This section outlines how to conduct a review of the cyber risk of your current contracts, frameworks and suppliers, and how to ensure this feeds into future planning. This will ensure that your council’s cyber strategy and approach is shaped by a mature understanding of your current cyber exposure. It will also help to ensure that you are protected against risks from your current supply chain - where risks are often greatest.
In developing a cyber security strategy, the first step to develop a cyber strategy is to conduct a cyber security assessment of your current commercial approach. This will help you to prioritise which practices you should adopt to embed cyber security into your procurement, as well as the scope that is available to do so. This first assessment should include:
- Establishing a single view of all your suppliers and contracts
- Identifying re-tendering priorities
- Assessing cyber options within frameworks and catalogue spend
- Evaluating cyber security and cyber resilience in existing contract templates
- Identifying current tendering processes
- Assessing capacity against incoming bids
- Embedding cyber reporting into ongoing contract management
At this point, it is important to embed your cyber risk assessments into your ongoing contract management approach to give everyone within your commercial team - and wider council - visibility of the current risks and priorities.
The management section covers effective contract management of cyber risks, but the key goal here is to make sure that when you conduct your as-is cyber assessment above, the results are captured clearly in your ongoing daily reporting.