Resetting the relationship between local and national government. Read our Local Government White Paper

Embedding cyber resilience in local government supply chains

With the cyber threat landscape continually evolving, and an increased demand for digital public and corporate services, councils face a variety of challenges in developing ever stronger cyber secure and resilient procurement practices.


To help meet this challenge, the LGA has worked with PUBLIC and cyber security partner DAINTTA to develop this online guidance – and a free e-learning course – to help councils embed greater cyber resilience in their procurement processes and supply chains.

The challenge

Councils rely on external suppliers to deliver devices, products and services. This means that councils’ ability to reduce the risk of a cyber attack and maintain cyber resilience also depends on the cyber security of organisations in their supply chains. Councils procure from many external suppliers, some of whose cyber resilience practices are more robust than others. This makes procurement an area with significant risk of cyber attacks for councils. Embedding cyber resilient practices into the structure of your council’s supply chain is integral to creating a strong foundation designed to prevent and mitigate the effects of cyber threats.

Learning content overview

To understand how cyber resilience can be built into procurement practices, councils will now be able to access up-to-date e-learning modules (these will be available here shortly) and web guides that offer support in embedding cyber secure and resilient practices into the different stages of the procurement life cycle. These resources aim to help embed and interpret the National Cyber Security Centre’s 12 principles of supply chain security for the local government context. The resources intend to give learners an understanding of the cyber threat landscape for different types of procurement, and the best practices for reducing risk and mitigating disruption. The e-learning modules provide an interactive, educational journey that highlights risks and recommendations for strengthening cyber security practices at each stage of the procurement cycle. Also see NCSC’s ‘How to assess and gain confidence in your supply chain cyber security’ aimed at procurement specialists, risk managers and cyber security professionals in medium to larger enterprises.


The learning materials are tailored to anyone with a role at any stage of the procurement cycle. All content is centred around accessibility so that it is valuable to everyone across all levels of cybersecurity maturity and understanding. The e-learning modules provide a comprehensive educational experience that is designed to maximise information retention through questions based on the information introduced and relevant examples of local government procurement. The web guides provide an additional, fast-access option enabling learners to access information as needed. These resources aim to help councils achieve the cultural change necessary to enable professionals to make better security decisions.

Disclaimer: While these resources are updated frequently, the threat landscape is constantly evolving with new risks and vulnerabilities. It is very important to always follow the most up-to-date guidance as given by the National Cyber Security Centre (NCSC) and other related Government bodies.