ISF Podcast S33 Ep2: Neil Coole - Building Trust and Transparency in your Supply Chain
Mar 18, 2025
28:19
Today, Steve sits down with supply chain expert Neil Coole, who currently serves as Enterprise Partnership Director at BSI. He emphasizes the need to know your organization’s supply chain story in order to stay secure and protect your brand. He and Steve talk about how regulation can go beyond a checklist and add value for companies.
Key Takeaways:
1 The covid-19 pandemic and recent conflicts have highlighted the vulnerability of today’s supply chains.
2 Standards exist as frameworks to help companies live up to responsibilities set upon them by law or consumers.
3 A harmonized assessment framework can help industries secure their supply chains and save organizations time and money.
Tune in to hear more about:
1 How standards are created and what their purpose is (8:57)
2 Protecting critical infrastructure in the US (14:09)
3 The Supplier Compliance Audit Network, a community of US-based retailers and brand owners who’s created a harmonized assessment framework for its industry (23:23)
Standout Quotes:
1 “The expectation now is on more trust, transparency and also traceability, especially things like tech-enabled traceability. What kind of tech-enabled traceability solutions is that client using to determine where the goods are coming from? What route are they taking? Who's opening up the cargo containers and possibly adulterating goods, stealing in transit, all those other things – that's a real concern today for these organizations who are moving hundreds of thousands of freight containers on an annual basis. It's a real risk that they have to live with. The solutions are there. It's just helping those organizations understand the role that standards, shall we say – a standard is a best-practice framework – can play in helping to reduce, or, in some cases, even mitigate some of those risks.” - Neil Coole
2 “There's opportunities for improvement everywhere, but from a maturity standpoint, we do view parts of the critical infrastructure sectors like energy and finance to be on the more mature end. And then there's a few in the middle that are learning some important lessons. And then there's those who are actively being targeted we read about all the time. They are the ones that I feel would benefit more from some of the guidance and support and information that's available for them to be less of an attractive target.” Neil Coole
3 “So, if you're a single supplier working for the top 10 biggest brands, the top 10 are sending out some form of assessment of you. You're getting that 300-page assessment document, not just from one supplier, you're getting it from all the suppliers. But if those suppliers become part of the same community and they agree to accept a single assessment outcome, no matter who has instigated it, everyone benefits. The supplier benefits – minimizes their disruption, they get to work with more brands in an open and trusted environment – and it just saves that complete disruption and unnecessary costs of delivering an assessment by multiple brands.” - Neil Coole
Mentioned in this episode:
• Dear Infosec
Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter
From the Information Security Forum, the leading authority on cyber, information security, and risk management.
Key Takeaways:
1 The covid-19 pandemic and recent conflicts have highlighted the vulnerability of today’s supply chains.
2 Standards exist as frameworks to help companies live up to responsibilities set upon them by law or consumers.
3 A harmonized assessment framework can help industries secure their supply chains and save organizations time and money.
Tune in to hear more about:
1 How standards are created and what their purpose is (8:57)
2 Protecting critical infrastructure in the US (14:09)
3 The Supplier Compliance Audit Network, a community of US-based retailers and brand owners who’s created a harmonized assessment framework for its industry (23:23)
Standout Quotes:
1 “The expectation now is on more trust, transparency and also traceability, especially things like tech-enabled traceability. What kind of tech-enabled traceability solutions is that client using to determine where the goods are coming from? What route are they taking? Who's opening up the cargo containers and possibly adulterating goods, stealing in transit, all those other things – that's a real concern today for these organizations who are moving hundreds of thousands of freight containers on an annual basis. It's a real risk that they have to live with. The solutions are there. It's just helping those organizations understand the role that standards, shall we say – a standard is a best-practice framework – can play in helping to reduce, or, in some cases, even mitigate some of those risks.” - Neil Coole
2 “There's opportunities for improvement everywhere, but from a maturity standpoint, we do view parts of the critical infrastructure sectors like energy and finance to be on the more mature end. And then there's a few in the middle that are learning some important lessons. And then there's those who are actively being targeted we read about all the time. They are the ones that I feel would benefit more from some of the guidance and support and information that's available for them to be less of an attractive target.” Neil Coole
3 “So, if you're a single supplier working for the top 10 biggest brands, the top 10 are sending out some form of assessment of you. You're getting that 300-page assessment document, not just from one supplier, you're getting it from all the suppliers. But if those suppliers become part of the same community and they agree to accept a single assessment outcome, no matter who has instigated it, everyone benefits. The supplier benefits – minimizes their disruption, they get to work with more brands in an open and trusted environment – and it just saves that complete disruption and unnecessary costs of delivering an assessment by multiple brands.” - Neil Coole
Mentioned in this episode:
• Dear Infosec
Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter
From the Information Security Forum, the leading authority on cyber, information security, and risk management.