Actively manage supply chain risks
As an experienced consulting firm, we support you in setting up effective third-party risk management: from identifying, assessing and categorising critical suppliers to developing sustainable protective measures and conducting supply chain audits. Together, we integrate TPRM into your overall risk management system, creating transparency, security and regulatory compliance in your supply chain.
Working with suppliers/service providers presents a company with various challenges:
- The large number of suppliers/service providers creates a high level of complexity coupled with a lack of transparency
- Suppliers/service providers can be a gateway for cyberattacks, e.g. through supply chain attacks or inadequately implemented information and IT security
- Regulatory requirements such as GDPR, NIS-2, TISAX, DORA or standards such as ISO 27001 or the NIST Cybersecurity Framework require the consistent implementation of security measures right down to suppliers/subcontractors.
- Information and IT security as well as data protection and confidentiality must be addressed in contracts.
- Critical suppliers should be audited regularly.
- Good communication, especially in the event of security incidents, is absolutely essential to prevent damage.
- However, the challenges can also be technical in nature, such as outdated interfaces that require special consideration in terms of security.
- Different security cultures and levels of awareness in the supply chain
The Swiss Infosec AG approach and support services:
- Inventory: Inventory of all highly relevant and critical suppliers
- Risk assessment: Conducting detailed risk analyses to assess potential weaknesses and the general security situation in the supply chain; categorisation of suppliers
- Supply chain analysis: Systematic review of the security measures of suppliers and partners (by means of supplier reviews: review/verification of contracts, surveys/audits of suppliers, etc.)
- Implementation strategies: Development and implementation of measures to reduce risk
- Enterprise risk management: Integration of TPRM into the company-wide risk management for comprehensive assessment and control
- Emergency and incident management: Creation or review of emergency plans in which suppliers play an important role
- Legal/contractual aspects: Review of legal requirements and drafting of supplier contracts (e.g. regarding response times in the event of incidents or the stipulation of audit rights, etc.)
- Technical issues: Clarification of technical questions
- IT provider assessment