Elements and Performance Criteria
- Identify digital supply chain risks
- Cyber security risks related to third parties in the digital supply chain are identified
- Digital supply chain risks are prioritised for severity of impact
- Responsibility and level of authority for monitoring risk management practices in the digital supply chain is confirmed
- Develop digital supply chain risk management plan
- Digital supply chain risk management system is developed, in accordance with the risk management plan
- Digital supply chain risk management policies, procedures, processes and practices are developed, in consultation with stakeholders
- Reporting mechanisms are established, in accordance with the risk management plan
- Implement digital supply chain risk managementpractices
- Digital supply chain dashboard metrics are used to assess risks, identify causes and inform stakeholders
- Risks to the technical integrity of the digital supply chain are reported, in accordance with risk management procedures
- Responses to unplanned digital supply chain events are managed, in accordance with risk management procedures
- Review and report ondigital supply chain risk management practices
- Continuous monitoring and assessment of digital supply chain data related to risk management practices is reviewed
- Report on digital supply chain risk management practices is prepared and presented to approved stakeholders
- Continuous improvement actions that support risk management practices are documented