GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships
Ex1: Perform thorough due diligence on prospective suppliers that is consistent with procurement planning and commensurate with the level of risk, criticality, and complexity of each supplier relationship
Ex2: Assess the suitability of the technology and cybersecurity capabilities and the risk management practices of prospective suppliers
Ex3: Conduct supplier risk assessments against business and applicable cybersecurity requirements
Ex4: Assess the authenticity, integrity, and security of critical products prior to acquisition and use
Tier
Description
Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships