Regulations demand comprehensive cyber risk management of the supplier network
The vehicle manufacturer shall
- be required to demonstrate how their Cyber Security Management System will manage dependencies that may exist with contracted suppliers, service providers or manufacturer’s sub-organizations in regards of the requirements of paragraph 7.2.2.2. [7.2.2.5.]
- identify and manage, for the vehicle type being approved, supplier-related risks. [7.3.2.]
UN R 155 and similarly in draft UN GTR
"[…] the capability of the considered supplier, to develop and, if applicable, perform post-development activities according to this document shall be evaluated. [RQ-15-01]"
ISO/SAE DIS 21434
Risk management for your supplier ecosystem
At the core of our supplier governance services is the Product Security Organization Framework (PROOF) itself, which guides manufacturers and suppliers worldwide to higher cyber maturity since 2019. It consists of dozens of controls that enable a holistic cybersecurity management approach. With their help, relevant regulations and standards such as UN R 155 or ISO/SAE 21434 can be integrated into a single program.
With PROOF, you can audit your suppliers for conformance with your requirements. We provide end-to-end-support on top of the framework itself:
- Risk classification of your suppliers and derivation of target maturity levels
- Conduct of audits by qualified personnel, in many places on-site and by native speakers
- Evaluation and follow-up of remaining risks
All with the goal of making the maturity of your ecosystem transparent and minimizing your associated cyber risks in the supplier network.
Digitize your risk management!
Take your supplier risk management to the next level and realize smart cybersecurity with the PROOF maturity framework – now also available in Alyne. This integration enables a digitalized supplier risk management including efficient audit, evaluation, and benchmarking. Take advantage of higher maturity levels and continuously guide your supply chain to your organization’s target maturity. Close the plan-do-check-act loop with follow-up delta audits and hints for continuous improvement.
Smart and strategic cybersecurity - your benefits:
Easy integration
PROOF provides mappings from relevant product security regulations, standards, and guidelines such as the UN R 155 and the ISO/SAE 21434 so you can build a holistic product security organization. PROOF is also continuously updated so you have one less thing to worry about.
Towards smart and strategic cybersecurity
PROOF provides explicit guidance for reaching higher cyber maturity that strengthens your quality promise, increases your return on invest, and improves alignment with your digitalization strategy.
Tailored insights
PROOF captures fulfillment on multiple levels, from individual requirements, to objectives, to aggregated domains, so you can derive the right actions – whether it be preparing for certification, continuous improvement, or re-focusing your cyber risk management program.
Digitalize your supplier governance
Integration of PROOF in Alyne streamlines efforts, automates risk-based auditing, and provides benchmarking across suppliers.
