GV.SC-01 - Building a Supply Chain Risk Management Program
GV.SC-01 focuses on creating a structured cybersecurity supply chain risk management program that includes a clear strategy, objectives, policies, and processes, all endorsed by organizational stakeholders. This ensures that risks stemming from suppliers and third-party relationships are systematically addressed, with a defined plan that outlines milestones and responsibilities. Stakeholder agreement reinforces the program’s legitimacy and aligns it with broader organizational goals.
This subcategory establishes a foundation for managing supply chain risks by integrating cybersecurity considerations into procurement and vendor interactions. It promotes collaboration across functions like IT, legal, and operations to ensure the program is actionable and effective. GV.SC-01 sets the stage for a proactive, organization-wide approach to securing the supply chain.
