Digital transformation in Supply Chain Management, Logistics, and Transportation is undoubtably a key aspect of a modern operating model and strategy. The car shipping industry is no exception. Car shippers, like dealers, auctions, and OEM captives, are increasingly relying on technology and third-party technology partners to improve their operations.
As the need for efficiency and reliance on technology partners increases so does the risk of mismanagement of the car shipper’s data and operation by the third party.
Below are five key questions every car shipper should ask their technology partner to help assess that risk.
- Do you have a security program?
Cyber threats are ever increasing and the need for a robust cyber security program is necessary. Car shippers should look for the adaption of known security frameworks such as ISO 27001 (International Organization for Standardization) or NIST CSF (National Institute of Standards and Technology cyber security framework) to ensure the security plan is well rounded and does not have any gaps. Also, making sure that the technology partner or provider has made investments in security, such as a dedicated security team, is essential.
- How do you measure success of the security program?
Having a security program is essential, but how do you verify it is successful? After all, the third party is handling operations and data on the car shipper’s behalf. While an obvious answer is that there were no security breaches, it is not always that easy. There may have not been a breach, yet. While zero breaches can be a measurement for success, car shippers should also ask about prior incidents and how the technology partner has reacted to those. Risk thresholds, monitoring, and key risk and performance indicators are tools to utilize to know that something is going wrong before it turns into a bigger problem. Additionally, the technology partner should have external assessments available such as security assessments and SOC (Service Organization Controls) or ISO certifications.
- How do you ensure our data is safe and secure?
At the core of a strong security program is data security. Key concepts to look for here are data encryption at rest and in-transit, logical access controls, as well as prevention and detection. Another key aspect to ask for is an external and internal data privacy policy to verify that the technology partner takes confidentiality and privacy seriously. Lastly, in an ever-changing security world, things can go wrong. The technology partner should be able to provide evidence that a dedicated incident response team is available and can act quickly when faced with issues or suspected data compromises.
- How do you know when something goes wrong?
While the old saying “an ounce of prevention is worth a pound of cure” is also true for cyber security, things can go wrong. When car shippers entrust technology partners with their data, they also want comfort that they have a partner when things do not go as planned. A dedicated incident response team is key. The team should be equipped to monitor and respond to threats quickly and effectively. A well thought out incident response plan is critical. The plan needs to be tested and ideally shared with the car shippers. Ultimately, car shippers need to gain comfort that the technology partner can identify when something goes wrong, respond to it, and communicate any concerns to the car shippers.
- How are you adapting to changing privacy and security requirements?
While the car transportation industry is not as regulated as other industries, personal (customer) data such as names, addresses, emails, etc. are common data assets for car shippers. Several states, most notably California and Virginia, have enacted or are working on enacting privacy laws. Car shippers need to ensure, under most privacy laws, that their technology partners can meet these privacy laws. Therefore, it is important to assess the privacy capabilities of the technology partners. Car shippers should verify that a privacy program exists, and that the program can adapt to new regulations.
When relying on technology partners or managed transportation system providers, cyber security should be a core focus area. By asking these five questions, car shippers can start to assess the technology partner’s security program and to make sure they are choosing an appropriate fit.