top of page
Wavy Abstract Background

Supply Chain Cyber

Cyber Focused Third Party Risk Assurance


Increasing cyber resilience is the approach to Supply Chain Cyber, ensuring that at the very heart of your third party risk assurance programme is the expertise of our cybersecurity specialists and platforms. Assisting your organisation in being resilient to third party breaches is our focus through a robust fully managed end-to-end process, which includes a unique set of processes through our Standard Operating Model.

Why use Crossword for Supply Chain Cyber?

Our Supply Chain Cyber Practice and solution can benefit you in the following ways:

Quick to set up, easy to deploy

Time is of the utmost importance when building supply chain resilience, which is why Crossword is committed to getting you set up and deployed quickly. Utilising our industry-leading Supply Chain Cyber Standard Operating Model (SOM) allows a modular, easy to use approach when pinpointing where to start, prioritising at-risk suppliers and reducing the burden on your resource.

Supported by first-class Consultancy services

We understand that Supply Chain Cyber is a big undertaking and that you will require additional services to comply with regulations, ensure that  your suppliers are categorised and to undergo continuous improvement loops. Crossword’s consultancy team have expert knowledge in cybersecurity, risk management, and compliance and governance, assisting you every step of the way.

The Supply Chain Cyber Standard
Operating Model

Knowing where to start can often be the biggest hurdle to overcome when supply chains are large or complex. To overcome this challenge that many organisations face, we’ve developed a groundbreaking Supply Chain Cyber Standard Operating Model (SCC SOM) based on best practices and provides a complete toolkit to reduce and manage cybersecurity risk. 


Manage your suppliers with Rizikon

Supply Chain Cyber is underpinned by Crossword’s Rizikon Assurance platform, enabling you to automate and create greater efficiency in your third-party risk programme, with secure online assessments, 360 degree risk scorecards, and a dashboard of the risk across all suppliers.  Find out more about Rizikon Assurance

Rizikon logo

Follows your regulatory frameworks

In today’s environment of tightening regulation, coupled with a vast array of frameworks and guidance, Supply Chain Cyber provides a clear route for organisations to identify the right requirements, regardless of the industry that they operate within - cutting through the complexity and reducing cyber risk.


Our Standard Operating Model approach is typically based around the following modules:

Strategy and Appetite

Benchmarking and maturity assessment, strategic alignment to business objectives, setting the target operating model.


Gaining visibility of supply chain risk via discovery, inventory build, and a multidisciplinary risk-based approach to assurance and remediation.

Governance and Reporting

Effective oversight with real-time insights, driving continuous improvement.


Adopt the tools needed to manage Supply Chain Cyber risk and right-size the framework for your organisation against industry best-practice and regulations.

People and Culture

Building responsive relationships with suppliers, leadership support and employee engagement.


Cost and information confidence, automated workflow and intelligent BI

The main regulations and standards for Supply Chain Cyber, which we assist with are as follows:

ISO/IEC 27001:2022

Information security management systems

SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations
SP 800-161 Rev. 1: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
Cybersecurity Framework v1.1: Framework for Improving Critical Infrastructure Cybersecurity

Cyber Essentials / Cyber Essentials Plus
IASME Assurance

Cyber Assessment Framework (CAF)International Standard on Assurance Engagements ISAE 3402

Service Organization Controls (SOC) for Supply Chain FrameworkCenter for Internet Security (CIS)
Software Supply Chain Guide

Cyber Security Certification Framework for ICT

Contact us to discuss your Supply Chain Cyber requirements

bottom of page