Scotland’s Safer Communities Directorate has unveiled a tool to help the public sector improve the cyber security of its supply chains.
Named the Scottish Cyber Assessment Service (SCAS), it has been developed with bodies including the Digital Office Scottish Local Government, is currently in open beta and is free to use for public authorities in the country.
The directorate, which is within the Scottish Government, has also published guidance for buyers explaining the key features of the service and how they can embed it in their procurement processes.
It points to reading the guidance note as the first step in using the tool, followed by carrying out a risk profile assessment then a supplier assurance questionnaire. It is possible to learn more from building a dashboard and exploring guidance from bodies such as the National Cyber Security Centre.
The guidance outlines 12 principles of supply chain security separated into four stages: understanding the risks; establishing control; checking arrangements; and continuous improvement.
Among the key steps are to know suppliers and understand what their security looks like, set and communicate minimum security arrangements to suppliers, and provide support for security incidents.
The directorate has also published an example tender and contract wording document.