Achieving acceptable standards in the supply chain
Therefore it is essential that every organisation in the supply chain has secure systems and practices, can demonstrate this to the others in the chain, and also has confidence in the others in the chain.
It is likely that every organisation in the chain will have different structures, business models, working practices, information infrastructures and be of differing sizes … and will also work to different standards in terms of their own cyber and information security, and how they assess those of others – including your organisation.
As a starting point, it is your responsibility to ensure that you deploy good levels of security in terms of technical safeguards, procedures and practice and employee behaviour.
You should also establish at the earliest possible point in your entry into the supply chain, the existence, nature and level of security required (if any), and agree or negotiate according to your own requirements and standards, and those of your partners in the chain. Large partners are more likely to have rigid stipulations, but these may vary according to the size and nature of your organisation and its role in the chain.
You may be able to achieve an acceptable standard – and assess that of your partners in the supply chain -.internally or with the aid of an external consultant. The advice provided on this site is intended to help you determine the areas to be scrutinised and provides information and advice specific to those areas.