Organisations recognise the administration costs involved in maintaining each supplier. Accordingly, they may look to rationalise, so when your next prospect or client asks you to “please demonstrate your commitment to …”
Health and Safety
Modern Slavery and a host of other issues of the day
Answering these questions can be tough. Some are required by law, others are optional. Where do you start? What is your customer expecting? What are the recognised standards you need to achieve?
This is where Certification and Compliance become very important. During my earlier days in business I didn’t have time for such concepts, I just wanted to get the job done and move on. But my experience of running operations in both large corporations and small businesses taught me the importance of standards and that where there are standards there must also be assessment and certification.
Working now in Cyber Security and Data Protection I know that describing cyber security preparedness without reference to a standard can be very difficult. There are many aspects you will need to cover. Do you have a Policy in place? What does it say about Passwords? Are your employees trained to be cyber aware, and to what standard? Are all your workstations running securely? Is your network vulnerable to attack? Is your IT supplier cyber secure? Are your other suppliers secure?
Because the standard has already been developed and accepted, it is much easier to simply state ‘my business is Cyber Essentials certified’. Or even better, ‘my business is Cyber Essentials Plus certified’.
With the growth of Ransomware targeting just about everyone, organisations are not only starting to get their own cyber security controls updated but are expecting all those in their supply chain to operate to the same standards. The most common standard for small and medium size businesses is Cyber Essentials, government approved and supported by the National Cyber Security Centre.
If you are not currently operating at the accepted standard, now is the time to act if you do not want to impact yourself and the supply chain that depends on you by suffering an embarrassing and costly cyber-attack.
Contact Peter Elliot, Cyber Security Specialist at Empiric Partners, who has over many years helped organisations meet the Cyber Essentials standard.