Governance
-
Principles of supply chain security
- Understand what needs to be protected and why
- Know who your suppliers are and build an understanding of their security measures
- Understand the security risks posed by your supply chain
- Communicate your view of security needs to your suppliers
- Set and communicate minimum security requirements for your suppliers
- Build security considerations into your contracting process and require your suppliers to do the same
- Meet your own security responsibilities as a supplier and consumer
- Raise awareness of security within your supply chain
- Provide support for security incidents
- Build assurance activities into your supply chain management
- Encourage the continuous improvement of security within your supply chain
- Build trust with suppliers
GOV030
Communicate your view of security needs to your suppliers
Make sure your suppliers understand their responsibility to protect your information, and their products and services. Make sure they understand the implications of failure.
Decide whether you are willing to let your suppliers sub-contract work. If you allow them to sub-contract, delegate authority appropriately to allow them to do so. Give your suppliers clear guidance on the criteria for these decisions. Tell them which types of contract they can sub-contract with without referring to you, and which types need your approval and sign-off.
Ensure your suppliers:
- fulfil their security responsibilities
- include your security requirements in any sub-contracting arrangements
Page last modified: 4/05/2022