Imagine you are tasked with drafting a supply chain security policy. How would you go about doing this? Who else might you involve to assist with developing the policy? What factors would you need to take into account, and what things might you include in the policy? Explain your rationale.

Supply chain security programs focus on the potential risks related to an organization’s suppliers of goods and services, such as attackers trying to gain access to data and other assets. Organizations must therefore adapt their security procedures, including employees, processes, technology, vendors, partners, and even customers.

Imagine you are tasked with drafting a supply chain security policy. How would you go about doing this? Who else might you involve to assist with developing the policy? What factors would you need to take into account, and what things might you include in the policy? Explain your rationale.

In the second part of your paper, discuss major ethical issues that might arise when dealing with third-party vendors and suppliers. Would these also be addressed in the policy, or are there other ways these issues might be addressed?

Use the two information security policy examples (Princeton University and Trinity University) from the Study Materials section and the other related readings to guide you in this activity. (Links Below)

https://inside.trinity.edu/information-technology-services/information-technology-policies/information-security-policy

https://www.princeton.edu/oit/it-policies/it-security-policy/Documents/Information_Security_Policy.pdf