Pick up the phone and talk to your suppliers ©Getty Images/iStockphoto
Pick up the phone and talk to your suppliers ©Getty Images/iStockphoto

Build a robust SAQ for supply chain security

A CIPS workshop on supply chain security, with the Security Awareness Special Interest Group and the National Cyber Security Centre, produced these tips on how to create a supplier assurance questionnaire

Conduct due diligence
Know your organisation’s strategy and risk appetite, explain the rules, policies and standards to suppliers, and identify your right to audit.

Categorise your suppliers Identify high, medium and low-risk suppliers, then prioritise and utilise your resources wisely to mitigate the areas of risk, starting with high-risk suppliers.

Tier your questionnaires
Avoid a one-size-fits-all approach, and consider a two- to three-questionnaire structure. Be prepared to adjust or remove questions when inappropriate or unnecessary for medium or small businesses.

Stay connected
Be approachable and prepared to collaborate – it’s in everyone’s interest to help educate your suppliers. Avoid a transactional approach and work in partnership with your suppliers. Pick up the phone or meet face-to-face to sense check information.

Support compliance
Help build your suppliers’ awareness of ISO27001 compliance and highlight the benefits of developing their processes.

To listen to a CIPS Knowledge webinar on how the Salvation Army set up its SAQ go to: bit.ly/SAQWebinar

London (Central), London (Greater)
£40,169 per annum
Royal College of General Practitioners
London or East Kilbride
London total package - £35,700, East Kilbride total package - £30,700
Cabinet Office
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates