Protect your organisation’s information and assets. Identify and manage risks that arise from working with external suppliers.
Why supply chain security matters
Most organisations rely on suppliers to deliver products, systems, and services. These suppliers become an extension of your business and broaden the risks you’re exposed to.
A ‘supply chain’ can be described as ‘a network of organisations connected by a series of relationships involving the supply of goods or services.
Supply chains can be large and complex, involving many suppliers doing many different things. For example, some organisations may:
- outsource to a payroll provider whose systems are hosted in the cloud and maintained by another software provider
- partner with another organisation (for example, an NGO) to provide front-line services, and the partner in turn uses several providers to support their business.
Many organisations are not aware of all of the suppliers who make up their supply chain.
Securing your supply chain can be challenging because it can be difficult to identify vulnerabilities or recognise where they could be introduced and exploited.
The threats from your supply chain come in many forms. For example, a supplier may: fail to adequately secure their systems have a malicious insider working for them carry out malicious acts for their own gain. Or, you may fail to clearly communicate your security requirements, so a supplier does the wrong things.
Follow these principles to gain and maintain control of your supply chain. The twelve principles are divided into four stages, covering the process of securing your supply chain.
See the table below for examples of good and bad supply chain security to begin the process of understanding your own situation.