Change country:
The GCHQ subsidiary, the National Cyber Security Centre (NCSC) is advising organisations to map their supply chain dependencies, so that risks in the supply chain can be better understood and managed.
Supply chains are often large and complex, and effectively securing the supply chain can be hard because vulnerabilities can be inherent, introduced or exploited at any point within it, which makes it difficult to know if you have enough protection across the entire supply chain.
Understanding who your suppliers are, what they provide and how they provide it, will help you manage the cyber security risks that can arise.
An NCSC report just released recommends supply chain mapping for better decision-making, because it provides insights into cyber security considerations and enhances the ability to respond to supply chain-related cyber incidents.
NCSC recommend gathering information about your suppliers in a consistent manner and storing it in a centralised repository that’s access controlled, which will ensure it’s easier to analyse and maintain, by authorised users.
Supplier information should include:
a) Full inventory of suppliers and their subcontractors.
b) What produce or service is being provided and by whom.
c) Information flows between your organisation and a supplier.
d) Relevant contacts within the supplier.
e) Proof of certifications such as ISO and product certifications.
Acquiring this information, especially for large organisations with complex supply chains, can be a massive undertaking, warn the NCSC.
The NCSC warned this information would be “an attractive target to attackers”, so it should be held in a “secure repository with strong security architecture underpinning its design”.
For large organisations decisions around the practicality and usefulness of understanding beyond the primary tier should be evaluated, and only the information on direct contractors should initially be captured.
The report recommended the following terms for inclusion in contracts:
1. Incident management response and notification time frames.
2. Ability to audit suppliers and subcontractors.
3. Data management.
4. Data integrity
5. Management controls for suppliers’ access information systems and IP.
The simple and proven method to map your supply chain and remove risk
Noatum Logistics’ International supply chain (ISC) management services are delivered by a global team of ISC professionals, who are supported by our multi-award winning supply chain platform – PowerVIEW.
We map your supply chain for every supplier; from PO creation through to final delivery, to identify potential cyber issues, critical milestones and enhancement opportunities.
Our proprietary and super secure cloud-based technology, has been protecting supply chains for over a decade, with intuitive interfaces, end-to-end global visibility and user controlled access. PowerVIEW provides secure communications platform for your supply chain participant – with a full audit trail for each PO.
It secures and optimises performance throughout the chain, centralising critical documentation and reducing costs, and now it can mitigate your environmental footprint.
To learn more, or to arrange a PowerVIEW demo EMAIL Matt Fullard.
Unit 1, Alpha Way, Thorpe Industrial Estate