The guidance will provide organisations with an improved awareness of supply chain security, as well as helping to raise the baseline level of competence in this regard, through the continued adoption of good practice. Whilst beneficial, this guidance has not been written for organisations with national security (high assurance), requirements.
Most organisations rely upon suppliers to deliver products, systems, and services. You probably have a number of suppliers yourself, it’s how we do business.
But, supply chains can be large and complex, involving many suppliers doing many different things. Effectively securing the supply chain can be hard because vulnerabilities can be inherent, or introduced and exploited at any point in the supply chain. A vulnerable supply chain can cause damage and disruption.
Despite these risks, many companies lose sight of their supply chains. In fact, according to the 2016 Security Breaches Survey, very few UK businesses set minimum security standards for their suppliers.
A series of high profile, very damaging attacks on companies has demonstrated that attackers have both the intent and ability to exploit vulnerabilities in supply chain security. This trend is real and growing. So, the need to act is clear.