
• What type of cloud environment, if one is used by a third party?
• What are the mechanisms used by a third party to access your data?
• How is the data stored by a third party?
• Can they produce evidence to demonstrate their Security Program?
• Does the third party use subcontractors, and if so, are there controls in place to oversee their activity?

Our Cyber Supply Chain Risk Management services cover the entire life cycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction) as supply chain threats and vulnerabilities may compromise a product or service at any stage.

PROACTIVELY MANAGE YOUR SUPPLY CHAIN

CYBER SUPPLY CHAIN RISK MANAGEMENT STRATEGY

Loricca’s strategy involves identifying and assessing risks, determining appropriate mitigating actions, developing a C-SCRM Plan to document selected policies and mitigating actions, and monitoring performance against that Plan. Because cyber supply chains differ across and organizations, the C-SCRM Plan should be tailored to individual organizational need.  We will prepare your team, provide tools, and identify high risk areas to be addressed.

Our program includes:

• Cybersecurity Supply Chain Risk Management  (C-SCRM) Policy
• C-SCRM Plan
• BAA template review
• Supplier Management Process Review
• Management Consulting to review and advise
• Acquisition and Purchasing process review
• Risk Management templates and questionnaires