Governance

GOV029

Understand the security risks posed by your supply chain

Assess the risks your contract arrangements pose to your information or assets, to the products or services to be delivered, and to the wider supply chain.

Risks to and from the supply chain can take many forms. For example, a supplier may:

  • fail to adequately secure their systems
  • have a malicious insider working for them
  • contract work to someone who fails to manage your information properly
  • undermine your systems through malicious acts (if the system involves national security, the malicious acts may be backed by a hostile state).

Or your communication about security needs might be poor, so the supplier does the wrong things.

Use the best information you can to understand these security risks.

Page last modified: 4/05/2022