Embedding cyber resilience in local government supply chains

With the cyber threat landscape continually evolving, and an increased demand for digital public and corporate services, councils face a variety of challenges in developing ever stronger cyber secure and resilient procurement practices.

Decorative

To help meet this challenge, the LGA has worked with PUBLIC and cyber security partner DAINTTA to develop this online guidance – and a free e-learning course – to help councils embed greater cyber resilience in their procurement processes and supply chains.

The challenge

Councils rely on external suppliers to deliver devices, products and services. This means that councils’ ability to reduce the risk of a cyber attack and maintain cyber resilience also depends on the cyber security of organisations in their supply chains. Councils procure from many external suppliers, some of whose cyber resilience practices are more robust than others. This makes procurement an area with significant risk of cyber attacks for councils. Embedding cyber resilient practices into the structure of your council’s supply chain is integral to creating a strong foundation designed to prevent and mitigate the effects of cyber threats.

Learning content overview

To understand how cyber resilience can be built into procurement practices, councils will now be able to access up-to-date e-learning modules (these will be available here shortly) and web guides that offer support in embedding cyber secure and resilient practices into the different stages of the procurement life cycle. These resources aim to help embed and interpret the National Cyber Security Centre’s 12 principles of supply chain security for the local government context. The resources intend to give learners an understanding of the cyber threat landscape for different types of procurement, and the best practices for reducing risk and mitigating disruption. The e-learning modules provide an interactive, educational journey that highlights risks and recommendations for strengthening cyber security practices at each stage of the procurement cycle. Also see NCSC’s ‘How to assess and gain confidence in your supply chain cyber security’ aimed at procurement specialists, risk managers and cyber security professionals in medium to larger enterprises.

Purple decorative image

Strategy

Best practices for embedding cyber security into your council's commercial strategy and determining which assets need to be protected.

Green decorative image

Planning

Cyber security risks to be aware of in the earliest stages of a new procurement, and how to develop security controls for the procurement.

Pink decorative image

Tender

Evaluation tools and processes for understanding supplier risk and embedding cyber resilience in your supply chain during the tendering phase.

Aquamarine decorative image

Contract

How you and your council can translate cyber security requirements into concrete contract obligations and establish an agreed process for monitoring and reporting.

Orange decorative image

Management

This section offers a range of activities that your council may wish to carry out during the management phase of the procurement lifecycle.

Grey decorative image

Resources hub

​​​​​​​This guidance incorporates different resources to inform its contents and to supplement its delivery with examples and sample documents.

Audience

The learning materials are tailored to anyone with a role at any stage of the procurement cycle. All content is centred around accessibility so that it is valuable to everyone across all levels of cybersecurity maturity and understanding. The e-learning modules provide a comprehensive educational experience that is designed to maximise information retention through questions based on the information introduced and relevant examples of local government procurement. The web guides provide an additional, fast-access option enabling learners to access information as needed. These resources aim to help councils achieve the cultural change necessary to enable professionals to make better security decisions.

Disclaimer: While these resources are updated frequently, the threat landscape is constantly evolving with new risks and vulnerabilities. It is very important to always follow the most up-to-date guidance as given by the National Cyber Security Centre (NCSC) and other related Government bodies.

Highlighted pages

E-learning course: Foundations of cyber resilience in local government supply chains

Our free e-learning course provides local government procurement officers and contract managers with an in-depth introduction to cyber security, helping them to embed greater cyber resilience in supply chains by implementing cyber security best practice throughout the procurement cycle.