Governance
-
Principles of supply chain security
- Understand what needs to be protected and why
- Know who your suppliers are and build an understanding of their security measures
- Understand the security risks posed by your supply chain
- Communicate your view of security needs to your suppliers
- Set and communicate minimum security requirements for your suppliers
- Build security considerations into your contracting process and require your suppliers to do the same
- Meet your own security responsibilities as a supplier and consumer
- Raise awareness of security within your supply chain
- Provide support for security incidents
- Build assurance activities into your supply chain management
- Encourage the continuous improvement of security within your supply chain
- Build trust with suppliers
GOV029
Understand the security risks posed by your supply chain
Assess the risks your contract arrangements pose to your information or assets, to the products or services to be delivered, and to the wider supply chain.
Risks to and from the supply chain can take many forms. For example, a supplier may:
- fail to adequately secure their systems
- have a malicious insider working for them
- contract work to someone who fails to manage your information properly
- undermine your systems through malicious acts (if the system involves national security, the malicious acts may be backed by a hostile state).
Or your communication about security needs might be poor, so the supplier does the wrong things.
Use the best information you can to understand these security risks.
Page last modified: 4/05/2022