Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

04) Does your organisation have a supplier security policy that outlines the security requirements that your suppliers are expected to meet?

August 30, 2022
Supply Chain Management
Supplier Security Policy

Answer yes if your organisation has documented the baseline level of security controls that it expects its suppliers of different criticalities to adhere to. The Risk Ledger platform can be used for this - get in touch!

In the previous control (I3) we assigned a criticality status to each supplier. This control (I4) makes sure that you have defined the security requirements you expect your suppliers of each classification to meet. The higher the criticality of the supplier, typically the more comprehensive security requirements they have to meet.

This control is important as it aligns you and your supplier’s security requirements and transparently tells the supplier what level of security they have to have implemented in order to do business with your organisation. The requirements should be specific and actionable.

This policy can be implemented using a word or excel based document, or it can be done through Risk Ledger using our Policies tool.

How to implement the control

We recommend that you onboard onto Risk Ledger and use the platform to complete all of your supply chain security policies – it is easy to use and maintain and free! Using the platform you can define your security policies and add your suppliers to automatically comply with controls I3, I4, I5 and I6.

A template policy for a small organisation can be requested at

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.