ID.SC: Supply Chain Risk Management

Warning icon.

Category is withdrawn in the next version of this framework and incorporated into: GV.SC: Cybersecurity Supply Chain Risk Management.


The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk decisions associated with managing supply chain risk. The organization has established and implemented the processes to identify, assess and manage supply chain risks.

Framework Subcategories