Cyber Focused Third Party Risk Assurance
Increasing cyber resilience is the approach to Supply Chain Cyber, ensuring that at the very heart of your third party risk assurance programme is the expertise of our cybersecurity specialists and platforms. Assisting your organisation in being resilient to third party breaches is our focus through a robust fully managed end-to-end process, which includes a unique set of processes through our Standard Operating Model.
Cutting through the complexity of regulatory requirements
In today’s environment of tightening regulation, coupled with a vast array of frameworks and guidance, Supply Chain Cyber provides a clear route for organisations to identify the right requirements, regardless of the industry that they operate within - cutting through the complexity and reducing cyber risk.
The main regulations and standards for Supply Chain Cyber are as follows:
Quick to set up, easy to deploy
Time is of the utmost importance when building supply chain resilience, which is why Crossword is committed to getting you set up and deployed quickly. Utilising our industry-leading Supply Chain Cyber Standard Operating Model (SOM) allows a modular, easy to use approach when pinpointing where to start, prioritising at-risk suppliers and reducing the burden on your resource.
The Supply Chain Cyber Standard Operating Model
Knowing where to start can often be the biggest hurdle to overcome when supply chains are large or complex. To overcome this challenge that many organisations face, we’ve developed a groundbreaking Supply Chain Cyber Standard Operating Model (SCC SOM) based on best practices and provides a complete toolkit to reduce and manage cybersecurity risk.
The six main areas of the SCC SOM are:
Strategy & Appetite: Benchmarking and maturity assessment, strategic alignment to business objectives, setting the target operating model.
Framework: Adopt the tools needed to manage Supply Chain Cyber risk and right-size the framework for your organisation against industry best-practice and regulations.
Processes: Gaining visibility of supply chain risk via discovery, inventory build, and a multidisciplinary risk-based approach to assurance and remediation.
People & Culture: Building responsive relationships with suppliers, leadership support and employee engagement.
Governance & Reporting: Effective oversight with real-time insights, driving continuous improvement.
Tooling: Cost and information confidence, automated workflow and intelligent BI
Powered by Rizikon
Supply Chain Cyber is fully underpinned by Crossword’s Rizikon Assurance platform, enabling you to automate and create greater efficiency in your third-party risk programme, with secure online assessments, 360 degree risk scorecards, and a dashboard of the risk across all suppliers. Find out more about Rizikon Assurance
Supported by first-class Consultancy services
We understand that Supply Chain Cyber is a big undertaking and that you will require additional services to comply with regulations, ensure that your suppliers are categorised and to undergo continuous improvement loops. Crossword’s consultancy team have expert knowledge in cybersecurity, risk management, and compliance and governance, assisting you every step of the way.
Information security management systems
SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations
SP 800-161 Rev. 1: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
Cybersecurity Framework v1.1: Framework for Improving Critical Infrastructure Cybersecurity
Cyber Essentials / Cyber Essentials Plus
Cyber Assessment Framework (CAF)International Standard on Assurance Engagements ISAE 3402
Service Organization Controls (SOC) for Supply Chain FrameworkCenter for Internet Security (CIS)
Software Supply Chain Guide
Cyber Security Certification Framework for ICT
Crossword’s Supply Chain Cyber practice benefits:
Holistic overview of supply chain risks across your whole organisation. We provide both a top-level view of risks and the detail you need to make decisions
Cost-effective, custom solutions to suit your unique business needs
A team of cybersecurity industry experts, dedicated to defining and delivering risk management best practice
Constant client- focus, from bringing the business on the journey with us, to making processes as user-friendly as possible
Rizikon Assurance, a SSC platform developed in-house to streamline SSC process, reporting, and compliance
Outsourced support and managed services for supply chain cyber assurance, compliance & risk management