Zero Trust Security in Procurement
I recently came across an article named Zero Trust Security and it’s related to Cyber Security framework. This framework assumes that all network traffic is potentially malicious and that no user or device can be trusted without verification.
I’m not going to say anything about Zero Trust Security from a Cybersecurity perspective as it’s not my domain. But taking up the concept of Zero Trust Security, I’m trying to write my views about the importance of the Zero Trust concept in Procurement.
What’s zero trust security in the IT field? Nowadays in any large corporates, you may see that there are many site controlling tools like Zscaler, Palo Alto, Crowd strike, etc. imparted in their environment, does it mean that companies don’t trust employees?
No, it’s not distrust of employees! But the company authorities or IT/Infosec team is aware that while the employee needs to visit various websites to gather some information to fulfill their duties, where they may visit few unknown websites from where there are chances of getting malicious attacks on user’s PC and ultimately company environment which may ruin entire network. To avoid damage to the entire network, such kind of tools are imparted in the network environment to prevent employees from reaching such suspicious sites.
Similarly in Procurement, during discussions between Supplier and Buyer, suppliers agree on many more terms to grab the order but when the time comes to execute PO or an agreement, it’s found that many of the suppliers don’t agree to include few of the terms agreed verbally.
领英推荐
It’s necessary to document every term discussed between the buyer and the seller. That term may be related to the pricing of the product, the scope of work, specifications of products, Transport arrangement, insurance part, Payment Terms, delivery timeline, penalties in case of delay of delivery or execution of a project, etc.
It’s not that the buyer is not having trust in the seller, but the fact is that the seller may not get involved in the delivery or execution of services, and verbally agreed information may not have passed to the delivery team or execution team. Similarly, buyers may not get involved in receiving delivery or getting services directly from supplier organizations. Also deviating in agreed terms may impact largely to both parties. Hence execution and receiving teams should have written information available to them on what’s agreed between both parties.
So, in a nutshell, documentation of each term in the PO or Agreement is essential to have proper accountability.
However, I’m not sure why, but many supplier organizations though agree to many of the terms verbally to grab the order, take an objection to include few terms in the PO or Agreement that are particularly related to indemnity, agreed payment terms, Penalties or Limitations of Liability, etc. This trend is there for small fabrication kinds of organizations to large OEMs.
I believe there should be fairness in the deal and hence there should be Zero Trust Security built into PO and Agreement.
Category.Manager Procurement@Bunnys Ltd. X-Master Group/X-Interwood/X-Schazoo Pharma's.
1 年very informative.
CEO & DIRECTOR at AMAZURE TECHNOLOGIES PVT LTD
1 年Great highly appreciated thinking differently, first time I have come across any procurement leadership taking intrest in leveraging cyber security technology concept .