How to Ensure Security When Adopting New Technology
How are new technology or tools and applications introduced to your organization? If your employees are purchasing technology from a supplier without it being properly vetted by IT or security, your business could be exposed to major compliance and regulatory issues.
Procurement is the gate
As a procurement leader, you are the gatekeeper between the business unit defining a need and sourcing a product or tool to fulfill that need. It’s critical to get IT involved from the get-go.
“Procurement holds the purse strings,” says Aaron Oyler, Chief Product Officer of Graphite Connect. “And the best way to get the business to do something is to say you’ll hold up the money until these steps are followed. We won’t sign the contract until you’ve checked all the boxes.”
That’s why it’s important to have a workflow for bringing on new technology.
Develop a workflow for onboarding new technology
Start by creating a procurement workflow that is unique to your organization’s business needs. Be sure to include all the pieces that require reviews, including the technology, architecture, project plan, and third-party management.
Download this sample workflow to help you collaborate more effectively with your IT and security teams.
Use these basic steps as guidelines to help you when onboarding new technology:
- Define a business need: The process starts with the business unit defining a need and then working with procurement once a product has been selected to help solve the problem.
- Schedule a technology review: Next up, the Chief Information Officer (CIO), IT, application, and security teams will review the product to determine if it meets your organization’s security and technical requirements.
- Proceed with approval: If the product doesn’t meet these requirements, it goes back to the business unit and procurement team, who work with the supplier to meet the criteria or choose a different product. On the other hand, if the security requirements are met, it goes into the contracting phase and a more rigorous technology review. From there, the IT team assesses to determine whether they have the resources to implement the solution. Once approved, a project manager is assigned.
Approve with contingencies
Sometimes, a product may be approved with contingencies. For example, a supplier may say, “We don’t support multi-factor authentication (MFA) now, but it’ll be ready in two to four weeks with the next version.” With that caveat in place, your security team may choose to move forward.
The point of having this type of workflow in place isn’t to harm your business or slow it down. But there’s no reason to adopt a technology if you’re going to have to rip out later due to regulatory requirements.
Ready to Learn More?
Read the full Ebook to learn how to truly bake security into your procurement process.Read the Ebook