04) Does your organisation have a supplier security policy that outlines the security requirements that your suppliers are expected to meet?
Supply Chain Management Supplier Security Policy
Written by Haydn Brooks
Created on March 18, 2019
Modified on September 19, 2019

Answer yes if your organisation has documented the baseline level of security controls that it expects its suppliers of different criticalities to adhere to. The Risk Ledger platform can be used for this - get in touch!

In the previous control (L3) we assigned a criticality status to each supplier. This control (L4) makes sure that you have defined the security requirements you expect your suppliers of each classification to meet. The higher the criticality of the supplier, typically the more comprehensive security requirements they have to meet.

This control is important as it aligns you and your supplier’s security requirements and transparently tells the supplier what level of security they have to have implemented in order to do business with your organisation. The requirements should be specific and actionable.

This policy can be implemented using a word or excel based document, or it can be done through Risk Ledger using our Policies tool.

How to implement the control:
We recommend that you onboard onto Risk Ledger and use the platform to complete all of your supply chain security controls – it is easy to use and maintain and free! Using the platform you can define your security policies and add your suppliers to automatically comply with controls [L3](https://www.riskledger.com/resources/framework/l/3), [L4](https://www.riskledger.com/resources/framework/l/4), [L5](https://www.riskledger.com/resources/framework/l/5) and [L6](https://www.riskledger.com/resources/framework/l/6). A template policy for a small organisation can be requested at info@riskledger.com.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.