Management

This section offers a range of activities that your council may wish to carry out during the management phase of the procurement lifecycle.

This includes monitoring compliance of suppliers against the cyber security requirements in the contract, and working collaboratively and proactively with your suppliers.

The management phase can often be a somewhat overlooked phase of the procurement lifecycle since it comes after the contract has been signed. Nonetheless, there are important considerations to account for, and often it is during this phase that a cyber attack will occur. See In this section below for a list of some of the most important activities to undergo in the management phase of the procurement lifecycle.

Overview of procurement life cycle with management phase highlighted

This guidance is based on National Cyber Security Centre (NCSC) principles, is not formal guidance, and should not be applied as such. It should be used as the basis of conversations about how the issues raised can be dealt with locally. It does not constitute legal advice and should not be relied upon in that capacity. Independent legal advice should always be sought.

Management

How to develop a consistent approach to contract management

How to identify ways of monitoring and reporting cyber security arrangements and performance of the supply chain

How to develop a cyber incident management and response plan

How to identify ways of maintaining awareness of evolving threats

How to collaborate with suppliers to maintain and improve arrangements and refine contractual requirements

Management

Highlighted pages

Strategy

Planning

Tender

Contract

Resources hub