• supplier governance

    Effective cyber risk management and supplier governance

    As the digital transformation in mobility continues, the cybersecurity of connected vehicles is becoming a critical factor. The is currently particularly tangible in the new UN regulations and standards such as ISO/SAE 21434, which require automotive manufacturers and suppliers to introduce a cybersecurity management system (CSMS). Central to the CSMS is cyber risk management of the supplier ecosystem.
    With our supplier governance services as part of our comprehensive Product Security Organizational Framework PROOF, we provide you with tools to reliably and efficiently assess, monitor and and ultimately successfully manage your supply chain cyber risks.

Regulations demand comprehensive cyber risk management of the supplier network

The vehicle manufacturer shall

  • be required to demonstrate how their Cyber Security Management System will manage dependencies that may exist with contracted suppliers, service providers or manufacturer’s sub-organizations in regards of the requirements of paragraph 7.2.2.2. [7.2.2.5.]
  • identify and manage, for the vehicle type being approved, supplier-related risks. [7.3.2.]

UN R 155 and similarly in draft UN GTR

escrypt compliance

"[…] the capability of the considered supplier, to develop and, if applicable, perform post-development activities according to this document shall be evaluated. [RQ-15-01]"  

ISO/SAE DIS 21434

Risk management for your supplier ecosystem

At the core of our supplier governance services is the Product Security Organization Framework (PROOF) itself, which guides manufacturers and suppliers worldwide to higher cyber maturity since 2019. It consists of dozens of controls that enable a holistic cybersecurity management approach. With their help, relevant regulations and standards such as UN R 155 or ISO/SAE 21434 can be integrated into a single program.

With PROOF, you can audit your suppliers for conformance with your requirements. We provide end-to-end-support on top of the framework itself:

  • Risk classification of your suppliers and derivation of target maturity levels
  • Conduct of audits by qualified personnel, in many places on-site and by native speakers
  • Evaluation and follow-up of remaining risks

All with the goal of making the maturity of your ecosystem transparent and minimizing your associated cyber risks in the supplier network.

manage your supplier chain

Digitize your risk management!

Take your supplier risk management to the next level and realize smart cybersecurity with the PROOF maturity framework – now also available in Alyne. This integration enables a digitalized supplier risk management including efficient audit, evaluation, and benchmarking. Take advantage of higher maturity levels and continuously guide your supply chain to your organization’s target maturity. Close the plan-do-check-act loop with follow-up delta audits and hints for continuous improvement.

Language:
ISO 9001:2015 Home