Czechia: NÚKIB publishes guide for supplier management in relation to cybersecurity risk assessment
On September 7, 2023, the National Office for Cyber and Information Security (NÚKIB) published a guide for supplier management in relation to cybersecurity risk assessment. The guide was developed in cooperation with the State Treasury Center for Shared Services (SPCSS) and aims to address the issue of risk assessment in procurement, focusing on public procurement, especially for those with minimal or no experience in this field. NÚKIB emphasized that the guide can be used by more experienced individuals responsible for risk assessment in the supplier management process as a source of inspiration to improve their established procedures.
Moreover, NÚKIB highlighted that the guide is presented as a recommendation, showcasing one of the potential correct approaches. Users are encouraged to tailor the provided principles to suit the specific context of their respective organizations.
The guide includes theoretical and practical sections, as well as model examples. In the theoretical section, the guide discusses the basis for risk assessment in legislation and various provisions of the Cyber Security Regulation (VKB) related to supplier management. The practical section describes the necessary steps for conducting risk assessments. Additionally, the guide includes model examples that provide specific illustrations using public procurement in a fictional ministry setting. NÚKIB noted that the guide is based on the VKB but is enriched with practical experience.