III. Check your arrangements

Created:  28 Jan 2018
Updated:  28 Jan 2018
Businesses will need to gain confidence in their approach to establishing control over their supply chain.


10. Build assurance activities into your supply chain management

  • Require those suppliers who are key to the security of your supply chain, via contracts, to provide upward reporting of security performance and to adhere to any risk management policies and processes. 

  • Build the 'right to audit' into all contracts and exercise this. Require your suppliers to do the same for any contracts that they have let that relate to your contract and your organisation. (Note that this might not always be possible or desirable, particularly where this relates to a Cloud service). 

  • Build, where justified, assurance requirements such as Cyber Essentials Plus, penetration tests, external audit or formal security certifications into your security requirements.

  • Establish key performance indicators to measure the performance of your supply chain security management practice.

  • Review and act on any findings and lessons learned.

  • Encourage suppliers to promote good security behaviours.



< Section II                     Section IV >

Was this guidance helpful?

We need your feedback to improve this content.

Yes No