Supply chain management | Advanced cybersecurity solutions

To learn more about our services, leave your contact information here, and we will get back to you, or call 03-9450630.

Keep your supply chain safe from cyber attacks:

Cybercrime has been on the rise in recent years, with more and more organizations being targeted. Some attackers focus their efforts on the intended target’s supply chain.

For example, during the Target data breach of 2013, cybercriminals could steal 40 million credit and debit records. The attackers exploited the access permissions of the company’s air conditioning supplier to gain access to the sensitive data.

Cyberdefense theory states that organizations are responsible for managing cybercrime risks that originate from their service providers.

This is why it’s so important that organizations protect their supply chain and carefully identify the potential risks of working with specific third parties. The ways to achieve this include defining secure work processes and implementing controls to reduce the risk of cyber attacks.

Israel’s National Cyber Directorate has published a method for managing supply chain security. Supply chain management refers to the lifecycle of your organization’s work with suppliers and service providers.

Good supply chain management starts from mapping and classifying your organizational assets and the suppliers you want to work with. Each supplier must be evaluated periodically and continually using a set of predetermined measurable criteria and measurement guidelines. It is your responsibility to ensure all third-party provider employees who are to work with your organization are well-informed on information security.

Comprehensive risk surveys:

Once we’ve identified key suppliers, we need to assess the risk that working with them carries.

Using a series of questionnaires tailored to your field of business and an on-site inspection of your endpoints and your provider’s servers, we can map all potential threats and give the provider a list of solutions they will have to implement to continue their collaboration with you.

What is the supply chain regulation method?

Israel’s National Cyber Directorate has developed a multi-step approach to raising the resilience of the Israeli economy and making it easier for companies and organizations to tackle these challenges.

What are the benefits of this mechanism?

• It sets clear; uniform standards suppliers must meet.
• It outlines a certification and regulation process for suppliers, including definitions, reviews, and feedback.
• Finding suitable suppliers is easier if you filter out the ones who do not meet the standard.
• The National Cyber Directorate has a registry of certified suppliers.

The standard provides a platform for communicating the requirements and keeping organizations informed about the certification process.

What are the steps of the supply chain regulation process?

• The National Cyber Directorate has published a supplier assurance questionnaire. In its current version (1.3), it contains 98 controls for risk mitigation.
• The answers to the questionnaires depend on the type of relations you have with your supplier. The questionnaire includes requirements that apply throughout the organization and specific requirements for remote access, software development, cloud storage, and website hosting. For each section, there is a field to specify the level of risk the client (the organization/the assessment requester) is exposed to by working with the supplier (material/non-material). Each section also includes a requirement for evidence: a self-assessment or an external audit performed by a certified auditor.

This means every supplier only needs to answer questions that apply to their services.

There are three certification levels, each requiring a different approach:

• Platinum (A): requires a third-party assessment in which a certified auditor fills out the questionnaire on-site for the supplier.
• Gold (B): requires a self-assessment and evidence. The supplier must provide a detailed self-assessment and attach compliance evidence as listed next to each control.
• Silver (C): requires a self-assessment only, without evidence attached.

When do I need a qualified supply chain auditor?

Platinum suppliers defined as material/critical to your organization must contact a certified auditor for their assessment.

The third-party assessment is a two-step process:

Step 1: the supplier reaches out to a supply chain auditor certified by the National Cyber Directorate, and the auditor fills out the assessment questionnaire.

Step 2: the supplier reaches out to the Standards Institute of Israel or the IQC, and they verify the report and send it to the certification committee, which then issues the certificate itself.

Important note: your certificate needs to be validated after one year and renewed after two years.

We provide:

• Supply chain audits conducted by a certified auditor
• Assistance with self-assessments for B and C-grade suppliers
• Consulting to address any compliance gaps identified in the process
• Management of the entire process on your behalf, including conduct with the Cyber Directorate and other bodies.

Hermeticon can help you survey all the tools you use to process data, from software development solutions to cloud platforms. We can identify vulnerabilities in your systems to help you maintain your collaborations and comply with the new guidelines.

In recent years, cyberattacks have become a grave threat to businesses across all industries. To ensure your organization’s stability and reliability, it is essential to be proactive in addressing this threat.

We offer a comprehensive range of services to guarantee that your and your client’s data remain safe and secure throughout your supply chain.