SUPPLY CHAIN SECURITY RISK CHECKLIST Created by ChecklistGuro (https://checklistguro.com) --- PHYSICAL SECURITY ASSESSMENTS --- [ ] Warehouse/Facility Location [ ] Perimeter Security (Fencing, Walls) (Adequate & Maintained, Needs Improvement, Not Present) [ ] Number of Security Cameras [ ] Last Perimeter Security Inspection Date [ ] Description of Access Control System (Card Readers, Biometrics) [ ] Visitor Management Protocol (Formal System in Place, Informal Process, No Defined Process) [ ] Site Security Layout Diagram --- CYBERSECURITY RISK MANAGEMENT --- [ ] Last Penetration Test Score [ ] Current Security Framework (e.g., NIST, ISO 27001) (NIST CSF, ISO 27001, Other) [ ] Summary of Recent Cybersecurity Incidents [ ] Security Controls Implemented (Select all that apply) (Firewalls, Intrusion Detection/Prevention Systems, Endpoint Detection and Response (EDR), Multi-Factor Authentication (MFA), Data Encryption (at rest and in transit), Vulnerability Scanning) [ ] Date of Last Security Awareness Training [ ] Upload Latest Vulnerability Scan Report --- SUPPLIER RISK PROFILING --- [ ] Supplier Risk Score (1-10) [ ] Geographic Region of Supplier (North America, Europe, Asia, South America, Africa, Oceania) [ ] Criticality to Supply Chain (High, Medium, Low) [ ] Supplier's Security Certification(s) (e.g., ISO 27001, SOC 2) [ ] Last Risk Assessment Date [ ] Supplier Tier (e.g., Tier 1, Tier 1.5, Tier 2) (Tier 1, Tier 1.5, Tier 2, Tier 2+) [ ] Supplier Security Questionnaire --- CONTRACTUAL SECURITY REQUIREMENTS --- [ ] Security Breach Notification Timeline Defined? (Yes, defined in contract, No, not defined, Needs Clarification) [ ] Penalties for Security Breaches (Value) [ ] Description of Security Audit Rights Granted to Company [ ] Data Encryption Requirements Specified? (Yes, specified, No, not specified, Needs Clarification) [ ] Attach Contractual Security Addendum (if applicable) [ ] Last Contract Review Date [ ] Specific Security Standards Referenced in Contract (e.g., ISO 27001, SOC 2) (ISO 27001, SOC 2, NIST Cybersecurity Framework, Other (Specify in Long Text)) --- TRANSPORTATION SECURITY --- [ ] Mode of Transportation (Truck, Rail, Sea, Air) [ ] Average Shipment Value (USD) [ ] Security Measures Implemented (Select All That Apply) (GPS Tracking, Tamper-Evident Seals, Security Escorts, Cargo Insurance, Route Optimization) [ ] Primary Transportation Hub Location [ ] Last Security Audit Date [ ] Transportation Security Plan Document [ ] Carrier Security Rating (Excellent, Good, Fair, Poor) --- INCIDENT RESPONSE PLANNING --- [ ] Describe the incident response team composition and roles. [ ] Estimated time to activate the Incident Response Plan (in minutes). [ ] Primary communication method for incident notification (e.g., Email, Phone, SMS) (Email, Phone, SMS, Dedicated Platform) [ ] Date of last Incident Response Plan test/simulation [ ] Outline steps for identifying and classifying security incidents. [ ] Potential incident types covered by this plan (Select all that apply) (Malware Infection, Data Breach, Supply Chain Disruption, Cyberattack (e.g., Ransomware), Natural Disaster, Theft/Loss of Equipment) [ ] Describe the process for containing and eradicating incidents. [ ] Target Recovery Time Objective (RTO) - In hours. --- BUSINESS CONTINUITY & DISASTER RECOVERY --- [ ] Estimated Downtime Tolerance (Hours) [ ] Last Disaster Recovery Test Date [ ] Summary of Recovery Procedures [ ] Critical Systems Covered by DR Plan (ERP System, Warehouse Management System, Order Management System, Transportation Management System, Customer Relationship Management (CRM)) [ ] Backup Location Type (Cold Site, Warm Site, Hot Site, Cloud-Based Backup) [ ] DR Plan Documentation [ ] Next DR Plan Review Date --- COMPLIANCE & REGULATORY CHECKS --- [ ] Relevant Regulations (e.g., GDPR, C-TPAT) (GDPR, C-TPAT, ISO 27001, SOC 2, Other (Specify)) [ ] Last Compliance Audit Date [ ] Audit Score (if applicable) [ ] Summary of Findings from Last Compliance Audit [ ] Third-Party Certification Status (Certified, Pending Certification, Not Applicable) [ ] Compliance Documentation (e.g., Certificates, Audit Reports) --- DATA SECURITY & PRIVACY --- [ ] Data Encryption at Rest? (Yes, No, Partial/Unclear) [ ] Data Encryption in Transit? (Yes, No, Partial/Unclear) [ ] Number of Data Breaches in Past Year? [ ] Details of Data Breaches (if any) [ ] Data Privacy Frameworks Adhered To? (GDPR, CCPA, HIPAA, Other (Specify in LONG_TEXT)) [ ] If 'Other' selected for Data Privacy Frameworks, please specify. [ ] Data Retention Policy in Place? (Yes, No, Partial/Unclear) [ ] Last Data Privacy Impact Assessment Date --- EMPLOYEE SECURITY AWARENESS --- [ ] Have you received security awareness training in the last 12 months? (Yes, No, Not Applicable) [ ] Which security topics have you been trained on? (Phishing Awareness, Password Security, Data Handling, Physical Security, Social Engineering) [ ] How confident are you in identifying a phishing email (1-10, 10 being very confident)? [ ] Describe a recent security incident you were involved in (if any). [ ] Are you aware of the company's reporting procedures for security incidents? (Yes, No, Unsure) [ ] Date of last security awareness training completion. --- END OF TEMPLATE --- Transform this text into a digital, automated, and trackable mobile app! Visit: https://checklistguro.com/templates/scm/supply-chain-security-risk-checklist (Click "Install Template" to launch your digital inspection tool immediately)