Think of Security as a Main Ingredient, Not the Icing
Get Started

Graphite's supplier management tool helps you onboard faster, cut time on risk reviews and streamline supplier validations. Save time and money.

March 22 2023

Think of Procurement Security as a Main Ingredient, Not the Icing

By Trinceton Brown

To help your business stay competitive, employees must work more efficiently than ever. So they’re adopting new tools to help them work faster and smarter. But how do you make sure that the technology and those third-party suppliers they’re bringing on board don’t pose additional risk for your company? You ensure this by making procurement security an intrinsic part of your procurement process. An immature organization will jump into a contract and start buying software before anyone in IT has reviewed the architectural and design specs. On the other hand, a mature company recognizes the importance of designing security throughout the procurement process to ensure visibility and accountability across the supply chain. A mature organization will focus as much on procurement process security as it will on its margins.

Bake procurement security in, don’t slather it on

“People think of security as icing. They build the cake and then realize, ‘Oh yeah, we need that security icing.’ So they put that icing on at the end, and then the threat actor comes along, scrapes off the icing, and there’s the whole cake for them,” says one expert. “You cannot do that. It has to be one of the main ingredients of the cake. Not just the icing.”

When you engage security and IT as an integral part of your procurement process, you help to ensure the products and services you acquire meet your company’s security and technical requirements—and save some major headaches in the future. Here are some guidelines to help you:

Partner Procurement, Security & IT departments from the start


Get procurement, security and IT departments working together involved at the beginning to provide input on technical requirements and help you choose the suppliers and products that best meet those requirements. This will also help you to promptly address any issues that arise. Ideally, you will have a Chief Information Security Officer (CISO) driving the security piece in your procurement process.

Create procurement process security policies


Develop procedures that state the roles and responsibilities of the security and IT teams within the procurement process. In addition, include procurement security guidelines around assessing your third-party suppliers’ security and technical capabilities.

Develop a workflow for onboarding new technology


Create a procurement workflow unique to your organization’s business needs. Include each component that requires reviews, such as the technology, architecture, project plan, and third-party management.

Develop metrics and reassess regularly


Follow-up and continuous monitoring are just as crucial as onboarding when it comes to new technology. The application may have been the perfect fit for your business needs at one time. But things change, and technology has to either evolve or be replaced as requirements change. So establish metrics to measure performance levels and reassess quarterly to ensure your business needs and security requirements are still being met.

Manage suppliers post-implementation


Working with third parties can introduce additional procurement security threats to your business, especially when you’re dealing with suppliers who will have access to sensitive company information or systems. Having clear policies for granting, monitoring, and revoking third-party access is critical. This includes guidelines for managing passwords, access privileges, and data retention. It’s also essential to have a workflow for removing access when you no longer work with a supplier.

    Prove ROI to Senior Leadership

    Most importantly, you have to prove your value to company leaders. And that’s exactly what you’ll do when you can show executive leadership that due to the collaborative efforts of your procurement, IT, and security teams you were able to mitigate risks like data breaches, compliance issues, theft, and more.

    Ready to Learn More?

    Read the full Ebook to learn how to truly bake security into your procurement process.

    Read the Ebook