Supplier Security Framework

The client for this engagement is currently in the ASX top twenty with global operations and a complex supplier network.


One of the key strategy items of the client’s head of security was to gain stricter control of their supplier relationships. Until that point there was a strong focus on a limited number of high risk suppliers and the only assurance carried out was following an incident or a near miss.

Our role

elevenM delivered a review of the existing supplier management procedures and reported back to the client on areas for potential uplift. This then led to the development of a NIST based holistic yet practical supplier management framework

What we did

elevenM carried out the following activities:

  • A current state review against good practice
  • Development of a roadmap to lift the maturity
  • Development of corporate policies relating to vendor management
  • Development of a supplier risk tiering model
  • Development of a set of NIST based supplier assessments aligned to the policies
  • Development of supplier risk reporting