The organization's own role in the supply chain is defined and communicated to the necessary partners.
We define in advance the types of suppliers with whom cooperation requires access to confidential information or their processing areas, and through this e.g. demands data processing contracts. Such supplier types can be, for example, IT services, logistics, financial management and IT infrastructure components.
The organization has defined the certifications or standards required of key partners. Commonly recognized standards related to cyber security include:
Certifications required from partners can make organization's own partner management more efficient and provide good evidence of a particular level of security or privacy of the partner.
Minimum security requirements have been set for partner companies handling our confidential information and these have been included in supplier agreements. Requirements vary depending on how critical information the partner handles.
It makes sense for requirements to consist of rules and practices that are followed in your own organization. You can divide the requirement levels into low, medium and high risk suppliers.