Managing your connected place’s procurement and supply chain
Updated 10 July 2023
© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/secure-connected-places-smart-cities-guidance-collection/managing-your-connected-places-procurement-and-supply-chain
This section will be particularly relevant to individuals who are responsible for procuring connected places technology or managing a supplier. The following guidance will give you an understanding of the things you need to consider when assessing your supplier’s security practices and your supplier’s supply chain.
This guidance is relevant to:
- Connected places project leaders/managers
- Information managers, processors and users
Supply Chain Security Principles
Owner: National Cyber Security Centre
About this guidance: This guidance outlines how to ensure your supply chain is secure and how you can maintain effective control and oversight of your supply chain.
How to assess and gain confidence in your supply chain cyber security
Owner: National Cyber Security Centre
This guidance describes practical steps to help organisations better assess cyber security in their supply chains. It’s aimed at medium to large organisations who need to gain confidence or assurance that mitigations are in place for vulnerabilities associated with working with suppliers. This guidance supplements the NCSC’s Supply Chain Security Principles which are referenced throughout.
Owner: National Cyber Security Centre
This guidance is aimed at medium to large organisations who need to gain confidence or assurance that mitigations are in place for vulnerabilities associated with working with suppliers. The guidance will support you to develop an up to date understanding of your network of suppliers and conduct the necessary due diligence to manage the cyber risks in your supply chain. It should be read alongside NCSC’s guidance on how to assess and gain confidence in your supply chain (above).
Supply Chain Security Guidance: Guidance for Practitioners
Owner: CPNI
About this guidance: This guidance provides an overview of the risks that can be posed by vulnerabilities in your supply chain, the steps you can take to ensure that your supply chain is secure and what further considerations you should take into account.
Owner: National Cyber Security Centre
About this guidance: This guidance provides you with a list of questions to ask your suppliers that will help you gain confidence in their cyber security. Whilst not connected place specific, they will give you a good understanding of the cyber security practices of a supplier.
Securing SaaS Tools for Your Organisation
Owner: Central Digital and Data Office
About this guidance: This guidance provides guidelines for the selection, buying, and managing of Software as a Services (SaaS) tools for your organisation.