Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Czechia: NÚKIB publishes guide for supplier management in relation to cybersecurity risk assessment

On September 7, 2023, the National Office for Cyber and Information Security (NÚKIB) published a guide for supplier management in relation to cybersecurity risk assessment. The guide was developed in cooperation with the State Treasury Center for Shared Services (SPCSS) and aims to address the issue of risk assessment in procurement, focusing on public procurement, especially for those with minimal or no experience in this field. NÚKIB emphasized that the guide can be used by more experienced individuals responsible for risk assessment in the supplier management process as a source of inspiration to improve their established procedures.

Moreover, NÚKIB highlighted that the guide is presented as a recommendation, showcasing one of the potential correct approaches. Users are encouraged to tailor the provided principles to suit the specific context of their respective organizations.

The guide includes theoretical and practical sections, as well as model examples. In the theoretical section, the guide discusses the basis for risk assessment in legislation and various provisions of the Cyber Security Regulation (VKB) related to supplier management. The practical section describes the necessary steps for conducting risk assessments. Additionally, the guide includes model examples that provide specific illustrations using public procurement in a fictional ministry setting. NÚKIB noted that the guide is based on the VKB but is enriched with practical experience.

You can read the press release here and the guide here, both only available in Czech.