Скачать или смотреть ISO 27001:2022 A5-21 - Managing information security in the ICT supply chain

Remember the SolarWinds attack? Or the Log4j vulnerability that sent the entire internet into a panic? These weren't attacks on individual companies; they were attacks on the ICT supply chain. The very software and hardware you buy and trust was compromised before it even got to you.

Welcome back to the channel where we decode the complexities of ISO 27001! Today, we are tackling one of the most critical and technically demanding controls in the standard: A.5.21 - Managing information security in the ICT supply chain.

We’ve already talked about managing supplier relationships (A.5.19) and their contracts (A.5.20). This control goes deeper. This is about the integrity of the technology itself—the code, the chips, the cloud services—that form the foundation of your entire operation.

If your business runs on software, hardware, or cloud services from third parties, you are part of the ICT supply chain, and you are a target.

🎬 IN THIS VIDEO, WE WILL EXPLORE:

What Makes A.5.21 Different? We'll clearly explain how this control goes beyond general supplier management and focuses specifically on the risks of Information and Communication Technology (ICT) products and services.

Your 4-Point Defense Plan: We'll give you a practical framework for complying with A.5.21:
Vet the Vendor's Process: How to assess if your software vendor has a Secure Software Development Lifecycle (SSDLC).
Verify the Product's Integrity: Simple steps to ensure the hardware or software you receive is genuine and hasn't been tampered with.
Know What's Inside: We'll introduce you to the Software Bill of Materials (SBOM) and why it's becoming a game-changer for security.
Plan for the Inevitable: How to prepare for and respond to a vulnerability discovered in a supplier's product.
Questions to Ask Your ICT Suppliers: We’ll provide a powerful list of questions to send to your critical tech vendors to gauge their security maturity.

What an Auditor Looks For: Get ready for your audit! We'll show you the policies, procedures, and records you need to have in place to prove you're managing this risk effectively.

👇 Let me know in the COMMENTS: What part of your ICT supply chain worries you the most? Is it a cloud service, a specific software application, or something else?

If this video helps you secure your tech stack, please OBLITERATE that LIKE button and SUBSCRIBE for more essential ISO 27001 guidance!

#ISO27001 #ICTSupplyChain #CyberSecurity #SBOM #Log4j #SolarWinds #InformationSecurity #Compliance #A521

Navigating the complexities of the modern ICT supply chain is a significant challenge for any organization. If you need expert help to assess your risks, implement robust controls, and ensure your technology foundation is secure, our team is ready to partner with you. We help you trust, but verify.

We are Consultants Like Us.