Category Archives: Event

Data Breach Response Planning Part I


Today’s guest post is from Torey Guingrich, a Project Manager at Source One Management Services, LLC who specializes in helping global companies drive greater value from their IT and Telecommunications investments.

It seems as if no industry or company can escape the potential of a data breach. Over the past few years, we have seen large retailers, health insurance companies, financial services firms, and the U.S. federal government deal with reporting and responding to large-scale data breaches. The first reaction to the threat of a breach is to bolster prevention. While there are clear ways that companies can mitigate the risk of a breach, there will always be someone looking to exploit weaknesses in security systems and protocol. While preventing a breach would be ideal, prevention should work hand-in-hand with preparation for a breach, including having the necessary partners identified or in place to respond to, cease, and mitigate damage. Procurement plays a key role in preparation by working with IT and various stakeholders to determine which types of services are needed for a data breach, as well as supporting the selection and management of the specific suppliers.

There are a few key supplier partners that Procurement should look to establish relationships with in preparation for, or in the event of, a breach:

  • Forensic IT
    While your IT department is very familiar with the systems in place and is able to manage them, they may not have the expertise needed to identify the source of a breach. Forensic IT firms can help identify the source and extent of a breach so that your IT team can focus on securing against the breach and ensuring operations can return to working condition. Procurement should work with IT to evaluate potential suppliers for forensic services based on the organization’s architecture, network, and potential entry points and vulnerabilities. Procurement can look to leverage sourcing activities or existing relationships for IT managed services to identify potential suppliers for forensic IT services.
  • Outside Council
    Unless your internal legal team is well versed and qualified to respond to a breach, you will likely need to bring in additional resources with specific expertise to direct your company on compliance and regulatory implications. When evaluating potential legal firms, Procurement should look for those who have expertise in notification requirements in all fifty states of the U.S. as well as in other countries, as appropriate for the company’s operations, and in your company’s specific vertical (e.g. healthcare, banking, insurance). Because these requirements are evolving, be sure to identify firms that are keeping pace with the most recent rulings and regulations.
  • Credit Monitoring/Identity Theft Repair
    With the increase of cyber threats and attacks over the past few years, firms that used to be seen primarily as credit monitoring tools are leveraging their experience and insight to offer response services that include customer notifications and call centre support, along with credit monitoring and identity theft repair services for affected customers. Procurement should ensure the chosen supplier is able to meet the expertise and capacity needs of the organization and can offer value-add services to bolster your response plan. Some suppliers offer services such as data breach simulations that can help identify holes or potential gaps in the designed response plan.

Procurement will need to consider the best-fit way to contract these services in order to utilize them in an efficient way. These services can be contracted in advance of a breach; this approach guarantees capacity, provides a faster response, but comes with both a monthly or annual retainer and variable costs that correspond with the breach.

You can also looks to purchase these services when a breach occurs; this would eliminate the retainer portion of costs, but would not guarantee capacity, may put you in a less favourable position in terms of negotiating variable rates, and will have a longer lead time. If you chose not to retain services, it would be prudent to establish beforehand a short-list of potential suppliers to approach for the necessary services when breach occurs.

Another option to obtain these service is through a data breach insurance plan; this is certainly an option for many organizations, but do consider your company’s ability to fully develop a response plan, ability to control the response, and reputation risk when working within the confines of an insurance policy. Deciding which services are used, and how they are purchased, will likely depend on your organization’s aptitude for risk and budget that can be allocated to these services. Procurement will need to explore the different purchasing methods against the risks associated with a data breach to determine the appropriate approach for securing these services for the organization.

Whatever supplier partners you decide to work with (whether proactively or reactively) Procurement should identify what they will need to begin working on your behalf and mobilize as quickly as possible. The development of your data breach response plan should also identify the types of data at risk (i.e. beyond customer data) and how a breach of that data will affect your business. This practice will allow you to identify business areas that may need to be involved in the creation and execution of the response plan in order to properly prompt internal action as you engage suppliers.

Now that you have your response partnership (plan)s in place, in our next post we will discuss the next key to a successful data breach response.

Thanks, Torey.

The Trade Extensions Event Was Different. It Needed to Be. Do You Know Why?

Those of you following Spend Matters and Spend Matters EU will have noticed Nancy’s and Jason’s posts on the recent Trade Extensions events in London and Chicago on Managing Complexity. In these posts they made a number of interesting observations (which the doctor can verify as he was at the UK EVENT) about the event and how it was different from many other customer-focussed vendor events.

Major differences included:

  • Focus of the talksSpeeches focused on real, live issues and scenarios that listeners could learn from and apply to their procurement functions and their companies’ wider strategic visions. (Optimising Your Game in “at the trade extensions user event an overview of the day” on Spend Matters UK) There wasn’t a single demo or even a detailed description of the next major release (which will be their biggest release since 2009), coming next year.
  • Make up of the crowdUsers tend to be forward-thinking and technology-savvy people, given this is leading-edge software, and there were more people in their 20s (“bright young things”) than is usual at events of this nature. It was the leaders of today and tomorrow, not the leaders of yesteryear counting the days to their retirement. (A Rewarding Day, Spend Matters UK)
  • Value to the crowd. Nancy noted that one person said that coming to the event had taught him more in one day than he could have learned from going on a £30K procurement course.(A Rewarding Day) The focus was on real-world value, not vendor messaging.
  • Key takeaways.There’s more to an optimization-based sourcing system than just product sourcing. One company noted that having changed from their existing sourcing system to something more advanced 12 months ago, has proved invaluable in two key areas: logistics activities (not surprisingly) and supplier data capture. Optimization is about total costs, goods and transportation, and in order to analyze and select the best total cost scenario, a lot of data needs to be captured. As a result, such a tool must be great at data capture. And, as a result, the tool can be used in more diverse ways and in more applications than you would expect. (A Rewarding Day)
  • Individual ThoughtJason noted how many thoughts of the attendees center on areas around the technology rather than the core solution itself. Taken together, I believe the thoughts below point to the future of where sourcing technology is headed, which centers as much on people as systems. (Brainstorming: Spend Matters) Trade Extensions is encouraging ideas and feedback, hoping to harvest the best for future development.

These were all major differences, but the biggest difference is the one that is going unsaid by Nancy, Peter, and Jason and Trade extensions. What is the biggest difference? What is left unsaid. What was left unsaid? We’ll tackle that in our next post …
after we give you a day to think on it.

Gettin’ Sigi With It

Those of you joining the doctor at Emirates Stadium today at the Trade Extensions European Practitioners Conference on Managing the Future will know that today is the day we all Get Sigi with it!

Gettin’ Sigi With It!
To the tune of Gettin’ Jiggy With It.

Bring it.
Whoo!
Unh, unh, unh, unh
Hoo cah cah
Hah hah, hah hah

Bicka bicka bow bow bow,
Bicka bow bow bump bump
What, what, what, what
Hah hah hah hah
Unh,

On your mark ready set let’s go
Sourcing pro I know you know
They went psycho when his new book hit
Just can’t sit
Gotta get Sigi wit’ it

Ooh that’s it
Now Procurement pro come nigh
Sourcing Mojo all up in my eye
You gotta new ride with alotta stuff in it
Give it to your friend let’s spin

Everybody lookin’ at him
Glancin’ the kid
Wishin’ they was dancin’ a jig
Here with that handsome kid
Ciga-cigar right from Cuba-Cuba
He just bite it
It’s for the look he don’t light it

IGsay the an-may on the rand-gay and-stay
List’nin’ to Sigi make it feel like foreplay
Yo his cred-dee-o is Infinite
Ha ha
Big Sigi style’s all in it
Gettin’ Sigi Wit It

Na na na na na na na nana
Na na na na nana
Gettin’ Sigi wit it

What you wanna tread with the kid
Watch your step you might fall
Trying to do what he did
Sourcer-unh sourcer-unh sourcer come closer
In the middle of the room with the rub-a-dub, unh

No love for the cynics, the cynics
Mad cause he bled savings from the bankers
See him on the fifty yard line with the traders
Met Stamper, he told him he’s the greatest

We got the fever for the flavor of a crowd pleaser
Blogger spin another
From the Mojo prince
His highness
His mad skillz bring you riches

South to the west to the east to the north
Take his plans and watch ’em go off a go off
Ah yes yes y’all ya don’t stop
In the winter or the (summertime)
He makes it hot
Gettin’ Sigi wit ‘it

Na na na na na na na nana
Na na na na nana
Gettin’ Sigi wit it

Guaranteed savings if you need a lift
Who’s the kid in the mist
Who else Sigi Osagie
Livin’ that life some consider a myth

Save from South A. to the UK
Finance used to tease him
Give it to him now nice and easy
Since he moved up like George and Wheezy

Save to the maximum I be askin’ ’em
Would you like to bounce with the brother that’s platinum
Never see Sig attackin’ ’em
Rather play ball with Locke and um,
Flatten ’em
Psyche
Kiddin’

You thought he skim’d a schill
But he didn’t
Trust the blogger in your life, he hittin’
Hittin’ hard a piledriver with a ribbon
Crib for his bros on the outskirts of Surrey
Savings troupe for you and me
Don’t be waylaid
Go get Sigi wit it

Na na na na na na na nana
Na na na na nana
Gettin’ Sigi wit it

Two Weeks to the Trade Extensions Workshop. Two Weeks to Freebies.

And two weeks to the next Sourcing Innovation white paper on Complex Sourcing. Are You Ready? The first of many great freebies coming your way at the TE Workshop (and the first of two freebies coming your way from SI. What’s the second? Stay tuned. All I can tell you now is that it is Awesome! TE has spared no expense this year in making sure that you as a practitioner get what you need to tackle complex sourcing.)

That’s right, those of you who took up Trade Extensions’ exclusive offer to practitioner readers of Sourcing Innovation and Spend Matters UK and are attending the workshop will be the first to get SI’s new white paper on Complex Sourcing.

Following last year’s big white paper on Optimization, What Comes Next?, still freely available compliments of Trade Extensions, which introduced you to six new ways that optimization will continue to identify new opportunities for Sourcing that you likely haven’t even thought of, this year’s white paper dives into what complex sourcing is, what platform capabilities are required to support complex sourcing, and why complexity is no longer the exception but the norm.

This paper, which builds on Mr. Smith’s soon to be classic paper on “What Defines Complex Sourcing”, dives deep into how categories are complex, how the complexity requires new processes and new solutions, and why first generation solutions are not ready for what comes next.

And not only will you as an attendee be the first to get the doctor‘s new white paper, but you will also get to hear Mr. Smith talk about the future of Procurement, which we all know is Doomed! Entombed! Marooned!. (And then, if you are so inclined, discuss the subject with the doctor in person.)

See you in two weeks!

An Open Invitation to the Trade Extensions Workshop for Practitioners

Trade Extensions, a leader in Sourcing Optimization (and a sponsor of Sourcing Innovation), is having their annual user conference on October 7 (2015) in London. As pointed out yesterday by Mr. Smith in his invitation, this year they are opening it up to a small number of practitioners who want to learn more about advanced sourcing and sourcing optimization, and, Sourcing Innovation and Spend Matters UK readers in particular. (Outside of the Trade Extensions website, you won’t see this invitation anywhere else.)

Unlike some vendor conferences, that spend hours and hours demoing their new products and discussing where they are going and how great it will be for you as a customer, Trade Extensions keeps anything even remotely marketing related to an absolute minimum in their events, preferring to focus more on education and best practice then on sales. (Last year, except for a very brief “here’s what we did over the past year, here’s what we’re doing, and here’s a few screen shots of what the new capabilities look like“, the rest of the day was spent on presentations by experts and practitioners on best practices, process transformation, and advanced sourcing (including a presentation by yours truly on what comes next in sourcing optimization). (If you got in a bit late or left a bit early, you wouldn’t even know who was putting it on.)

This year, they want to cram even more education into a single day. With presentations by Sigi Osagie, who’s gonna tell you how to get your Procurement Mojo on, Mr. Peter Smith, who’s going to discuss the Future of Procurement (which, in the doctor‘s view is Doomed. Marooned. And ready to be Entombed.), and Sindbjerg Hemmingsen, a known thought leader on responsible procurement, the day is going to be jam packed with education and useful information. And if that’s not enough, it’s another opportunity to meet the elusive yours truly who will be there to …

Oops! Can’t tell you that … yet. Trade Extensions has a few surprises this year for its attendees beyond holding the event at Emirates Stadium (which is home of the Arsenal Football Club, and a known haunt of many Premiere League legends who seem to get lost in the halls and never leave) and the dinner at the British Library. Let’s just say that even the gift bag might knock your socks off.

So, if you are a practitioner (or a consultant practitioner who is not locked into an exclusive engagement with a provider) who would like to learn more about sourcing best practices and advanced sourcing, this could be your lucky day. But you need to book quickly. When the seats are gone, the seats are gone. And this is one event you don’t want to be left out of.