top of page

Supply Chain Cyber

​

Supply Chain Cyber by Crossword Cybersecurity

 

Supply Chain Cyber risk is something that affects all organisations regardless of size of industry. Where there’s a supplier network, there’s risk - you only need to look at some of the biggest and most publicised breaches of the past couple of years and see it all started with an unknown supplier being breached, affecting larger organisations at scale.

 

While all organisations have risk in play, each approach to mitigating this risk is different. There may be a regulatory need to ensure that third party risk is mitigated, or there could be the urgent need as other similar organisations have been targeted.

 

This is why Crossword Cybersecurity has created a Supply Chain Cyber practice and service. We understand that each organisation will have risk and that this will be unique to their systems and controls, so that means there can be no one size fits all approach to cybersecurity in the supply chain.

Full end-to-end Supply Chain Cyber as a service

A fully end-to-end programme of consulting services and technology, Supply Chain Cyber is a full 360 degree customised review and remediation of all controls, processes and systems within your organisation, designed to mitigate risk and secure every aspect of your supply chain.

 

Supply Chain Cyber provides a fully modular, quick to set up and easy to deploy programme, fully customised to your organisation's pain points and requirements. The Standard Operating Model (SOM) serves as a basis for remediation but depending on the unique needs of your organisation, the starting point may not be linear, and the next steps will be fully dependent on the outcome of your maturity assessment.

Start your programme with a full maturity assessment

To get a clear overview of your organisation's maturity and risk appetite, your Supply Chain Cyber programme starts with a full workshop and maturity assessment. This is a structured and interactive workshop to comprehensively review the existing state of your organisation’s Supply Chain Cyber risk management.

 

From there you’ll receive a full report with a detailed report on existing maturity levels, and clear recommendations for improving the effectiveness and efficiency of your risk management to desired levels.

 

This will define next steps within your remediation journey and this is where the modular nature of our supply chain cyber service becomes unique to your organisation’s maturity assessment results.

SOM-graphicV2.png

 

 

Supply Chain Cyber is made up of the following core modules:

 

  • Supplier Identification - Discover, centralise and categorise all suppliers against the inherent risk they pose, whether they are being  authorised and tracked properly, and to start to inform the risk management plans.

  • Risk Assessment - Identify the risk segmentation for your organisation and start to build policies and processes to deliver into the organisation.​

  • Due Diligence - Support to the organisation and its suppliers in addressing gaps or non-compliance in their controls identified via the due diligence and assurance process.

  • Contracting - Supporting your organisation in areas such as Governance framework, Exit strategies, Supplier Security Schedules, Large-scale contract remediation (e.g. regulatory reform, right to audit)

  • Assurance and Remediation - A documented risk-based approach to assessing supplier controls, governance and risk management. Supporting the organisation and suppliers in addressing gaps or non-compliance in their controls identified via the due diligence and assurance process. 

  • Monitoring and Reporting - Analysis of change in SCC risk based on current and historic data.  Standard and bespoke Business Intelligence reporting.

  • Exit Management - Documenting contractual exit management clauses, the development and execution of formal exit management strategies and plans for critical suppliers.

A fully customised and modular approach to Supply Chain Cyber

Why use Crossword for Supply Chain Cyber?

Our Supply Chain Cyber Practice and solution can benefit you in the following ways:

​Quick to set up, easy to deploy

Time is of the utmost importance when building supply chain resilience, which is why Crossword is committed to getting you set up and deployed quickly. Utilising our industry-leading Supply Chain Cyber Standard Operating Model (SOM) allows a modular, easy to use approach when pinpointing where to start, prioritising at-risk suppliers and reducing the burden on your resource.

Supported by first-class Consultancy services

We understand that Supply Chain Cyber is a big undertaking and that you will require additional services to comply with regulations, ensure that  your suppliers are categorised and to undergo continuous improvement loops. Crossword’s consultancy team have expert knowledge in cybersecurity, risk management, and compliance and governance, assisting you every step of the way.

Manage your suppliers with Rizikon

Supply Chain Cyber is underpinned by Crossword’s Rizikon Assurance platform, enabling you to automate and create greater efficiency in your third-party risk programme, with secure online assessments, 360 degree risk scorecards, and a dashboard of the risk across all suppliers.  Find out more about Rizikon Assurance

Rizikon logo

Follows your regulatory frameworks

In today’s environment of tightening regulation, coupled with a vast array of frameworks and guidance, Supply Chain Cyber provides a clear route for organisations to identify the right requirements, regardless of the industry that they operate within - cutting through the complexity and reducing cyber risk.

dev

Our Standard Operating Model approach is typically based around the following workstreams:

Strategy and Appetite

Benchmarking and maturity assessment, strategic alignment to business objectives, setting the target operating model.

Processes

Gaining visibility of supply chain risk via discovery, inventory build, and a multidisciplinary risk-based approach to assurance and remediation.

Governance and Reporting

Effective oversight with real-time insights, driving continuous improvement.

Framework

Adopt the tools needed to manage Supply Chain Cyber risk and right-size the framework for your organisation against industry best-practice and regulations.

People and Culture

Building responsive relationships with suppliers, leadership support and employee engagement.

Tooling

Cost and information confidence, automated workflow and intelligent BI

The main regulations and standards for Supply Chain Cyber, which we assist with are as follows:

ISO/IEC 27001:2022

Information security management systems

NIST
SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations
SP 800-161 Rev. 1: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
Cybersecurity Framework v1.1: Framework for Improving Critical Infrastructure Cybersecurity

IASME
Cyber Essentials / Cyber Essentials Plus
IASME Assurance

NCSC
Cyber Assessment Framework (CAF)International Standard on Assurance Engagements ISAE 3402

AICPA
Service Organization Controls (SOC) for Supply Chain FrameworkCenter for Internet Security (CIS)
Software Supply Chain Guide

ENISA
Cyber Security Certification Framework for ICT​

​

Contact us to discuss your Supply Chain Cyber requirements

bottom of page