Two major retailers that suffered a major data breach affecting millions of customers – and their bottom lines – have one thing in common: both got hacked through their vendors.

Home Depot’s security system was breached by a hacker that stole credit card details and emails for over 56 million customers. The hacker gained access by using password information belonging to a Home Depot vendor. Target had credit card and personal data belonging to more than 70 million customers stolen after a hacker used the company’s heating and cooling vendor to access Target’s system.

A recent case study by compliance program provider The Red Flag Group in Compliance Insider laid out a six-step process to help companies manage supply chain risk:

1. Collect data on suppliers. Review and assess each vendor as to performance and business necessity.
2. Validate your data. Check records and references provided by vendors and interview their staff. Review each vendor’s processes for protecting client data, then assign a risk score based on the data you collected on each vendor.
3. Rank the risk. Take the knowledge you have gathered and compare the risks against industry data, then rank each vendor as to risk accordingly.
4. Apply risk management controls. Implement internal and external risk management procedures and policies to ensure ongoing compliance.
5. Manage the relationship. Create training programs for vendors based on your own compliance program and monitor your transactions with each vendor.
6. Continuous reporting and monitoring. Document all the information you have obtained in a dedicated “virtual data room” for all suppliers. Build continuous monitoring, review and reporting into your compliance process.

We can help you keep your company in compliance through effective risk management. Contact a Family Business Lawyer™ to schedule your comprehensive LIFT™ (legal, insurance, financial and tax) Foundation Audit.