Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Cyber Supply Chain Risk Management Guidance

All organisations need to consider some element of Cyber Supply Chain Risk Management (SCRM). If another party is involved in the delivery of a product or service to your organisation, there will likely be an introduced cyber security risk from that entity. Additionally, your organisation will transfer any untreated supply chain risk to your customers.

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), has released two products to inform government, critical infrastructure and large organisations, about key cyber security issues related to Cyber Supply Chain Risk Management.

Organisations can use this guidance to:

  • enable a discussion at multiple levels in the organisation.
  • frame the correct questions with relation to SCRM.
  • understand what is meant by the term 'high risk vendor' and 'extrajudicial direction'.

Executive companion

This guidance informs executives and supply chain policy makers of key SCRM considerations.

Practitioners guide

This guidance informs cyber security practitioners, procurement officers, and supply chain decision makers with a more detailed discussion of the key cyber SCRM elements.

Further information

Cyber supply chain guidance

Cyber security guidance

June 25th, 2019