Skip to content
Alex DowNov 17, 20211 min read

Simplifying Vendor Risk Management in the Mining and Metals Industry

Introducing the MM-ISAC Cyber Security Readiness Rating

The Goldcorp data breach of 2016 catalyzed the creation of the Mining and Metals Information Sharing and Analysis Centre (MM-ISAC). As part of their mandate to “develop effective risk mitigation strategies and technologies suited to the mining environment”, the MM ISAC and Mirai Security have developed an assessment methodology to increase the cyber resiliency of the supply chain.

How is the MM-ISAC Cyber Security Readiness Rating different? 

Third-party access is one of the most common mining industry cyber threats. Up until now, each company is responsible for screening and determining supplier risk, which becomes a lengthy and arduous process for both parties. 

Instead of asking vendors to fill out generic questionnaires, we developed a dynamic assessment methodology which is based on the type of potential risk a third party could introduce. It’s a deceptively simple solution that reduces the workload for both mining companies and suppliers. The questionnaire is filled out once and Mirai Security is responsible for reviewing submissions and maintaining the framework updated. 

How can my company get involved? 

We will be sharing more details of the MM ISAC Cyber Security Readiness Rating at their annual meeting. We are currently testing the tool and will be officially launching in early 2022. 

Our experience in assessing and quantifying risk for mining and manufacturing operations was instrumental in the development of the rating methodology. We are looking forward to the adoption of the MM ISAC Cyber Security Readiness Rating and to assist companies in establishing cybersecurity practices that enable their businesses.