The UK Government’s Centre for the Protection of National Infrastructure (CPNI) has published a new document which gives advice on handling supply chain vulnerabilities.
‘Mitigating Security Risk in the National Infrastructure Supply Chain a Good Practice Guide For Employers’ recommends that organizations should view supply chain security risk as being an extension of existing arrangements to mitigate security risk within the organization itself. To achieve this a supply chain security risk mitigation implementation plan is required which includes:
- Comprehensive mapping of all tiers of the upstream and downstream supply chains to the level of individual contracts.
- Risk scoring each contract to link in to the organization’s existing security risk assessment.
- Due diligence/accreditation/assurance of suppliers (and potential suppliers) and the adoption, through contracts, of proportionate and appropriate measures to mitigate risk.
- Audit arrangements and compliance monitoring.
- Contract exit arrangements.
Read the document (PDF).