Cyber Security Requirements for Suppliers - Are You Ready for What's Coming?

At Castellan Information Security Services, we see a considerable increase in cyber attacks on supply chains and inevitably an increased number of inquiries for information security services from companies that are part of this highly integrated landscape. Suppliers at all levels must now meet new requirements to implement modern cyber security programs to protect their systems and infrastructure from crippling cyber attacks and maintain a continuity of operation for their most critical services.

In addition to the direct need to protect their data, we identify two other key drivers behind these evolving requirements:

1) New Government Security Requirements for Suppliers
In some sectors, (such as the defense and aerospace industry) the Canadian Federal Government has been communicating with its supply chain that new information / cyber security requirements are coming in 2025 for all parties in the supply chain if they want to continue to provide products and services. These requirements are significant and could require organizations at all levels to implement a variety of measures to become certified, requiring a modern and comprehensive internal cyber security program be in place and fully operational.

2) Requirements from Tier 1 Suppliers
The second primary driver is Tier 1 suppliers who are also implementing new requirements for their downstream supplier chain partners to build more robust levels of protection to align with their own cyber insurance policies and as part of a modern risk management approach to business. Some of the requirements that tier 2 and tier 3 suppliers are now starting to see to keep existing contracts or participate in new business opportunities are:

a. The need to qualify for and purchase cyber security insurance coverage.
b. Threat risk assessments on 3rd party relationships.
c. Enhanced security governance (policies and procedures) requirements.
d. Changes to existing IT systems' security configuration.
e. Initiating vulnerability management programs.
f. Implementing and upgrading business continuity plans and disaster recovery plans.
g. Conducting regular penetration testing.
h. Upgrading hardware and improving user access security.

For more information about how Castellan Information Security Services can help your organization implement a modern cyber security program or to learn more about all of our information security services please do not hesitate to contact us.

View More