ID.RA-10 - Assessing Critical Suppliers Before Acquisition
ID.RA-10 involves conducting risk assessments of critical suppliers before engaging them, evaluating their cybersecurity practices and supply chain risks. This ensures that suppliers handling sensitive data or vital services meet organizational security requirements. It’s a proactive step to mitigate third-party vulnerabilities.
This subcategory aligns procurement with risk priorities, focusing on suppliers whose failure could disrupt operations or expose assets. It provides a structured basis for supplier selection, enhancing supply chain security. ID.RA-10 integrates supplier risk into the broader risk assessment process.
