The Government is considering introducing new proposals to help businesses manage cyber risks attached to supply chains. Accordingly, it is calling for views on a number of measures to enhance the security of digital supply chains and third party IT services used by businesses for data processing and infrastructure management.
The Government wants views on the existing guidance for supply chain cyber risk management and is also testing the suitability of a proposed security framework for firms which manage organisations' IT infrastructure, known as "Managed Service Providers".
The proposals could require Managed Service Providers to meet the current Cyber Assessment Framework, which consists of a set of 14 cyber security principles designed for organisations that play a vital role in the day-to-day life of the UK.
The framework sets out measures organisations should take, such as:
- having policies to protect devices and prevent unauthorised access;
- ensuring data is protected at rest and in transit;
- keeping secure and accessible backups of data; and
- training staff and pursuing a positive cyber security culture.
The Government is seeking industry feedback on examples of good supplier risk management, building on its advice set out in the Supply Chain Security Guidance and Supplier Assurance Questions. The Call for Views is open until 11 July 2021. To access the policy paper and for details on how to submit views, click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
