Skip to main content

SR-2 Supply Chain Risk Management Plan

Description

Supply chain risk management plans include an expression of the supply chain risk tolerance for the university, acceptable supply chain risk mitigation strategies or controls, a process for consistently evaluating and monitoring supply chain risk, approaches for implementing and communicating the plan, a description of and justification for supply chain risk mitigation measures taken, and associated roles and responsibilities.

Applicability

  • This control applies to the university Chief Information Security Officer.

Implementation

  • 1 - It is the responsibility of the Chief Information Security Officer to:

    • 1.1 - Develop a plan for managing supply chain risks associated with the research and development, design, manufacturing, acquisition, delivery, integration, operations, and disposal of university systems, system components or system services;
    • 1.2 - Implement the supply chain risk management plan consistently across the university; and
    • 1.3 - Review and update the supply chain risk management annually to address threat, organizational or environmental changes.