A Guide to Developing a Retail Supply Chain Cybersecurity Risk Management Plan

A Guide to Developing a Retail Supply Chain Cybersecurity Risk Management Plan

NRF’s “Guide to Developing a Retail Supply Chain Cybersecurity Risk Management Plan,” developed in collaboration with The Chertoff Group, identifies supply chain-related cybersecurity risks and offers a framework and practices that can enable retailers to proactively address cybersecurity risks with partners. This model supply chain cybersecurity risk management framework includes:

  • A risk categorization of in-scope suppliers
  • Cybersecurity due diligence of these suppliers
  • Contractual requirements based on regulations and risk
  • Access controls where relevant
  • Ongoing monitoring elements