A Simple Approach to Supplier Assurance

By: Johan Aikema & Rolf Vreijdenberger

As a large organization, KPN is continuously dealing with suppliers and vendors, and how they impact our security posture. Over the last two years, we’ve developed a new policy and process in which we assure that the security posture of a vendor/suppliers meets or exceeds our needs, while reducing the workload on both the internal organization and vendor/supplier to attest. Of course, this is all carried out in a risk-based manner, making the effort proportional to the risk profile of the service/application. During this session, we’ll share the challenged our organization faced, the ideas we’ve come up with and the next steps.