Skip to content
Medicines & Healthcare products Regulatory Agency
The National Institute for Biological Standards and Control

Confidence in biological medicines

  • Stay connected
  • Shopping Basket
  • Pay Now
  • Login / Register
  • Home
  • Products
  • Standardisation
  • Control testing
  • Science and research
  • Expert services
  • About us
  • Latest news
  • Worldwide impact of NIBSC
  • Mission and values
  • Careers
  • Quality and governance
  • Staff profiles
  • Contact us
  • Collaborations
  • Suppliers
  • Minutes of the Animal Welfare and Ethical Review Body
  • Our use of animals
  • Privacy notice
  • Home  /  
  • About us  /  
  • Latest news  /  
  • Strengthening Supply Chain Cyber Security at the MHRA

Strengthening Supply Chain Cyber Security at the MHRA

The MHRA is in the process of ensuring it has the right level of assurance across its supply chain, meaning any MHRA suppliers past and present, may be invited to join the Risk Ledger platform and complete a security profile. See an example of the template invite you will receive.

This work is increasingly important as cyberattacks continue to rise in scale and sophistication, with malicious actors often targeting organisations through indirect routes. One of the most common, and most challenging, of these routes is the supply chain. Attackers frequently look for vulnerabilities among third‑party suppliers, where security controls may vary and opportunities for exploitation can be greater.

As a regulator operating in a complex and interconnected environment, the MHRA relies on a diverse network of suppliers to deliver essential services. Protecting this supply chain is therefore critical to safeguarding our operations, our data, and the public we serve.

What this means for suppliers

If you are invited to join Risk Ledger, you will be asked to complete a security profile that outlines your organisation’s controls and practices. This helps us build a clearer understanding of your security posture and identify any areas where additional assurance may be required.

Participation supports a more efficient, consistent, and proportionate approach to supply chain risk management. It also reduces duplication by allowing suppliers to maintain a single, reusable security profile that can be shared with multiple clients, including other public sector bodies.

The Risk Ledger platform

To support this effort, the MHRA is adopting Risk Ledger, a collaborative platform designed to improve supply chain security across the public and private sectors. Risk Ledger enables organisations and their suppliers to share up‑to‑date security information in a secure, standardised, and efficient way.

By using Risk Ledger, the MHRA will:

  • gain clearer, real‑time visibility of supplier security controls;
  • reduce the administrative burden on suppliers by avoiding repeated questionnaires;
  • encourage a more open and collaborative approach to managing cyber risk; and
  • strengthen assurance across the full breadth of our supply chain.

Risk Ledger is already widely used across UK government and regulated industries, helping organisations build more resilient and transparent supply chains.

Supply chain risk matters

Modern supply chains are dynamic, multi‑layered, and often global. This brings significant benefits for efficiency and innovation, but it also introduces risks:

  • Indirect access points: attackers may compromise a supplier as a stepping stone into a larger organisation;
  • Variable security maturity: not all suppliers have the same level of cyber resilience or resources;
  • Limited visibility: organisations often lack a full picture of the security posture of their extended supply chain;
  • Evolving threat landscape: techniques such as social engineering, credential theft, and exploitation of third‑party software are becoming more common.

Given these challenges, the MHRA is strengthening its approach to supply chain risk management to ensure we understand where vulnerabilities exist today, and where they could emerge in the future.

Enhancing our risk intelligence

To improve our visibility and understanding of supplier‑related cyber risks, the MHRA is increasing the level of risk intelligence we gather across both our current and prospective supplier base. This enhanced insight will help us:

  • identify potential vulnerabilities earlier;
  • assess suppliers more consistently and transparently;
  • prioritise risk‑based decision making; and
  • strengthen our overall cyber resilience.

This work forms part of our broader commitment to maintaining high standards of security, compliance, and operational integrity.

Our commitment

The MHRA remains committed to protecting the integrity of our systems, data, and services. Strengthening supply chain cyber security is a key part of this commitment, and the adoption of Risk Ledger represents an important step in enhancing our resilience in an increasingly complex threat landscape.

If you are a supplier and have a question about this topic, please contact the MHRA Assurance team at MHRASupplierAssurance@mhra.gov.uk.

 
  • Careers
  • Terms and conditions
  • Accessibility
  • Privacy notice
  • Cookies
  • Sitemap