It is therefore critical that good practice (and in many cases, compliance) is observed when it comes to cyber and information security. If this is not the case, your own organisation will be exposed to risk … as will the party who you are transacting with and indeed, others up and down the supply chain.
An essential element of deploying eprocurement is robust cyber and information security within your organisation. You should also remember that your suppliers may or may not adopt different practices and attitudes to this area and should be vetted as part of the due diligence process, as should customers entering into an electronic purchasing arrangement with you.
It is your responsibility as a customer or supplier to ensure that you deploy good levels of security in terms of technical safeguards, procedures and practice and employee behaviour.
You should also establish at the earliest possible point in your entry into a supply chain, the existence, nature and level of security required (if any), and agree or negotiate according to your own requirements and standards, and those of your partners in the chain. Large partners are more likely to have rigid stipulations, but these may vary according to the size and nature of your organisation and its role in the chain.
You may be able to achieve an acceptable standard – and assess that of your partners in the supply chain -.internally or with the aid of an external consultant. The advice provided on this site is intended to help you determine the areas to be scrutinised and provides information and advice specific to those areas.