UK Government asks for views on supply chain security

UK’s Department for Digital, Culture, Media and Sport (DCMS) has called for views on security measures across digital supply chains and IT services, including data processing, infrastructure management and supplier assurance.

The call comes as more organizations move their operations online and pivot to digital business models. A few obvious examples are retailers moving online and car manufacturers offering cars on subscription, which may kill showroom sales.

As organizations increasingly move their operations online, it’s a given that digital supply chains and third-party IT service operators will become more vital. The government wants to take a leadership role in helping organizations make the transition.

Call for Views

The Call for Views focuses on two parts:

Part 1 seeks input on how organizations across the market manage supply chain cyber risk and how government intervention would help.

Part 2 seeks input on the suitability of a proposed framework for Managed Service Provider security and how it can be appropriately implemented.

You can read more about the Call for Views here.

The information submitted by organizations will be used to develop new policy solutions that support organizations in cyber risk management.

However, responses are not limited to organizations and all those that have an interest in supply chain cyber risk management are being asked to provide their opinions.

Security comes first

The government wants to ensure that organizations can properly review the cyber security risks coming from suppliers and their supply chains.

The National Cyber Security Centre (NCSC) already offers a raft of support to help organizations assess the security risks of their suppliers, however the government wants to go further and is asking for views from organizations on this matter.

They have requested views on existing guidance for supply chain risk cyber management and they are testing a new security framework with some firms. This is a managed service provider framework, which requires Managed Service Providers to meet the current Cyber Assessment Framework so feedback can be collected.  

Want to take part?

If you wish to take part in the Call for Views, you can complete the online survey. If you are unable to complete the survey, you can email your response to cyber-review@dcms.gov.uk or send it via post to the following address:

Call for views on supply chain cyber security

Cyber Resilience Team – 4/47

DCMS

100 Parliament Street

London

SW1A 2BQ