MM-ISAC Supply Chain Resilience

A Centralized and Simple Approach to Supply Chain Risk Management

The mining sector relies on third parties to deliver products and services across the sector. With the uptick in cybersecurity incidents, mining companies need to assess additional risks a supplier may bring, typically through the dreaded cybersecurity questionnaire. 

A simpler solution now exists.

  • Suppliers: Fill out one form; viewed by many companies
  • Mining companies: Fewer forms make it manageable to assess vendors' forms. MM-ISAC members will be able to rely on the program to assess their potential vendors, alleviating the effect required in-house. It provides a reliable assessment, built by the MM-ISAC member companies.

Addressing Risk Across the Supply Chain

Address the increasing security risk within the mining and metals industry supply chain:

  • cyber security risk rating for vendors
  • identifies risk management capabilities
  • assessment of governance and technical capabilities, risk and safety culture

The result is a cybersecurity readiness rating that identifies high-level security and privacy facts that provide protection and threat risk assurance, which organizations can leverage during the vendor screening and selection process.

Suppliers fill out one questionnaire for potential business with multiple companies.

How it Works

Step 1. IDENTIFY SUPPLIER PERSONAS

The questionnaire categorizes suppliers into a pre-determined set of personas based on their demographic details.

Step 2. THREAT MODELLING

Map the supplier’s persona to potential threat vectors from our threat library to identify relevant security domains to assess.

Step 3. SUPPLIER SECURITY ASSESSMENT

Suppliers complete a persona-relevant set of questions to identify security capabilities and maturity.

 
Step 4. ASSIGNMENT OF MATURITY RATING

A risk analyst reviews the findings against industry-leading standards and assigns a readiness rating for the vendor using the Capability Maturity Model.
cyber-security-1024x1021