This section offers a range of activities that your council may wish to carry out during the management phase of the procurement lifecycle.
This includes monitoring compliance of suppliers against the cyber security requirements in the contract, and working collaboratively and proactively with your suppliers.
The management phase can often be a somewhat overlooked phase of the procurement lifecycle since it comes after the contract has been signed. Nonetheless, there are important considerations to account for, and often it is during this phase that a cyber attack will occur. See In this section below for a list of some of the most important activities to undergo in the management phase of the procurement lifecycle.
This guidance is based on National Cyber Security Centre (NCSC) principles, is not formal guidance, and should not be applied as such. It should be used as the basis of conversations about how the issues raised can be dealt with locally. It does not constitute legal advice and should not be relied upon in that capacity. Independent legal advice should always be sought.
In this section:
How to develop a consistent approach to contract management
It can be challenging to maintain a consistent approach to contract management but, a consistent approach ensures suppliers are adequately monitored, keeping your supply chain cyber resilient.
How to identify ways of monitoring and reporting cyber security arrangements and performance of the supply chain
There are many ways of monitoring and reporting when it comes to cyber security requirements and controls specific to suppliers and their supply chains.
How to develop a cyber incident management and response plan
While it is possible to reduce the likelihood of an attack from taking place through cyber security, it is impossible to protect against all cyber incidents and attacks.
How to identify ways of maintaining awareness of evolving threats
The threat landscape for cyber attacks is constantly changing and evolving, so it is helpful to understand the common ways in which it changes, as well as ways to keep on top of emerging and evolving threats.
How to collaborate with suppliers to maintain and improve arrangements and refine contractual requirements
The one thing that can be guaranteed with cyber resilience in your supply chain is that things will change.