GV.SC-05.093

Does your organization include specific cybersecurity risk management provisions in contracts and agreements with suppliers and their supply chains?

Explanation

This question assesses whether your organization formally documents the cybersecurity responsibilities and liabilities between all parties in the supply chain. Contracts should clearly define who is responsible for security incidents, data breaches, vulnerability management, and compliance requirements throughout the relationship lifecycle. Including these provisions helps establish accountability and ensures all parties understand their security obligations. Evidence could include sample contract templates or redacted agreements showing cybersecurity clauses, supplier security requirements documentation, or a formal supply chain risk management policy that mandates the inclusion of security provisions in all supplier contracts.

Implementation Example

Specify in contracts and other agreements the rights and responsibilities of the organization, its suppliers, and their supply chains, with respect to potential cybersecurity risks

ID: GV.SC-05.093

Context

Function
GV: GOVERN
Category
GV.SC: Cybersecurity Supply Chain Risk Management
Sub-Category
Requirements to address cybersecurity risks in supply chains are established, prioritized, and integrated into contracts and other types of agreements with suppliers and other relevant third parties

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron