Guide to Understanding the Procurement Process in CISSP

The Procurement Process is an indispensable part of the supply chain security in the Certified Information Systems Security Professional (CISSP) context. It helps in ensuring the security of your organization's supply chain.

Understanding the procurement process, why it is important, how it works, and how to answer questions about it in an exam is vital for any CISSP aspirant.

Importance: The security of supply chain is often perceived as a complex topic compounded by the complexity and diversity of supply chains themselves. Procurement is a key step in this chain - ensuring that the supplies procured are secure, and the vendors environment to avoid compromising the security of the system.

What it is: In crude terms, procurement is the process your company goes through to acquire (procure) goods and services. This could be anything from office supplies to IT infrastructure components. In context of CISSP, focus is on procuring information technology components.

How it works: The steps of the procurement process vary from company to company, but could typically be described as follows: requirement identification, supplier identification, supplier communication, negotiation, supply contract administration, quality examination and finally, payment and maintaining the relationship.

Exam Tips - Answering Questions on Procurement Process:
- Always link procurement back to the security of your company.
- Remember that procurement isn't just about getting the best price, but getting value for money.
- Be familiar with terms such as Request for Proposal (RFP), Request for Quote (RFQ), etc. as they are often used in procurement-related exam questions.
- Understand the implications to security in each step of the procurement process.
- Practice questions. The more you practice, the more comfortable you'll get with this topic.