The Australian Government has released the
Critical Technology Supply Chain Principles. These will help governments and businesses to decide about suppliers and the transparency of their own products.
We have grouped the ten Principles under the three pillars of security-by-design, transparency, and autonomy and integrity.
Critical Technology Supply Chain Principles
|Agreed pillars||Agreed Principles|
Security should be a core component of critical technologies. Organisations should ensure they are making decisions that build-in security from the ground up.
- Understand what needs to be protected, why it needs to be protected, and how it can be protected.
- Understand the different security risks posed by your supply chain.
- Build security considerations into all organisational processes, including into contracting processes, that are proportionate to the level of risk (and encourage suppliers to do the same).
- Raise awareness of and promote security within your supply chain.
Transparency of technology supply chains is critical, both from a business perspective and a national security perspective.
- Know who critical suppliers are and build an understanding of their security measures.
- Set and communicate minimum transparency requirements consistent with existing standards and international benchmarks for your suppliers and encourage continuous improvement.
- Encourage suppliers to understand and be transparent in the depth of their supply chains, and be able to provide this information to customers.
Autonomy and integrity
Knowing that your suppliers demonstrate integrity and are acting autonomously is fundamental to securing your supply chain.
- Seek and consider the available advice and guidance on influence of foreign governments on suppliers and seek to ensure they operate with appropriate levels of autonomy.
- Consider if suppliers operate ethically, with integrity, and consistently with international law and human rights.
- Build strategic partnering relationships with critical suppliers.
These Principles are voluntary for industry. The Australian Government will use them in its own decision making practices. They should help organisations – including governments and businesses of all sizes – securely adopt, develop and benefit from critical technologies.
Knowing the risks and asking the right questions are the first steps in creating trusted and secure technology supply chains.
We developed the Principles through a co-design process with industry. There was a consultation period for feedback from non-government organisations, state and territory governments, and the community. A summary of this feedback is available in the
Summary of public consultation.
The Principles also complement the
Protecting Critical Infrastructure and Systems of National Significance reforms. They align with the
Cyber Supply Chain Guidance provided by the Australian Cyber Security Centre. Together, these measures help protect critical goods and services that Australia relies on.
We want feedback about your experiences using the Principles, to inform a review of the Principles in early 2022. This will make sure they continue to help organisations manage risk in an innovative way. To give feedback, or to get more information, email us at email@example.com.