top of page

How Canopy looks after data security in supplier management

By moving your supplier data off email servers and out of spreadsheets, Canopy enhances your data security

Activating data security in the Canopy supplier management platform
Canopy is serious about data security to minimise risk across supply chains

Data breaches are a serious matter. There's huge operational and reputational risk associated with letting data get into the wrong hands. And sometimes it takes a high-profile mistake to put this issue back on people's radars. It was announced last week that the UK Ministry of Defence had accidentally sent classified emails intended for the Pentagon to Mali, a key ally of Russia. While this case hinged on a typo in an email address, it highlights how careful we all need to be with data. And when you've got business critical data about your suppliers, it's especially important to ensure that it stays safe. Canopy has robust data security policy and practices in place to ensure that all your data remains locked up until it's needed. In this blog, we take a closer look at data security across our supplier management platform.

Supplier data is safe, but shareable with those who need it

As with so many compliance issues, there are practical, moral, and financial concerns when it comes to data security. In terms of the practical side of things, there could be operational issues arising from a data security breach. Meanwhile, looking after sensitive data on your suppliers is a responsibility, and it's simply part of being a better business.

And as for the financial implications of poor data security, we all know about GDPR (the General Data Protection Regulation, which went live in 2018). Of course, much of the supplier data you hold may not be governed directly by GDPR as it won't be personal data. But some of it could be, such as personal email addresses which you have no right to share without permission. And it's worth remembering that the fines for breaching GDPR compliance can amount to 2% of a business's global turnover. That's some financial incentive to get data security right.

Canopy adheres to the highest standards of data security and adopts processes to ensure your supplier operations are protected. It elevates your data security protections immediately by getting sensitive information off email and onto a secure platform. And with appropriate logins for teams across your business, people will only see the data they need in their role.

The practicalities of data security with Canopy

Here are three ways in which Canopy's approach to data security helps your business.

1. Activate data security and reduce risk

As it's a SaaS platform (software as a service), Canopy holds supplier data securely with strict access controls. We're signed up to ISAE 3402, the globally recognised auditing standard for SaaS businesses. You can determine the level of access for different authorised stakeholders. Canopy brings users into the system via the protection of login or SSO, rather than sharing sensitive information on email. Not only will you have increased data security compliance. You'll also reduce the risk of commercially sensitive information falling into the wrong hands.

2. Segregate duties to minimise fraud risk

Some of our potential clients are nervous about supplier data being more shareable across their business. The chief concern is that putting information on a platform raises the risk of different teams wrongly (or even fraudulently) amending data. Canopy’s workflow ensures that individual users are unable to make changes without supplementary authorisation. For example, banking information requires multiple user approval before details in ERP are updated. With Canopy, you'll protect yourself and your suppliers from potential rogue actors in your organisation.

3. Audit history provides a definitive record of activity

Every data change, workflow stage, and approval is time- and date-stamped with the user’s name. This ensures that there is a complete audit history of everything that has happened to a supplier’s profile. You'll have eliminated confusion by knowing immediately why a supplier is in the status they're in on the platform. Canopy's entire approach to supplier management is about reducing the risk of human error. So this provides an added level of comfort that your supplier data will remain of the highest quality and will stay secure.

To find out more about how the Canopy supplier management platform handles data security, contact one of the team today.

Post by Nick Verkroost

Nick is an experienced business leader and the CEO for Canopy (OCG Software), the rules-based Supplier Management platform. Nick's focus is on commercial and operational excellence and ensuring our clients maximise the opportunities that Canopy offers.


bottom of page