“SMALL BUSINESS ADMINISTRATION”
“The Cybersecurity and Infrastructure Security Agency (CISA) has released, Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks.
Developed by the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force, the handbook provides an overview of the highest supply chain risk categories commonly faced by ICT SMBs, including cyber risks.“
________________________________________________________________________________
“Cisa.Gov”
“The handbook was designed to provide supply chain guidance to SMBs that may have limited finances, share resources on how to enhance the SMB reporting and vetting processes when purchasing ICT, and offer methods and guidance to tackle the most common and highest priority risks faced by SMBs.
Supply chain information and communications technology (ICT) related risks are increasing nationwide. They are potentially more harmful to small and medium-sized businesses (SMBs), especially compared to larger entities.
Data from the U.S. Small Business Administration shows SMB information technology (IT) and communications providers represent more than 160,000 companies in the United States; connect millions of households and businesses to the internet every day; and acquire, build, and integrate technology solutions for themselves and their customers. Implementing supply chain security practices is therefore critical for these ICT entities.
For many, knowing where to start — and how an SMB can take on the financial, personnel, or other resources necessary to implement certain ICT supply chain practices — can seem overwhelming. As a result, the ICT Supply Chain Risk Management (SCRM) Task Force SMB Working Group (WG), was tasked with identifying ICT-related supply chain risks that an IT and communications SMB might encounter with a focus on cyber risks and how those risks might be different than in larger companies(hereinafter referred to as “ICT supply chain risk(s)”).
The WG used a variety of approaches and techniques to gain insight into the highest ICT supply chain risk categories commonly faced by IT and communications SMBs. Part of that process included a focus-group made up of communications SMBs, conversations with various industry groups, government agencies, and subject matter experts.
The WG also received feedback from approximately 100 IT SMBs, 64 percent of whom had 100 or fewer employees. More than a dozen ICT supply chain risk categories were initially identified. Following further scoping and refinement, the following six categories emerged as the highest priority ICT supply chain risk categories for IT and communications SMBs.
1 CYBER EXPERTISE 2 EXECUTIVE COMMITMENT 3 ICT SUPPLY CHAIN RISK MANAGEMENT 4 SINGLE SOURCE SUPPLIER 5 SUPPLIER DISRUPTION 6 SUPPLIER VISIBILITY “
Comments