New regulations, new risks – how secure is your supply chain?
Cyber risks in the supply chain are among the biggest challenges facing companies. New regulations such as NIS-2 and the Cyber Resilience Act (CRA) require processes for identifying and addressing cyber risks in the supply chain. To master these complex requirements, PwC offers a holistic approach: analysis, design, implementation, and operation as a full-service provider. Our managed service takes care of the entire process, from categorization and establishing contact to assessing external partners and deriving measures. This allows you to maintain an overview at all times with transparent dashboards, even when capacities are limited. We ensure a secure and transparent supply chain efficiently, in compliance with regulations, and without the need for new organizational units.
“With our managed service, we take care of the operational implementation of cyber supply chain risk management. This allows your company to focus on its core business while we take care of the continuous assessment, monitoring, and escalation management of your supplier risks—efficiently, transparently, and always in accordance with compliance requirements.”
What we stand for
< Back
< Back
[+] Read More
Get to know our team
Contact our experts
Managed Service Provider Assessments
As part of our managed service, we systematically and structurally review new and existing (“legacy”) suppliers. All external partners undergo the core process steps of profiling, risk assessment, derivation of measures, as well as comprehensive documentation and communication measures. You provide us with the names and contact details of your external partners, and we take care of the rest.
This allows us to create transparency for you and implement measures to mitigate existing cyber risks in the supply chain – simple and scalable. You have full transparency regarding progress and results thanks to our professional service response management, meaningful KPI reporting for monitoring progress and performance, and the consistent implementation of supplier security management.
Key success factors
Our global PwC network offers tailor-made compliance solutions and automated control assessments based on the comprehensive knowledge of our experts. Using state-of-the-art AI-supported audit methods, we not only ensure the highest quality, but also create lasting trust in our processes. We use a wide range of compliance-oriented tools and templates to implement projects efficiently. In addition, proven frameworks and practical instruments ensure transparent reporting and structured assessment and documentation management.
PwC’s holistic approach to improving your cyber supply chain risk management
- Preparation
- Profiling
- Risk assessment
- Derivation of measures
- Documentation and communication
- Reporting
Preparation
During preparation, different supplier categories are reviewed for their relevance to cybersecurity. Where applicable, the supplier base is segmented according to this categorization.
Profiling
In profiling, external partners are categorized as high, medium, or low regarding their inherent risk based on various criteria, such as defined strategic risk scenarios, to enable further process control.
Risk assessment
Risk assessment within the framework of cyber supply chain risk management is conducted using a risk-based approach. This involves the use of self-assessment questionnaires with best practice content, supplemented by threat information and further assessments from external providers. In addition, evidence such as guidelines, certifications, and contracts is checked automatically using AI. If necessary, further steps are then taken to conduct an in-depth risk analysis.
Derivation of measures
After the risk assessment, both standardized and individual measures are derived – both within the organization (blocking sensitive access) and for external partners (increasing the level of cyber security maturity). For particularly critical partners, continuous and ad hoc updates can be carried out to keep the current security status up to date. If necessary, support is also provided for internal escalation procedures to address critical risks appropriately.
Documentation and communication
During the documentation and communication phase, audit-proof documentation of all process steps is ensured. In addition, communication with relevant stakeholders takes place to ensure an efficient process within the company. This includes, among other things, the areas of purchasing, contract management, and governance, risk, and compliance (GRC).
Reporting
Reporting is carried out via a transparent dashboard, which presents key risk, progress, and performance indicators in a clear and comprehensible manner. This enables continuous monitoring of the current security status and the implementation of measures. This provides relevant information for the control of cyber supply chain risk management and supports informed decision-making.
Follow us
Contact us
