Description
Program Overview:
Most (if not all) organizations around the world, whatever their size or domains of activities, have relationships with suppliers of different kinds that deliver products or services.
Such suppliers can have either a direct or indirect access to the information and information systems of the acquirer, or will provide elements (software, hardware, processes, or human resources) that will be involved in information processing.
Acquirers can also have physical and logical access to the information of the supplier when they control or monitor production and delivery processes of the supplier.
Thus, acquirers and suppliers can cause information security risks to each other.
These risks need to be assessed and treated by both acquirer and supplier organizations through appropriate management of information security and the implementation of relevant controls. In many instances, organizations have adopted ISO/IEC 27001 and ISO/IEC 27002 for the management of their information security.
Such International Standards should also be adopted in managing supplier relationships in order to effectively control the information security risks inherent in those relationships.
In this course, we will explore the requirements set forth by ISO 27036 Part 1: 2021 on how to protect the supply chain information and data security & privacy
Learning Objectives of the Program:
• Describes and understand the motives for establishing supplier relationships
• Know the various types of supplier relationships
• Understand information risk in supply chain
• Understand ICT in supply chain and impact to Data Security & Privacy
Program Structure and Outline
STRUCTURE:
Presentation materials, Video, Case Scenarios, Exercises
OUTLINE:
Overview
• Global Trends in Supply Chain
• Outsourcing: A Blast from the Past
• Third Party Risk Management – emerging trends
• Supplier Engagement Model
Module 1: Problem Definition and Key Concepts
• Motives for establishing supplier relationships
• Types of supplier relationships
• Information security risks in supplier relationships and associated threats
• Managing information security risks in supplier relationships
• ICT supply chain considerations
Module 2: Structure / Framework
• Purpose and structure
• ISO/IEC 27036-1: Overview and concepts
• ISO/IEC 27036-2: Requirements
• ISO/IEC 27036-3: Guidelines for information and communication technology (ICT) supply chain security
• ISO/IEC 27036-4: Guidelines for security of cloud services
Speaker:
Mr. Kama Neson Ganeson
Trainer and Consultant
Schedule:
February 27, 2024 (Monday)
9:00 AM – 5:00 PM
Training Fee:
Member Institution – P 2,800.00
Non-Member Institution – P 3,920.00
**VAT inclusive