GV.SC-06 - Conducting Due Diligence Before Supplier Partnerships
GV.SC-06 mandates thorough planning and due diligence before engaging suppliers or third parties, assessing their cybersecurity capabilities and risks. This proactive step evaluates factors like technology suitability and risk management practices, ensuring potential partners meet organizational standards. It aims to minimize vulnerabilities introduced through new relationships.
By conducting risk assessments prior to formal agreements, this subcategory helps organizations avoid suppliers that could compromise security or operations. It supports informed decision-making, aligning procurement with cybersecurity goals. GV.SC-06 establishes a preventive approach to supply chain risk management.
