As a government research facility, we have always placed great importance on ensuring our information remains secure. However, as we have recently moved into a heavily virtual world it is especially critical that we ensure our information remains secure online.
BS EN ISO 19650-5:2020 outlines a framework for sensitive information that is obtained, created, processed and stored to ensure security. The purpose is to help reduce the risk of sensitive information being lost, misused or modified, impacting the security of assets, products, the built environment or the services it facilitates. The measures can also be used to protect commercial information, intellectual property (IP) and personal data from being lost, stolen, or disclosed. To view the framework, click here.
The key points are:
Initiate security-minded approach
Develop a security strategy
Develop a security management plan
Work with appointed parties to embed security-minded approach
Monitor, audit and review
The NCSC have outlined 12 principles to help establish control and oversigt of your supply chain. The principles can be found in more detail here, but the key themes are:
Understanding the risks (and benefits) of engaging with suppliers
Establishing control with minimum requirements to meet your organisation's security responsibilities
Checking your arrangements and construct assurance activities
Continuous improvement and reviews