GV.SC-02 - Defining Cybersecurity Roles in the Supply Chain
GV.SC-02 emphasizes defining and sharing cybersecurity roles and responsibilities for all parties in the supply chain—suppliers, customers, and partners—as well as within the organization. This clarity ensures that everyone understands their obligations, from planning to executing risk management activities, fostering accountability and coordination. Communication extends both internally and externally to align efforts and expectations.
This subcategory strengthens supply chain security by embedding these responsibilities into policies, contracts, and performance metrics, enhancing oversight and enforcement. It supports a collaborative framework where shared risks are managed through well-defined roles, reducing gaps in accountability. GV.SC-02 builds a network of responsibility that underpins effective supply chain risk management.
