Pick up the phone and talk to your suppliers ©Getty Images/iStockphoto
Pick up the phone and talk to your suppliers ©Getty Images/iStockphoto

Build a robust SAQ for supply chain security

A CIPS workshop on supply chain security, with the Security Awareness Special Interest Group and the National Cyber Security Centre, produced these tips on how to create a supplier assurance questionnaire

Conduct due diligence
Know your organisation’s strategy and risk appetite, explain the rules, policies and standards to suppliers, and identify your right to audit.

Categorise your suppliers Identify high, medium and low-risk suppliers, then prioritise and utilise your resources wisely to mitigate the areas of risk, starting with high-risk suppliers.

Tier your questionnaires
Avoid a one-size-fits-all approach, and consider a two- to three-questionnaire structure. Be prepared to adjust or remove questions when inappropriate or unnecessary for medium or small businesses.

Stay connected
Be approachable and prepared to collaborate – it’s in everyone’s interest to help educate your suppliers. Avoid a transactional approach and work in partnership with your suppliers. Pick up the phone or meet face-to-face to sense check information.

Support compliance
Help build your suppliers’ awareness of ISO27001 compliance and highlight the benefits of developing their processes.

To listen to a CIPS Knowledge webinar on how the Salvation Army set up its SAQ go to: bit.ly/SAQWebinar

LATEST
JOBS
Darmstadt-Dieburg, Hessen (DE)
Competitive salary and great benefits. Relocation assistance available.
EUMETSAT
Surrey
GBP45000 - GBP50000 per annum + Benefits
Bramwith Consulting
SEARCH JOBS
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates
GO TO CIPS KNOWLEDGE