GV.SC-06:

Implementation Examples

Ex1: 

Perform thorough due diligence on prospective suppliers that is consistent with procurement planning and commensurate with the level of risk, criticality, and complexity of each supplier relationship

Ex2: 

Assess the suitability of the technology and cybersecurity capabilities and the risk management practices of prospective suppliers

Ex3: 

Conduct supplier risk assessments against business and applicable cybersecurity requirements

Ex4: 

Assess the authenticity, integrity, and security of critical products prior to acquisition and use