Supplier Management Model
Information security is gaining ever more significance. This development is due to the constant increase and widening use of IT – also in areas that had no former IT support or simply did not even exist. As a result, the number of threats to IT is on the rise as well. Some of these have only become possible because of the way we use IT and what we do with it. The business world strongly depends on having reliable IT services.
Today’s IT service provision is characterized by a high degree of division of labor, specialization and standardization. An apparent element of this division of labor is the fact that user organizations draw on the IT services of specialized IT service providers. This process, referred to as “IT outsourcing”, transfers the responsibility for service provision, including security, to the IT service provider. However, there are other elements. Division of labor can be observed in the internal organizations of large-scale, industrialized IT production, but it expands to the whole supply chain, since partners and suppliers are decisively involved in modern IT service provisioning (“industrialization of IT”).
The security management of the IT service provider (producer) and that of the user organization (customer) are interwoven. The same is true for the relation between the IT service provider and its partners and suppliers. Costs, deployment time and flexibility are essential today, making standardization of security a critical success factor. – Existing security standards (norms) do not reflect this situation and do not meet the challenges sufficiently. This is why the Zero Outage Industry Standard association defines its goal as being one that gathers and enhances existing concepts in order that a de-facto industry standard which fills the gaps be created.