The SUA Process Clause Samples

The SUA Process. This section illustrates and introduces the reader to the SUA process. This model is used for the analysis later in this paper, and all the steps and processes are referred to in the model illustrated in figure 4. Figure 4 is to present where the SUA process starts and ends as a way to illustrate a real-world representation of the security protective procurement process and then, in the analysis, connect the C- SCRM aspects to the model. The process is translated to English from the original Swedish version by ▇▇▇▇▇▇ ▇▇▇▇▇▇ (Gidrup, 2022); see Appendix A. The numbers in the squares are used as identifiers so that the model can be referred to later in the result and analysis section. It is relevant to understand that the Swedish government does not assess whether the Swedish Protective Security act applies to an operator or not. Instead, it is up to the operator to do a security analysis and an assessment of what information needs to be protected, that is, to determine which protection needs to be taken into place to protect Sweden's security. The guidance for operators lies foremost in chapter 1, §1 Swedish Protective Security Act (2018:585), which says that the law is applicable for any operation that is in any way security sensitive and that sensitive security operations are those that are of concern for Swedish Security. Furthermore, who are in some way affected by international commitments to security protection (▇▇▇▇▇▇▇▇▇, 2021). For this reason, the security protective act applies to all operators that run a security-sensitive operation in some way. An operation is also considered security sensitive if it handles sensitive security information (▇▇▇▇▇▇▇▇▇, 2021). As explained earlier, the assessment part is an essential process in the SUA process model, where the operator decides on what operation is subject to procurement, identifies the information that needs to be protected and its classification, and performs a threat and vulnerability analysis. This assessment is the basis for the SUA process as it lays the grounds for the measures (requirements) that need to be in place to ensure protection. These SUA processes are in the grey-coloured square called “Protective Security Assessment performed by Operator”.