The organisation understands and manages security risks to networks and information systems supporting the delivery of essential services that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used.
If an organisation relies on third parties (such as outsourced or cloud based technology services) it remains accountable for the protection of any essential service. This…
Read more here:: NCSC Guidance