Recognising the importance of Supply Chain Security
Our Group along with others like it, is an attractive target for cyber attacks not just due to the information and technology we have at out disposal but also due to the sensitive information and data that we are entrusted with and secure on behalf of our clients and partners. These attacks are increasing in frequency and severity and all of our suppliers must understand that even a 'minor' breach may have a much bigger significance further down the line and therefore transparency is considered a must.
We place an expectation on our own suppliers that they recognise and address the importance of cyber security and assure us that they have appropriate controls in place to protect not only themselves but the information they hold and generate for us and our customers.
What is being achieved?
To better protect sensitive information and data, a number of new regulatory and contractual requirements have been, or are planned to be, implemented by the UK lead government departments as well as the US Federal Government.
How will this impact your company?
It is vital that our affected suppliers are able to either implement necessary security controls or prove that they
a) have implemented them and
b) prove that they are being monitored and effective.
If suppliers are not yet coming under the new regulations and contractual requirements, our own cyber risk management processes will build in appropriate security controls. As a result, we have built in local or national security requirements such the UK Cyber Essentials scheme into all of our contracts and supply chain requirements.
However, the ultimate responsibility for your company lies with you and the compliance for the relevant regulatory and contractual requirements will remain with you and your company.