Governance
Protect your organisation’s information and assets. Identify and manage risks that arise from working with external suppliers.
GOV024
Why supply chain security matters
Most organisations rely on suppliers to deliver products, systems, and services. These suppliers become an extension of your business and broaden the risks you’re exposed to.
A ‘supply chain’ can be described as ‘a network of organisations connected by a series of relationships involving the supply of goods or services.
Supply chains can be large and complex, involving many suppliers doing many different things. For example, some organisations may:
- outsource to a payroll provider whose systems are hosted in the cloud and maintained by another software provider
- partner with another organisation (for example, an NGO) to provide front-line services, and the partner in turn uses several providers to support their business.
Many organisations are not aware of all of the suppliers who make up their supply chain.
Securing your supply chain can be challenging because it can be difficult to identify vulnerabilities or recognise where they could be introduced and exploited.
Understand the threats and risks from your supply chain
The threats from your supply chain come in many forms. For example, a supplier may: fail to adequately secure their systems have a malicious insider working for them carry out malicious acts for their own gain. Or, you may fail to clearly communicate your security requirements, so a supplier does the wrong things.
Principles of supply chain security
Follow these principles to gain and maintain control of your supply chain. The twelve principles are divided into four stages, covering the process of securing your supply chain.
Assessing your supply chain security
See the table below for examples of good and bad supply chain security to begin the process of understanding your own situation.
