NCSC issues new supply chain mapping guidance

The NCSC has published a new addition to its supply chain guidance with a focus on the process of supply chain mapping.

Supply chain mapping is the process of recording, storing and using information gathered from suppliers who are involved in a company’s supply chain. The new information focuses specifically on this aspect of the supply chain operation and is aimed at procurement specialists, risk managers and cyber security professionals.

Ian McCormack, deputy director for government cyber resilience at the NCSC, said: “Supply chain mapping follows the principles of all good risk management. Organisations need to understand the risks inherent in their supply chain, and then introduce security measures that are in proportion to the likelihood – and impact – of those risks materialising. The goal is to have an up-to-date understanding of your network of suppliers, so that cyber risks can be managed more effectively, and due diligence carried out.”

The new guidance details a number of aspects of supply chain mapping, including: what supply chain mapping is, why it’s important and how it can benefit your organisation; what information it will typically contain; the role of sub-contractors that your suppliers may use; and what this means when agreeing contracts.

“The exact approach will depend upon your organisation’s procurement and risk management processes, and the tooling that you have available to you. However, if you’re not sure where you start, we encourage you to read both the Supply Chain Mapping document and also our guidance on How to Assess and Gain Confidence in your Supply Chain Cyber Security.”

Readers may access these two documents here:

    Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023