​
Cyber Focused Third Party Risk Assurance
Increasing cyber resilience is the approach to Supply Chain Cyber, ensuring that at the very heart of your third party risk assurance programme is the expertise of our cybersecurity specialists and platforms. Assisting your organisation in being resilient to third party breaches is our focus through a robust fully managed end-to-end process, which includes a unique set of processes through our Standard Operating Model.
Why use Crossword for Supply Chain Cyber?
Our Supply Chain Cyber Practice and solution can benefit you in the following ways:
​Quick to set up, easy to deploy
Time is of the utmost importance when building supply chain resilience, which is why Crossword is committed to getting you set up and deployed quickly. Utilising our industry-leading Supply Chain Cyber Standard Operating Model (SOM) allows a modular, easy to use approach when pinpointing where to start, prioritising at-risk suppliers and reducing the burden on your resource.
Supported by first-class Consultancy services
We understand that Supply Chain Cyber is a big undertaking and that you will require additional services to comply with regulations, ensure that your suppliers are categorised and to undergo continuous improvement loops. Crossword’s consultancy team have expert knowledge in cybersecurity, risk management, and compliance and governance, assisting you every step of the way.
The Supply Chain Cyber Standard
Operating Model
Knowing where to start can often be the biggest hurdle to overcome when supply chains are large or complex. To overcome this challenge that many organisations face, we’ve developed a groundbreaking Supply Chain Cyber Standard Operating Model (SCC SOM) based on best practices and provides a complete toolkit to reduce and manage cybersecurity risk.
Manage your suppliers with Rizikon
Supply Chain Cyber is underpinned by Crossword’s Rizikon Assurance platform, enabling you to automate and create greater efficiency in your third-party risk programme, with secure online assessments, 360 degree risk scorecards, and a dashboard of the risk across all suppliers. Find out more about Rizikon Assurance
Follows your regulatory frameworks
In today’s environment of tightening regulation, coupled with a vast array of frameworks and guidance, Supply Chain Cyber provides a clear route for organisations to identify the right requirements, regardless of the industry that they operate within - cutting through the complexity and reducing cyber risk.
Our Standard Operating Model approach is typically based around the following modules:
Strategy and Appetite
Benchmarking and maturity assessment, strategic alignment to business objectives, setting the target operating model.
Processes
Gaining visibility of supply chain risk via discovery, inventory build, and a multidisciplinary risk-based approach to assurance and remediation.
Governance and Reporting
Effective oversight with real-time insights, driving continuous improvement.
Framework
Adopt the tools needed to manage Supply Chain Cyber risk and right-size the framework for your organisation against industry best-practice and regulations.
People and Culture
Building responsive relationships with suppliers, leadership support and employee engagement.
Tooling
Cost and information confidence, automated workflow and intelligent BI
The main regulations and standards for Supply Chain Cyber, which we assist with are as follows:
ISO/IEC 27001:2022
Information security management systems
NIST
SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations
SP 800-161 Rev. 1: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
Cybersecurity Framework v1.1: Framework for Improving Critical Infrastructure Cybersecurity
IASME
Cyber Essentials / Cyber Essentials Plus
IASME Assurance
NCSC
Cyber Assessment Framework (CAF)International Standard on Assurance Engagements ISAE 3402
AICPA
Service Organization Controls (SOC) for Supply Chain FrameworkCenter for Internet Security (CIS)
Software Supply Chain Guide
ENISA
Cyber Security Certification Framework for ICT​
​