The NCSC has published a new addition to its supply chain guidance with a focus on the process of supply chain mapping.

Supply chain mapping is the process of recording, storing and using information gathered from suppliers who are involved in a company’s supply chain. The new information focuses specifically on this aspect of the supply chain operation and is aimed at procurement specialists, risk managers and cyber security professionals.

Ian McCormack, deputy director for government cyber resilience at the NCSC, said: “Supply chain mapping follows the principles of all good risk management. Organisations need to understand the risks inherent in their supply chain, and then introduce security measures that are in proportion to the likelihood – and impact – of those risks materialising. The goal is to have an up-to-date understanding of your network of suppliers, so that cyber risks can be managed more effectively, and due diligence carried out.”

The new guidance details a number of aspects of supply chain mapping, including: what supply chain mapping is, why it’s important and how it can benefit your organisation; what information it will typically contain; the role of sub-contractors that your suppliers may use; and what this means when agreeing contracts.

“The exact approach will depend upon your organisation’s procurement and risk management processes, and the tooling that you have available to you. However, if you’re not sure where you start, we encourage you to read both the Supply Chain Mapping document and also our guidance on How to Assess and Gain Confidence in your Supply Chain Cyber Security.”


Readers may access these two documents here:

https://www.ncsc.gov.uk/guidance/mapping-your-supply-chain

https://www.ncsc.gov.uk/collection/assess-supply-chain-cyber-security

Share Story: