https://community.isc2.org/t5/Career-Discussions/Supply-Chain-Risk-Assessment/m-p/10817#M968 <P>I am currently engaged in a&nbsp;distant leaning project researching third party or supply chain risk assessment and I would greatly value the input of&nbsp;(ISC)2 members.&nbsp;In my experience, it’s an area where I think a lot of organisations&nbsp;struggle and it is one which is becoming increasingly important. Security of the supply chain features in regulations such as <A title="EU GDPR" href="http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL" target="_blank">EU GDPR</A> and the <A title="EU NIS Directive" href="http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:32016L1148" target="_blank">EU NIS Directive</A> and also sector specific regulations such as New York's&nbsp;<A title="23 NYCRR Part 500" href="https://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf" target="_blank">23 NYCRR Part 500</A>&nbsp;and&nbsp;the UK's Civil Aviation Authority's <A title="CAA CAF-1574" href="http://publicapps.caa.co.uk/docs/33/26%20security%20controls%20for%20regulation_V4.pdf" target="_blank">CAF 1574.</A>&nbsp;Generally regulators are not specific on the methods that should be used. There are multiple risk assessment frameworks that could be used, a selection of online survey tools and of course, the offline questionnaire.&nbsp;</P><P>&nbsp;</P><P>The survey aims to find answers to questions such as: How do differing organisations approach risk assessment? Do organisations tailor assessment requirements to the criticality of the supplier? How frequently do assessments take place?&nbsp;Which is the most effective approach?&nbsp;</P><P class="mentions-texteditor__content">&nbsp;</P><P class="mentions-texteditor__content">The survey will take between 2m to&nbsp;20m depending on the responses. Naturally, all responses will be treated in strict confidence. The respondents and their organisations will remain anonymous and will not be named in the report. I have selected a GDPR compliant survey platform which is hosted in the EU and all data will be destroyed after the report has been written and submitted.&nbsp;</P><P class="mentions-texteditor__content">&nbsp;</P><P class="mentions-texteditor__content">I would be really grateful for your help with the survey as I would like to reflect different geographies and organisations sizes in the results.&nbsp;I can offer a copy of the research report (dissertation) and entry into a prize draw for Amazon vouchers as a ‘thank you’ for your input.</P><P>&nbsp;</P><P><A title="Supply Chain Risk Assessment Survey" href="https://3rdpartyassessment.questionpro.eu" target="_blank">https://3rdpartyassessment.questionpro.eu</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 26 May 2018 14:42:05 GMT Mikeneve 2018-05-26T14:42:05Z https://community.isc2.org/t5/Career-Discussions/Supply-Chain-Risk-Assessment/m-p/10817#M968 <P>I am currently engaged in a&nbsp;distant leaning project researching third party or supply chain risk assessment and I would greatly value the input of&nbsp;(ISC)2 members.&nbsp;In my experience, it’s an area where I think a lot of organisations&nbsp;struggle and it is one which is becoming increasingly important. Security of the supply chain features in regulations such as <A title="EU GDPR" href="http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL" target="_blank">EU GDPR</A> and the <A title="EU NIS Directive" href="http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:32016L1148" target="_blank">EU NIS Directive</A> and also sector specific regulations such as New York's&nbsp;<A title="23 NYCRR Part 500" href="https://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf" target="_blank">23 NYCRR Part 500</A>&nbsp;and&nbsp;the UK's Civil Aviation Authority's <A title="CAA CAF-1574" href="http://publicapps.caa.co.uk/docs/33/26%20security%20controls%20for%20regulation_V4.pdf" target="_blank">CAF 1574.</A>&nbsp;Generally regulators are not specific on the methods that should be used. There are multiple risk assessment frameworks that could be used, a selection of online survey tools and of course, the offline questionnaire.&nbsp;</P><P>&nbsp;</P><P>The survey aims to find answers to questions such as: How do differing organisations approach risk assessment? Do organisations tailor assessment requirements to the criticality of the supplier? How frequently do assessments take place?&nbsp;Which is the most effective approach?&nbsp;</P><P class="mentions-texteditor__content">&nbsp;</P><P class="mentions-texteditor__content">The survey will take between 2m to&nbsp;20m depending on the responses. Naturally, all responses will be treated in strict confidence. The respondents and their organisations will remain anonymous and will not be named in the report. I have selected a GDPR compliant survey platform which is hosted in the EU and all data will be destroyed after the report has been written and submitted.&nbsp;</P><P class="mentions-texteditor__content">&nbsp;</P><P class="mentions-texteditor__content">I would be really grateful for your help with the survey as I would like to reflect different geographies and organisations sizes in the results.&nbsp;I can offer a copy of the research report (dissertation) and entry into a prize draw for Amazon vouchers as a ‘thank you’ for your input.</P><P>&nbsp;</P><P><A title="Supply Chain Risk Assessment Survey" href="https://3rdpartyassessment.questionpro.eu" target="_blank">https://3rdpartyassessment.questionpro.eu</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 26 May 2018 14:42:05 GMT https://community.isc2.org/t5/Career-Discussions/Supply-Chain-Risk-Assessment/m-p/10817#M968 Mikeneve 2018-05-26T14:42:05Z https://community.isc2.org/t5/Career-Discussions/Supply-Chain-Risk-Assessment/m-p/11156#M1008 <P>Thanks for everybody who has responded and a reminder that there is still time to contribute to the survey.</P><P>&nbsp;</P><P>The survey is here: <A title="Survey" href="https://3rdpartyassessment.questionpro.eu" target="_blank">https://3rdpartyassessment.questionpro.eu</A></P><P>&nbsp;</P><P>As promised above, I will provide a copy of the report and there is the associated prize draw as a 'thank you' for your time which should be limited to between 2 - 10 minutes. If you are involved in third-party security risk assessments, I'd welcome your input please.</P><P>&nbsp;</P><P>Michael</P> Sun, 03 Jun 2018 12:57:07 GMT https://community.isc2.org/t5/Career-Discussions/Supply-Chain-Risk-Assessment/m-p/11156#M1008 Mikeneve 2018-06-03T12:57:07Z