Governance
-
Principles of supply chain security
- Understand what needs to be protected and why
- Know who your suppliers are and build an understanding of their security measures
- Understand the security risks posed by your supply chain
- Communicate your view of security needs to your suppliers
- Set and communicate minimum security requirements for your suppliers
- Build security considerations into your contracting process and require your suppliers to do the same
- Meet your own security responsibilities as a supplier and consumer
- Raise awareness of security within your supply chain
- Provide support for security incidents
- Build assurance activities into your supply chain management
- Encourage the continuous improvement of security within your supply chain
- Build trust with suppliers
GOV034
Raise awareness of security within your supply chain
Supplier relationships can interact with many of your organisation’s touchpoints. So it’s important to educate your people about how contracts will operate and what the associated security arrangements are.
Explain security risks to your suppliers using language they can understand. Encourage your suppliers to explain the risks to their people (especially if they work in procurement, security, and marketing), so they know their responsibilities to help manage them.
Your supplier’s people may change over time due to staff turnover or role changes. Work with your suppliers to ensure that:
- people who accessed official or protectively-marked information are reminded of the continuing need to maintain confidentiality
- new people understand your security requirements.
If your supplier has people who require national security clearances, make sure they are familiar with the obligations set out in Maintaining your national security clearance.
Share security information across your supply chain to keep them up to date with emerging security attacks.
Page last modified: 4/05/2022