Deneen DeFiore, United Airlines, Vice President & Chief Information Security Officer
- All vendors should be categorized
based on the services they provide
and their criticality to the company,
and then assessed on their ability
to fulfill operational and security
requirements based on frameworks
and regulatory standards relevant to
the services they provide. - Dynamic supply chain risk
management requires combining
evaluation of risks, practices,
and resiliency with continuous
monitoring of risk-triggering
changes to suppliers and real-time
threat intelligence.
“We’re using continuous monitoring to develop the program from one based on the kind of assessment everybody’s doing to a more dynamic risk management
process.”
Airlines depend on third-party suppliers and service providers, everybody from caterers to airport infrastructure operators. “You can’t exist in the aviation world without third parties to help operate your business,” says Deneen DeFiore, vice president and chief information security officer at United Airlines. “So, managing that risk and cyber resiliency across that ecosystem is critical.” She adds that
it’s not just about protecting data. It is also about safety assurance, which is paramount in the airline industry.
And safety is no small task. Major airlines operate with thousands of third parties, and every one of them must be classified and evaluated. For a new vendor, it all begins as part of a procurement process that includes questionnaires for evaluating both general business risk and cyber risk. A key part of this process is categorizing vendors by the type of work they do, how critical they are to business operations, whether they are sole-source vendors, and what the impact would be if they were hit by a disabling cyberevent. This evaluation becomes the basis for identifying which vendors are most important to the business. “With those top vendors, you spend more time and energy developing a closer relationship,” DeFiore says.
This is an excerpt from 7 Experts on Evaluating and Managing Supply Chain Risk. This eBook was generously sponsored by BlueVoyant.