Supply chain mapping is the process of recording, storing and using information gathered from suppliers who are involved in a company’s supply chain. Building on our existing supply chain guidance, we’re pleased to announce new guidance that focusses explicitly on this process, aimed at at procurement specialists, risk managers and cyber security professionals.
Supply chain mapping follows the principles of all good risk management; organisations need to understand the risks inherent in their supply chain, and then introduce security measures that are in proportion to the likelihood (and impact) of those risks materialising. The goal is to have an up-to-date understanding of your network of suppliers, so that cyber risks can be managed more effectively, and due diligence carried out.
More specifically, the new guidance explains:
- What supply chain mapping is, why it’s important and how it can benefit your organisation
- What information it will typically contain
- The role of sub-contractors that your suppliers may use
- What this means when agreeing contracts
As the the guidance points out, your exact approach will depend upon your organisation’s procurement and risk management processes, and the tooling that you have available to you. However, if you’re not sure where you start, we encourage you to read both the supply chain mapping document and also guidance on How to assess and gain confidence in your supply chain cyber security.
We’re always looking to improve our guidance, so if you have any feedback please get in touch using our enquiries page.
Deputy Director for Government Cyber Resilience, NCSC
Original Source: ncsc[.]gov[.]uk
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.