For manufacturers,securing data and hardware is only half the battle. You’ve still got quite a bit of valuable information in your shop that you are contractually bound to secure and protect. In a recent conversation with a large aerospace manufacturer’s IT security professional, I was told that a new DFAR (Defense Federal Acquisition Regulation) will be issued and then “flowed down” to smaller suppliers that will require compliance in the cyber-security arena as well as the information you keep as part of the production process.
Here are a few areas that you can and must consider right now:
- What do you do with production process documents that you are saving such as shop routings, inspection documents, purchase orders etc.?
- Do you have these files or other storage areas secured?
- Do you have a document retention program and is it used?
- Is there a list of persons that have access to the storage areas for these stored documents or those in current use?
- Could I be vulnerable to an audit by my customers that might result in loss of business and conversely, would having a secure system in place, enhance my business with these customers?
Another customer requirement I have to worry about? These requirements are in addition to the quality requirements you are probably conforming to now. Whether or not you do work for aerospace, defense or other similar companies, take the time to read the purchase order/quote request documents you receive with the following types of information:
• Blueprints(computer files or printed)
• Process certifications
• Approved vendor lists
• Logistical delivery requirements
In the purchase order or quote request, you will most likely find that you are or will be contractually bound (aka liable) for any leaks or theft of the supplied documents, data and information.
I know most of you are overloaded with compliance issues related to various customer and governmental regulations. However, not securing the “hard” assets you possess, may cripple your ability to grow and receive orders from those customers as well as potential customers. This is something we can help you address. Give our office a call.
No comments:
Post a Comment