Cyber attacks on councils are increasingly exploiting weaknesses in third-party suppliers, not just core IT systems.
As reliance on outsourced services grows, you’re being forced to rethink how you manage third-party risk and where cyber responsibility truly sits.
Watch Croydon Council and Risk Ledger explore how councils like yours are embedding cyber security into procurement and supplier management, moving beyond IT-only controls.
They also discussed why collaboration between councils (sharing insight on suppliers, approaches, and lessons learned) is becoming essential to building collective resilience across the public sector supply chain.
Finally, they looked at CAF and its Principle A4 (Supply Chain) in practice. How are councils like yours classifying suppliers under CAF? Is greater standardisation needed? The growing challenge of continuous monitoring, and whether the scope is expanding beyond traditional IT suppliers.