Cyber Initiative

According to the latest statistics, 43% of cybersecurity attacks target small businesses – yet only 14% of smaller organizations rate their ability to defend against a cyberattack as highly effective. To make matters worse, 60% of small companies never recover, and go out of business within months of a cyberattack.

While it’s not difficult to imagine the potentially catastrophic consequences of a cybersecurity breach in your own organization, it can be difficult to know what to do – and what not to do – to safeguard against increasingly savvy criminals and techniques. That’s where AIAG can help.

In partnership with NQC, a global leader in cyberthreat detection, AIAG has launched a new Supply Safe™: Cyber Initiative in support of industry efforts to protect shared data throughout the supply chain.

Free for AIAG members, the initiative’s Cyber Safe Bundles are comprised of a cyber virtual audit and either a basic or advanced enterprise risk assessment. Learn more in the details below! 

Basic Bundle

Designed to support smaller to medium sized organizations with fewer or outsourced IT, this bundle includes:

  • Cyber Virtual Audit
  • Basic Cyber Risk Assessment
    • ~25 Question Survey
  • Additional free resources

Advanced Bundle

Intended for larger organizations with more robust IT resources dedicated to cybersecurity, this bundle includes:

  • Cyber Virtual Audit
  • Advanced Cyber Risk Assessment
    • ~70-85 Question Survey

Bundles Include:

+ Cyber Virtual Audit: A one-time domain/IP scan that allows you to run a comprehensive virtual audit on your organization’s internet facing systems. This non-intrusive remote audit searches for known vulnerabilities and misconfigurations using a database of more than 53,000 issues; vulnerabilities found during the analysis are then logged, and a report is created providing details on the specific vulnerabilities identified, as well as what actions can be taken to rectify the issues. This tool is currently available in English, Spanish and Mandarin.

+ Cyber Risk Assessments: These assessments allow you to evaluate your organization’s existing information security capabilities and organizational controls in relation to industry best practices, as detailed in AIAG’s CS-1 document – the Cybersecurity 3rd Party Information Security guideline. Upon completion, you will receive an automated Corrective Action Plan which enables immediate action in addressing vulnerabilities and improving cyber capabilities. Both a basic and advanced level of assessment – currently in English, Spanish and Mandarin – are available.

Basic Cyber Risk Assessment: With approximately 25 questions, this survey is designed to support smaller to medium sized organizations with fewer IT resources dedicated to cybersecurity, or outsourced IT support. The following areas are covered in this assessment:

  • Back-up
  • Malware
  • Smartphones/Tablets
  • Passwords
  • Phishing Avoidance
  • User Privileges

Advanced Cyber Risk Assessment: With approximately 70-85 questions, this in-depth survey is intended for larger organizations with more robust IT resources dedicated to cybersecurity. The following areas are covered in this assessment:

  • Security Program, Processes, Awareness
  • Access Controls, Passwords, Data Encryption
  • Vulnerability Management, Anti-Virus
  • Security Incident Notification, Security Investigations
  • Security Audits of Suppliers/Third Parties
  • Information Lifecycle Management, Data Retention/Disposal

We encourage you to start your Cyber Risk Assessment as soon as possible to begin the critical process of identifying and addressing vulnerabilities in your system; please make sure to begin the assessment within 60 days of your purchase to take advantage of this tool!

Whether your organization is taking its first steps to prioritize cybersecurity, renewing efforts to protect itself from cybercrime, or performing a health check on existing security measures, AIAG has the next-step resources you need.

Publications - Order Today

This product contains a common set of minimal security guidelines, General Computing Controls, that apply to all 3rd Parties who create, collect, store, transmit, manage, process an OEM's data and information in an environment external to the OEM's.

ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).