Public power entities of all types are increasingly focused on enhancing risk mitigation and prevention programs to manage cybersecurity concerns stemming from the supply chain. Whether you are looking at establishing a formal cyber supply chain risk management program or enhancing an existing one, this manual can help. From assessing vendor risks to understanding the terminology and developing contracts, this comprehensive manual has guidance for how to design, develop, implement, manage, or mature cyber supply chain security and risk management programs.
Areas covered include:
- Key risk management concepts
- Regulatory and policy considerations
- NERC Critical Infrastructure Protection Standards
- Assessing your organization's risk and program maturity
- Designing and implementing risk management processes and controls
- Procurement processes and vendor agreements
- Roles and responsibilities
For guidance in reviewing the document to align with your needs, refer to the Implementation Toolkit in Appendix A1.
Fill out this form to download the manual.