Government Plans Regulation to Bolster Supply Chain Security
Government regulation could be on the way to force improvements in supply chain security after industry feedback and new research pointed to gaps in protection.
Feedback from the government’s call for views in May 2021 confirmed several key barriers for organizations: low recognition of supplier risk; limited visibility into supply chains; insufficient tools to evaluate supplier risk; and “limitations to taking action due to structural imbalances.”
The government trailed several possible “interventions” to improve the situation, including providing more advice and guidance, improved access to a skilled workforce and the right products, and regulation — which was reportedly described as “very effective” by more respondents than any other respondents other option.
IT service providers could in the future be required to follow cybersecurity rules such as the National Cyber Security Centre’s (NCSC’s) Cyber Assessment Framework as part of possible regulation.
The NCSC offers specific Supply Chain Security and Supplier Assurance guidance at present, which could also be built into future requirements.
In addition, the government mooted the prospect of new procurement rules to ensure the public sector buys services from firms with good cybersecurity standards.
The news comes on the day