Use Case Description

Manage the risks associated with suppliers and service providers to ensure that they do not pose a threat to the organization. This includes documenting risks, linking them to suppliers, and implementing controls to mitigate these risks.

Example Scenario

Consider a scenario where an organization identifies a high risk of a ransomware attack due to insufficient network security measures and employee unawareness from a supplier. This risk is documented as RISK-000041. The supplier is linked to the risk data card, enabling the organization to monitor and manage this risk effectively.

Workflow

1. Identify Suppliers: Document all suppliers and service providers on the organization template.
2. Create Risk Data Cards: Users can create new risk data cards directly from the organization template. The organizations are shown in the “Vulnerable service providers and suppliers” field on the risk template.
   1. Example: RISK-000041: High risk of a ransomware attack due to insufficient network security measures and employee unawareness.
3. Assess Supplier Risks: Evaluate the risks associated with the supplier.
4. Implement Controls: Apply controls to mitigate supplier-related risks.
5. Monitor Performance: Regularly review supplier performance and risk levels, ensuring continuous monitoring and management of the risk.

Results

• Effective management of supplier-related risks, ensuring critical suppliers are monitored and managed.

Benefits

• Reduces the risk of supply chain disruptions.
• Ensures suppliers adhere to the organization's security standards.