Requirement

5.1.1: Supply chain security policy

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

For the purpose of Article 21(2), point (d) of Directive (EU) 2022/2555, the relevant entities shall establish, implement and apply a supply chain security policy which governs the relations with their direct suppliers and service providers in order to mitigate the identified risks to the security of network and information systems. In the supply chain security policy, the relevant entities shall identify their role in the supply chain and communicate it to their direct suppliers and service providers.

Fulfill this requirement by completing the tasks below ->

This requirement is part of the framework:

NIS2 Implementing Regulation

Other requirements of the framework

5.1.1: Supply chain security policy

Best practices

How to implement:

5.1.1: Supply chain security policy

This policy on

5.1.1: Supply chain security policy

provides a set concrete tasks you can complete to secure this topic. Follow these best practices to ensure compliance and strengthen your overall security posture.

Read below what concrete actions you can take to improve this ->

Frameworks that include requirements for this topic:

No items found.

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to

5.1.1: Supply chain security policy

Task name

Priority

Task completes

Complete these tasks to increase your compliance in this policy.

Critical

No other tasks found.

Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement

5.1.1: Supply chain security policy

of the framework

NIS2 Implementing Regulation

Task name

Priority

Task completes

Complete these tasks to increase your compliance in this policy.

Critical

Data processing partner listing and owner assignment

Critical

High

Normal

Low

Partner management

Agreements and monitoring

Data processing partner listing and owner assignment

This task helps you comply with the following requirements

Članak 30.1.d: Sigurnost lanca opskrbe NIS2 Croatia

9.4 §: Toimitusketjun hallinta ja valvonta Kyberturvallisuuslaki

1.2.4: Definition of responsibilities with service providers TISAX

1.3.3: Use of approved external IT services TISAX

6.1.1: Partner Information security TISAX

Documentation of partner contract status

Critical

High

Normal

Low

Partner management

Agreements and monitoring

Documentation of partner contract status

This task helps you comply with the following requirements

Članak 30.1.d: Sigurnost lanca opskrbe NIS2 Croatia

9.4 §: Toimitusketjun hallinta ja valvonta Kyberturvallisuuslaki

30 § 3.4°: La sécurité de la chaîne d'approvisionnement NIS2 Belgium

30 § 4°: Définir et contrôler les mesures de sécurité requises pour la chaîne d'approvisionnement NIS2 Belgium

2.1.9: Maintain security responsibility during outsourcing NSM ICT-SP

Minimum requirements for partner companies to gain access to different levels of information

Critical

High

Normal

Low

Partner management

Supplier security

Minimum requirements for partner companies to gain access to different levels of information

This task helps you comply with the following requirements

15.1.1: Information security policy for supplier relationships ISO 27001

15.1.3: Information and communication technology supply chain ISO 27001

ID.BE-1: Role in supply chain NIST

5.21: Managing information security in the ICT supply chain ISO 27001

6.5: Tietojärjestelmien perustiedot, kuvaukset ja olennaisten vaatimusten täyttyminen Tietoturvasuunnitelma

Documenting partners who are related to offered digital services supply chain

Critical

High

Normal

Low

Development and cloud

Cloud service management

Documenting partners who are related to offered digital services supply chain

This task helps you comply with the following requirements

A.8: Openness, transparency and notice ISO 27018

A.8.1: Disclosure of sub-contracted PII processing ISO 27018

15.1.3: Information and communication technology supply chain ISO 27017

A.8.5.6: Disclosure of subcontractors used to process PII ISO 27701

A.8.5.7: Engagement of subcontractor to process PII ISO 27701

The role of the organization in the supply chain

Critical

High

Normal

Low

Development and cloud

Cloud service management

The role of the organization in the supply chain

This task helps you comply with the following requirements

ID.BE-1: Role in supply chain NIST

ID.BE-1: The organization’s role in the supply chain is identified and communicated.CyberFundamentals

GV.SC-02: Establishing and communicating cybersecurity roles for suppliers, customers, and partners NIST 2.0

5.1.1: Supply chain security policy NIS2 Guide

Supply chain cyber security risk management

Critical

High

Normal

Low

Partner management

Supplier security

Supply chain cyber security risk management

This task helps you comply with the following requirements

Članak 30.2: Dobavljačka kibernetička sigurnost i rizici NIS2 Croatia

9.4 §: Toimitusketjun hallinta ja valvonta Kyberturvallisuuslaki

30 § 4°: Définir et contrôler les mesures de sécurité requises pour la chaîne d'approvisionnement NIS2 Belgium

2.1.4: Reduce the risk of targeted manipulation of ICT products in the supply chain NSM ICT-SP

2.1.9: Maintain security responsibility during outsourcing NSM ICT-SP

Prioritization of partners based on criticality

Critical

High

Normal

Low

Partner management

Supplier security

Prioritization of partners based on criticality

This task helps you comply with the following requirements

ID.SC-2: Suppliers and third party partners of information systems NIST

ID.SC-2: Suppliers and third-party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process.CyberFundamentals

GV.SC-04: Prioritizing suppliers by criticality NIST 2.0

5.1.1: Supply chain security policy NIS2 Guide

33: Tiekėjų atrankos kriterijai NIS2 Guide Lithuania

Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way‍

Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.

Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.

Do it once - we automatically apply it to all current and future frameworks.

Start free trial