Trust Your Supplier (TYS) Completes SOC Examinations for Fourth Consecutive Year

In the fast-paced landscape of business operations, the secure exchange of information stands as a cornerstone of success across all industries. Cybersecurity, confidentiality, and data privacy remain paramount concerns, particularly in the realm of document exchanges and data transfers. Trust Your Supplier (TYS), a flagship initiative under the purview of Chainyard, acknowledges the critical nature of these issues within its network of participants. To bolster this commitment, TYS and Chainyard proudly announce the successful completion of SOC 1 & SOC 2 Type 2 examinations for the fourth consecutive year with no exceptions, reaffirming its dedication to meeting the most stringent data security requirements.

The examination was conducted by A-LIGN, a technology-enabled security and compliance firm trusted by more than 4,000 global organizations to help mitigate cybersecurity risks.

What is SOC 2 report?
SOC 2 report  addresses risks associated with the handling and access of data, and can be used by a variety of organizations of any size (e.g. SaaS, colocation, data hosting, etc.) Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate the identified risks to the different parts of an organization.
The SOC 2 audit testing framework is based off of the Trust Services Criteria (TSC), which are used to identify various risks (points of focus) an organization should consider addressing. Based on the TSCs the organization selects to be in-scope, the third-party compliance and audit firm evaluates whether the organization has the appropriate policies, procedures and controls in place to manage the identified risks effectively.

In order to pass a SOC 2 examination and receive a letter of attestation successfully, it means an organization is addressing controls in areas such as information security, access control, vendor management, system backup, business continuity and disaster relief, and more.

Trust Your Supplier & Chainyard performs SOC 1 and SOC 2 audits on an annual basis and reports are available to current clients upon request and to potential clients upon execution of a non-disclosure agreement. If you are interested in viewing these SOC reports, please contact us.

TYS Podcast S2E4 – Unraveling the Global Tapestry of Politics, Economics, and Supply Chains

In this episode, we dive deep into the intricate web of global politics, economics, and supply chains, unraveling the complexities that shape the landscape of modern business. Join us as we explore pressing questions and uncover insights that shed light on the evolving dynamics of the global risk environment.

The volatile nature of today’s global political and economic climate reverberates across industries, making it imperative for supply chain and procurement professionals to stay vigilant. Every shift in geopolitics or economic policy can send ripples through the supply chain, impacting everything from sourcing strategies to operational efficiency.

So, why does this matter for supply chain and procurement? Simply put, businesses operate in a connected world where disruptions in one region can have far-reaching consequences. Whether it’s trade disputes, sanctions, or geopolitical tensions, these factors can disrupt supply chains, increase costs, and affect business continuity.

Tracking these issues requires a comprehensive approach, leveraging a mix of data sources, analytics, and expert analysis. By monitoring key indicators, companies can anticipate risks and identify opportunities, enabling proactive decision-making.

To gain deeper insights into these challenges, we asked the experts at Prism about the emerging trends in global politics and economics. Watch our conversation with them and read our blog, co-authored by TYS and Prism, on how the Swiss climate ruling reshapes supply chains and risk management.

TYS Podcast S2E3 – Unlocking the Power of Master Data Management

In the ever-evolving landscape of business operations, one concept stands out as the cornerstone of success: master data management (MDM). Recently, Trust Your Supplier (TYS) hosted a thought-provoking episode of the TYS Podcast, delving deep into the intricacies of MDM, financial information, compliance, and data privacy. This enlightening discussion shed light on the challenges and opportunities facing businesses today and provided invaluable insights for industry professionals. 

The conversation kicked off with an exploration of the “core theater” essential for operational success, encompassing individuals, suppliers, transportation, and data privacy. Participants emphasized the critical importance of maintaining master data governance throughout the supply chain lifecycle, citing real-world examples of companies teetering on the brink of bankruptcy due to lapses in data management. This sobering revelation underscored the profound implications of master data on individual businesses and entire supply chains, making it a non-negotiable aspect of organizational strategy. 

As the discussion unfolded, participants turned their attention to recent trends and innovations in financial information provision and MDM. They highlighted the adoption of technology for financial crime prevention and the challenges posed by the quality of customer and third-party data. The consensus was clear: high-quality, accurate, and complete information is paramount for enhancing customer experiences and detecting suspicious behavior, making MDM indispensable for achieving business objectives and ensuring compliance. 

The conversation then shifted gears to address the complexities of monitoring and verifying data across different jurisdictions, particularly in light of evolving compliance regulations. Participants stressed the need for globally sourced, accurate, and consistent data to support robust risk assessment and compliance efforts. The impact of mergers and acquisitions on MDM and compliance was also explored, with a focus on identifying beneficial owners and understanding complex family structures. 

A particularly poignant moment in the discussion arose when the intersection of data privacy regulations like GDPR with compliance requirements was examined. Participants acknowledged the conflicting nature of Know Your Customer (KYC) and GDPR regulations, highlighting the need for companies to navigate these regulations effectively while safeguarding sensitive information. 

Further insights were shared on the challenges of continuous auditing of information and the importance of monitoring data changes. Participants underscored the necessity of providers offering robust monitoring capabilities and event-driven updates, emphasizing the role of compliance officers in reviewing critical changes. 

The conversation culminated in a discussion on the transformative role of AI and machine learning in automating manual processes and ensuring data quality. Participants stressed the importance of high-quality data as the foundation for AI applications and the need for data cleansing to avoid exacerbating existing problems. 

In conclusion, the episode provided invaluable insights into the challenges and opportunities in MDM, compliance, and data privacy. It underscored the critical role of accurate and high-quality data in driving business success and ensuring regulatory compliance. As businesses navigate the complexities of today’s landscape, embracing robust MDM practices and leveraging innovative technologies will be key to staying ahead of the curve. Trust Your Supplier continues to lead the conversation in thought leadership, empowering industry professionals to navigate the ever-changing business landscape with confidence and agility. 

Ethical Considerations of Digital Transformation

Our Chief Technology Officer, Mohan Venkataraman, provides thought leadership to the tech community at large. His latest article, Ethical Considerations of Digital Transformation, is a sensible case for companies doing the right thing for society and the planet. Mohan lays out three ways to ensure your business is practicing ethical principles.  

By design, Trust Your Supplier incorporates these steps into our features and workflows. From audit & compliance management, supplier diversity, ESG or other compliance initiatives, TYS provides business process transparency, data privacy, and key partnerships to maintain ethical standards. 

Published by Entrepreneur magazine, enjoy the full article here. 

 

SOC Reports Show Trust Your Supplier and Chainyard’s Commitment to Data Privacy

By Ravi Sabhikhi 

The exchange of information is crucial to business operations across all industries. Cyber security, confidentiality and data privacy are common concerns with document exchanges and other forms of data transfer. Trust Your Supplier (TYS), owned & operated by the blockchain services and solutions company Chainyard, recognizes that these issues are critical to network participants. In response, Chainyard has successfully completed SOC 1 & SOC 2 Type 2 examinations to further cement our commitment to meeting the utmost in data security requirements. 

At Chainyard, data security and data privacy are in our DNA. We ensure our clients’ security concerns are addressed across multiple areas. Chainyard built TYS, one of the largest supplier discovery and information management permissioned blockchain solutions, using a Hyperledger Fabric framework. This adds protection to the network by safeguarding the digital keys that access the data. 

Deployed on the IBM Public Cloud using the IBM Blockchain Platform, TYS adheres to all IBM Data Center security policies. The TYS production team also runs daily vulnerability scans along with minute-to-minute logs and can generate system alerts for any anomaly, notifying the appropriate people to take immediate action as required. These defined processes using state of the art technologies ensure Chainyard protects its devices and network against cyber attacks.

On the development side, the TYS team uses an Agile SDLC process where every user story is documented, and security concerns are addressed before each release of the TYS application.  

At Chainyard we constantly monitor and adapt to the evolving and increasingly complex privacy landscape. The public awareness of privacy has grown over the past few years and was an instrumental factor in passing legislation such as the California Consumer Privacy Act of 2018 (CCPA), and more recently, the California Privacy Rights Act of 2020 (CPRA). While Europe has led the way with GDPR compliance, more states and countries are developing their own data privacy laws, such as South Africa’s Protection of Personal Information Act (often called the POPI Act or POPIA). 

The TYS SaaS application is GDPR, POPIA, and CCPA compliant , with policies and procedures in place for data encryption in motion and at rest. Penetration tests (PEN tests) are performed multiple times a year by IBM X-Force Red in order to discover any security gaps and data vulnerability and perform security checks on the web interface and other access interfaces. All PEN test findings are reported and fixed in priority, as required by their severity level. PEN test reports are available upon customer request.  

Chainyard continues to demonstrate its strong focus on the privacy and security of our clients’ data by proactively and successfully completing Type 2 SOC 1 and SOC 2 examinations this year. This allows our clients to maintain peace of mind as they focus on improving lives and reducing costs. Mohan Venkataraman Chainyard, CTO, added that “our recent SOC 1 & SOC 2 certification is only one aspect of our growing infrastructure security program that includes, among other things, ongoing data privacy and confidentiality enhancements and platform security improvements to guard against cyber security threats”.

Established by the American Institute of Certified Public Accountants (AICPA), SOC 1 and SOC 2 examinations are designed for organizations across all industries and scope to ensure the personal and business assets of their potential and existing customers are protected. SOC 1 and SOC 2 reports are recognized globally and affirm that a company’s infrastructure, software, people, data, policies, procedures, and operations have been formally audited by a third party.  Chainyard’s SOC exams were led by A-LIGN ASSURANCE (A-LIGN), an independent auditing firm focused on industry-leading security and compliance, and trusted by more than 2,500 global organizations.  

A-LIGN’s Type 2 SOC 1 and SOC 2 audits of Chainyard’s infrastructure and internal processes revealed no exceptions, affirming that our company’s security policies, data protection, and privacy protocols meet or exceed the highest industry standards. These SOC examinations reinforce Chainyard’s commitment to information confidentiality and data security on the Trust Your Supplier network, and we plan to continue maintaining and re-evaluating our policies and measures to maintain this standard of excellence.  

Chainyard will perform SOC 1 and SOC 2 audits on an annual basis and make the reports available to current clients upon request and to potential clients upon execution of a non-disclosure agreement. If you are interested in viewing these SOC reports, please contact us.