III. Check your arrangements

Businesses will need to gain confidence in their approach to establishing control over their supply chain.

10. Build assurance activities into your supply chain management

Require those suppliers who are key to the security of your supply chain, via contracts, to provide upward reporting of security performance and to adhere to any risk management policies and processes.
Build the ‘right to audit’ into all contracts and exercise this. Require your suppliers to do the same for any contracts that they have let that relate to your contract and your organisation. (Note that this might not always be possible or desirable, particularly where this relates to a Cloud service).
Build, where justified, assurance requirements such as Cyber Essentials Plus, penetration tests, external audit or formal security certifications into your security requirements.
Establish key performance indicators to measure the performance of your supply chain security management practice.
Review and act on any findings and lessons learned.
Encourage suppliers to promote good security behaviours.

< Section II Section IV >

Was this guidance helpful?

We need your feedback to improve this content.

Yes No

Source: NCSC

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

10. Build assurance activities into your supply chain management

Share this page

Was this guidance helpful?

You might also like