The National Cyber Security Council (NCSC) has published guidance on supply chain mapping to help organisations strengthen their cyber resilience.
Its deputy director for government cyber resilience, Ian M, said the move comes in response to the need of organisations to understand the risks inherent in their supply chain and introduce security measures in proportion to the likelihood and impact of the risks.
“The goal is to have an up-to-date understanding of your network of suppliers, so that cyber risks can be managed more effectively and due diligence carried out,” he said.
The new details builds on existing supply chain guidance from NCSC, is aimed at cyber security professionals, risk managers and procurement specialists, and includes an introduction to supply chain mapping, what information it should contain, the position of sub-contractors and how to get started.
Ian M added that the exact approach will depend on an organisation’s procurement and risk management processes and the tooling available.
