Supply Chain Security Policy

In drafting a supply chain security policy for an organization, several aspects need to be considered in making sure that the strategy which has been developed is effective. First, I have to make sure that the people in the organization and suppliers are aware of the information security policies that are being designed and that will be implemented. The supply chain security policy will be specific to the needs of the organization, the needs of the organization are specific, and the suppliers are required to supply specific products and services. Because of this, I will develop a security policy that will protect the data and other assets of the company from potential attackers. The supply chain security policy also needs to be understandable and readable. In this case, the policy is meant to be used by employees, customers and even the suppliers of the products and services. The policy needs to be readable by all the intended users to make sure that they understand the policies so that they can implement them appropriately. In developing the supply chain security, I will consider the legality, reasonability, and fairness of the policy. The policies need to sound reasonable and follow the set legal framework so that they can be adhered to by all stakeholders. Unreasonable security policy which is unfair might end up being broken by some people making it ineffective in making sure that the organization’s data and assets are guarded against external attackers.

            To develop a supply chain security policy that is effective, I need to involve different stakeholders within the organization and outside the organization. Involving other stakeholders in the creation of the supply chain security will allow for the creation of a policy that is not misconstrued on bias or one that is one-sided, such a policy will not be effective in making sure that the assets and other resources obtained from suppliers are secured (Safa, Solms & Furnell, 2016). Some of the people that I will consult when drafting this policy include; business experts, their views will allow for the incorporation of business expertise which will make sure that the policy developed is feasible. I will also involve a legal team to make sure that the security policy developed meets all the legalities and that it is fair, the Human Resource and management team will help in making sure that the policy developed is readable and that all the people who will be using the policy understand it. I will also consult information technology and security experts; they will help in interpreting the needs of the organization and create an understanding of the products and services that will be supplied by the third-party suppliers.

            In developing this draft, there some factors that I need to consider, for instance, I will consider the people who will be affected by this policy. The policy will apply to all the customers and staff of the organization; it will also affect the suppliers of the security programs in the organization. All those who have been granted access to the information of the organization, need to adhere to the guidelines that are contained in the policy. Because of this, I will develop a clear guideline on how the policy should be used and the definition of sections that will be used by different groups. I will also consider the type of data and assets which are found within the organization; the policy needs to outline the ways that the policy can be applied to the different types of data. Data is classified into different forms; the organization might hold confidential data about its clients, this information needs to be protected and not accessed like other types of data. By following these guidelines in developing the security policy, I will develop a policy that will make sure that authorized individuals only access the organization’s data and assets, this will also guide individuals on the way to use the information technology resources. The guidelines will also help in preventing external attacks on the organization’s information security assets and data.

Part Two:

            The major ethical issues that might arise when dealing with third party vendors include; integrity issues, the third-party supplier might face integrity issues which might not conform to the norms of the organization. The compliance and culture that might have been created by the third-party vendor may not be in line with the compliance standards and culture which has been developed by the organization leading to the arising of the ethical issue (Laudon, & Laudon, 2015). Third-party suppliers might not be honest; when providing services or products to the organization, the vendors might assess the needs and the resources of the company improperly to supply their services and products. These vendors might also fail to meet the set standards on the security policy when providing the products and services to the organization. Because of this, the values and standards of the organizations might be compromised. It might also be challenging to revise and reevaluate the agreements which exist between the organization and the third-party vendors.

References

Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82.

Laudon, K. C., & Laudon, J. P. (2015). Management information systems (Vol. 8). Prentice Hall.