Average Maturity
Vendor Supply Chain Security A Maturity Model By MicroSolved, Inc.
www.microsolved.com www.stateofsecurity.com Copyright 2016, all rights reserved
Purpose •
Define an example maturity model for organizations to assess against
•
Create a modern definition of a supply chain security model that leverages Atticus™ Passive Assessment technology
•
Demonstrate an easy way to organize and build a supply chain security capability by working through the maturity model as a road map
Supply Chain Security Maturity Model Advanced Maturity: Well documented processes and procedures throughout, Individual controls assigned to each tier, Third-party oversight of the program, Atticus is the fulcrum for determining where to apply additional resources to manage risk High Maturity: Highly defined vendor tiers, Control matrix is well defined & controls are managed & enforced across all tiers, Atticus provides passive assessments in an ongoing manner to manage risk changes over time on appropriate tiers Average Maturity: Vendor tiers loosely implemented, Vendor list is complete, Control matrix is defined but not completely implemented, Atticus is used yearly for snapshots but not leveraged for ongoing intelligence, Some processes remain ad-hoc, Defined owner Low Maturity: Processes largely non-existent or completely ad-hoc, Vendor list is not complete, Few technical controls defined, Manual processes, Lack of defined responsibility, No use of Atticus for passive assessment intelligence to guide the process
More Information •
For more information, as well as suggested processes for vendor discovery, building the tiers and control matrix development - please check out: •
•
http://stateofsecurity.com/?p=3900
You can also contact us via Twitter at: •
http://twitter.com/microsolved
•
Or via phone: (614) 351-1237
•
We look forward to assisting you with your supply chain security needs!
www.microsolved.com www.stateofsecurity.com Copyright 2016, all rights reserved
Purpose •
Define an example maturity model for organizations to assess against
•
Create a modern definition of a supply chain security model that leverages Atticus™ Passive Assessment technology
•
Demonstrate an easy way to organize and build a supply chain security capability by working through the maturity model as a road map
Supply Chain Security Maturity Model Advanced Maturity: Well documented processes and procedures throughout, Individual controls assigned to each tier, Third-party oversight of the program, Atticus is the fulcrum for determining where to apply additional resources to manage risk High Maturity: Highly defined vendor tiers, Control matrix is well defined & controls are managed & enforced across all tiers, Atticus provides passive assessments in an ongoing manner to manage risk changes over time on appropriate tiers Average Maturity: Vendor tiers loosely implemented, Vendor list is complete, Control matrix is defined but not completely implemented, Atticus is used yearly for snapshots but not leveraged for ongoing intelligence, Some processes remain ad-hoc, Defined owner Low Maturity: Processes largely non-existent or completely ad-hoc, Vendor list is not complete, Few technical controls defined, Manual processes, Lack of defined responsibility, No use of Atticus for passive assessment intelligence to guide the process
More Information •
For more information, as well as suggested processes for vendor discovery, building the tiers and control matrix development - please check out: •
•
http://stateofsecurity.com/?p=3900
You can also contact us via Twitter at: •
http://twitter.com/microsolved
•
Or via phone: (614) 351-1237
•
We look forward to assisting you with your supply chain security needs!
