Research Triangle Park, NC 27709

– 1 –October 30, 2018

3039 Cornwallis Road

Research Triangle Park, NC 27709

Date (sent)
To: Supplier company name and name of CEO/COO/CIO
Reference: Supplier Cyber Security Program

Dear Supplier CEO or COO orCIO(CIO is the preferred targeted executive)

No business is immune to cyber attacks. It is reported that "Every minute, [there are] about half a million attack attempts that are happening in cyber space," according to Derek Manky, Fortinet global security strategist. Given this environment that businesses must operate in, it is essential for businesses to ensure they have a robust cyber security program in place.
IBM takes cyber security seriously and has implemented programs and tools to prevent, detect, and respond to cyber security incidents. Likely the majority, if not virtually all of our suppliers at this time have similar programs in place. IBM relies on its valued suppliers for products and services provided to IBM and/or used by our clients; therefore, it is important for our suppliers to continue to operate their businesses in an un-interrupted fashion.

At this time we are asking our suppliers to inform us if they have a cyber security program in place that, at a minimum, contains provisions to prevent, detect, and respond to cyber security incidents.

Please click on the link below to complete a brief questionnaire. You will be asked to respond to two yes/no questions and provide the contact information of the person(s) responsible for cyber security at your company, so we can contact them and work with them directly as needed in the future.

Should it be necessary, this email can be forwarded to another contact to complete and submit this verification. Your response is requested by no later than 30 days from the date of this memo.

Click here to respond to the questionnaire. (Note: You must have live internet

access to take the questionnaire):

Also, as of June 8, 2016, our standard business continuity clause has been updated to include the specific requirement that each supplier have a cyber security program in place. This updated business continuity clause will apply to all new and renewed contracts
Questions about this communication may be directed to: Matt Heinz at (720) 396-7919, or ailto:

Thank you for your attention to this important communication and for joining with IBM on this key business imperative.

Bob Murphy

Vice President of Supply Chain &

Chief Procurement Officer

IBM Transformation & Operations
Bldg 062, Office R309D / RTP, NC

Tel. Work 919-543-2086, Cell 919-625-1435