All around the world, we are more connected than ever. People and companies are coming up with newer, more efficient, and more innovative ways to process, share, and distribute information. As systems become more important, requirements for availability, integrity, and confidentiality are increasing at the procurement stage. Cybercom equips its customers to manage these risks.
It’s difficult to impose security requirements in IT procurements. But if you succeed, you gain significantly more quality aspects than security, whether you’re a customer or supplier. There are many reasons to prioritize the security aspect of IT procurements, and that’s why we created The Procurement Check.
The Procurement Check is meant to serve as a flexible, useful support tool in all types of IT procurements to ensure that critical security issues don’t fall through the cracks.
It’s also more cost effective to invest in IT security at the procurement phase than it is to implement it on a system that’s already operational. The following graph illustrates how much security you get per invested SEK, depending on which phase of the IT life cycle that you choose to invest in security.
The requirements and checkpoints in The Procurement Check are condensed versions of well-known regulations, such as the ISO27000 series (SIS), Procurement Language for SCADA Systems (US Department of Homeland Security), and Critical Security Controls (SANS Institute). The requirements have been revised, prioritized, and reworded so they can be used easily and effectively in procurement situations.
To ensure that The Procurement Check always contains current regulations and in order to include user experiences with The Procurement Check, we will update it twice a year.
All procurements are different, but there are still a number of common denominators. We designed The Procurement Check in such a way that you will be able to customize it to your specific security requirements, at the same time as it prepares you for general security requirements. You can also decide which requirements are important to you, which ones are less important, and how you want the tenderer to meet your requirements.
The idea is for the check to be both simple and practical to use, so we decided to do the entire guide in Excel. That way, you can work with the checklists and use it as a procurement document if you so wish.
The guide is divided into sections that deal with various security aspects of the proposed solution.
Each section has a number of requirements and checkpoints, and a recommendation for when these requirements and checkpoints must be fulfilled. Each requirement and checkpoint also has columns in which you can specify the priority of the requirement or checkpoint, and columns in which the tenderer can respond to your requirements and checkpoints.
You can easily download your own version of The Procurement Check completely free – as many times as you want. Just click “Download” and select where on your computer you want to save the document.