Image source: istock.com/Alzay
The National Cyber Security Centre (NCSC) has published new guidance for organisations on assessing defences and resilience in their supply chains.
It said the move comes in response to a growing trend in supply chain attacks and urged organisations to work with their suppliers to identify weaknesses and boost resilience.
The guidance describes how vulnerabilities to cyber attack can arise in the chain, defines expected outcomes and sets out key steps to assessing the approach to security.
They include beginning with a knowledge of your own organisations’ approach to cyber risk management, then developing an approach to assess supply chain security. The latter involves prioritising the key factors and creating components for the approach.
Next is to apply the new approach to new supplier relationships, embedding security practices throughout the contract lifecycle and monitoring relevant performance.
This is followed by integrating the approach into existing supplier contracts, identifying those with security shortfalls and working with them on improvement plans. This should be reinforced by regular measurement against defined…
