By sharing the as-is and to-be frameworks of supplier measurement on supply chain security, we hope to help audiences to figure out the key areas and differentiation of supply chain security in various industries. Also help audiences to understand the compliance barriers and implementation costs of such frameworks rollout with business strategy. 

Nowadays the frequent occurrence of cyber-attacks has made enterprises pay more attention to the field of information security and strengthened the protection of enterprises by establishing and implementing comprehensive information security regulations. However, under such circumstances, hackers have gradually shifted their targets to the supply chain and launched flanking attacks through the suppliers, thereby posing a threat to business owners.

In such an environment, how to strengthen the Third Party Risk Management(TPRM) of the supply chain, and even prevent the risk caused by the supply chain in advance will be a test that business owners need to face up to.

Therefore, it is necessary to use a comprehensive information security risk management platform to strengthen the suppliers' various information security aspects. While improving the company's own information security defenses, can also prevent the risk of indirect attacks.

Supply chain has caused many cybersecurity incidents in recent years, but the situation may be more complex than imagined. In addition to information technology departments needing to pay attention to information security when purchasing hardware and software equipment. There may also be cybersecurity issues in human resource, general affairs, and even marketing and customer service units. The introduction of IoT devices, cloud services, and outsourcing of data processing can all potentially cause serious cybersecurity incidents.

Before purchasing any services or products, the owner should have appropriate cybersecurity awareness and regulations to require the supplier to ensure the overall process's cybersecurity protection capabilities. Similarly, the supplier should also have independent requirements to ensure the safety and quality of the products and services provided. From supplier selection, acceptance to long-term maintenance cooperation, all are important procedures for supplier cybersecurity management.

We will analyze the roles and rights and obligations between owners and suppliers from the perspective of cybersecurity. Through actual cases, the respective rights and obligations of owners and suppliers. This will help listeners to better understand how to prevent cybersecurity threats from the supply chain.