Supply-chain due diligence is the process of checking, documenting, and addressing risk across suppliers, partners, and other third parties. In cyber security, it means more than reviewing a vendor contract: it includes evaluating how a supplier protects data, handles credentials, manages subcontractors, and supports the products or services it provides.
This matters because attackers often target the weakest link outside the main organization. A poorly vetted supplier can expose sensitive data, introduce insecure software or hardware, or become a trusted path into a larger network. Strong due diligence helps defenders spot these risks early through security questionnaires, evidence requests, audits, contractual controls, and ongoing monitoring. It also supports traceability and incident response by keeping records current, verifying attestations, and making supplier risk easier to track over time.