The information security of the supply chain is a part of enterprise information security, and it is also the most difficult part to control since lots of weaknesses and challenges cannot be solved or dealt with by the company itself. This will be an extremely tough challenge for the company to strengthen its own information security. Among various suppliers, those who provide IoT devices to automate processes or streamline manpower for companies are relatively deeply impacted. Both the financial and the manufacturing industry hope to expand the use of the IoT for further exploring diverse markets or creating different operating methods in order to gain a competitive advantage. Whether the companies have identified the risks of IoT equipment, and whether the management of IoT equipment suppliers has improved, seems to be discussed in the process of gaining competitive advantages and undergoing the digital transformation.There may be a need for a more mature and complete ecosystem in the market to assist equipment users to improve their risk identification capabilities and risk response planning. Furthermore, it is necessary to conduct evaluations on those suppliers and interact with them differently, so as to gradually build a reliable information security service providing network, and in the meantime, meet the regulatory trend of the competent authority and the requirements of enterprise landing. In this speech, the speaker will assist listeners to grasp the enterprise risks that IoT devices may bring. In addition, starting with international or regional standards, we will further analyze the possible management mechanisms of related IoT equipment suppliers in order to bring companies or IoT suppliers a vision of the future IoT information security ecosystem.