GV.SC-01.068
Has your organization developed and implemented the processes from the cybersecurity supply chain risk management program, that align with your security strategy, objectives, policies, and procedures with documented stakeholder agreement and participation?
Explanation
This question assesses whether your cybersecurity supply chain risk management program, has been properly operationalized through defined processes that connect strategic goals to actual implementation. These processes should be formally documented, agreed upon by relevant stakeholders, and actively performed across the organization. Without this alignment, security initiatives may lack direction, coordination, and organizational buy-in. Evidence could include process documentation that references the security strategy and policies, meeting minutes showing stakeholder review and approval of processes, RACI matrices defining stakeholder responsibilities, or workflow diagrams showing how security processes are implemented across different organizational functions.
Implementation Example
Develop and implement program processes based on the strategy, objectives, policies, and procedures that are agreed upon and performed by the organizational stakeholders
ID: GV.SC-01.068
Context
- Function
- GV: GOVERN
- Category
- GV.SC: Cybersecurity Supply Chain Risk Management
- Sub-Category
- A cybersecurity supply chain risk management program, strategy, objectives, policies, and processes are established and agreed to by organizational stakeholders
