Governance
-
Principles of supply chain security
- Understand what needs to be protected and why
- Know who your suppliers are and build an understanding of their security measures
- Understand the security risks posed by your supply chain
- Communicate your view of security needs to your suppliers
- Set and communicate minimum security requirements for your suppliers
- Build security considerations into your contracting process and require your suppliers to do the same
- Meet your own security responsibilities as a supplier and consumer
- Raise awareness of security within your supply chain
- Provide support for security incidents
- Build assurance activities into your supply chain management
- Encourage the continuous improvement of security within your supply chain
- Build trust with suppliers
GOV027
Understand what needs to be protected and why
You should know:
- the sensitivity of contracts you let
- the value of the information or assets that suppliers hold, access, or handle as part of their contracts with you
- the impact on your organisation of loss or harm to information or assets that suppliers hold, access, or handle.
Think about the level of protection your suppliers need to provide for your assets and information as part of the contract, as well as the products or services they will deliver.
Remember that under the Public Records Act 2005, your organisation remains responsible for managing and protecting official records when they’re held offsite.
When you outsource an operation, you must meet the requirements for protecting information outlined in the:
Page last modified: 4/05/2022