ESCRYPT Supplier governance

Since January 1, 2023, automotive cybersecurity solutions from ESCRYPT have been offered under the ETAS brand. Read more.

As the digital transformation in mobility continues, the cybersecurity of connected vehicles is becoming a critical factor. The is currently particularly tangible in the new UN regulations and standards such as ISO/SAE 21434, which require automotive manufacturers and suppliers to introduce a cybersecurity management system (CSMS). Central to the CSMS is cyber risk management of the supplier ecosystem.

With our supplier governance services as part of our comprehensive Product Security Organizational Framework PROOF, we provide you with tools to reliably and efficiently assess, monitor and and ultimately successfully manage your supply chain cyber risks.

Regulations demand comprehensive cyber risk management of the supplier network

The vehicle manufacturer shall

UN R 155 and similarly in draft UN GTR

  • be required to demonstrate how their Cyber Security Management System will manage dependencies that may exist with contracted suppliers, service providers or manufacturer’s sub-organizations in regards of the requirements of paragraph 7.2.2.2. [7.2.2.5.]
  • identify and manage, for the vehicle type being approved, supplier-related risks. [7.3.2.]

ISO/SAE DIS 21434

"[…] the capability of the considered supplier, to develop and, if applicable, perform post-development activities according to this document shall be evaluated. [RQ-15-01]"  

Risk management for your supplier ecosystem

At the core of our supplier governance services is the Product Security Organization Framework (PROOF) itself, which guides manufacturers and suppliers worldwide to higher cyber maturity since 2019. It consists of dozens of controls that enable a holistic cybersecurity management approach. With their help, relevant regulations and standards such as UN R 155 or ISO/SAE 21434 can be integrated into a single program.

With PROOF, you can audit your suppliers for conformance with your requirements. We provide end-to-end-support on top of the framework itself:

  • Risk classification of your suppliers and derivation of target maturity levels
  • Conduct of audits by qualified personnel, in many places on-site and by native speakers
  • Evaluation and follow-up of remaining risks

All with the goal of making the maturity of your ecosystem transparent and minimizing your associated cyber risks in the supplier network.

Digitize your risk management!

Take your supplier risk management to the next level and realize smart cybersecurity with the PROOF maturity framework – now also available in Alyne. This integration enables a digitalized supplier risk management including efficient audit, evaluation, and benchmarking. Take advantage of higher maturity levels and continuously guide your supply chain to your organization’s target maturity. Close the plan-do-check-act loop with follow-up delta audits and hints for continuous improvement.

Smart and strategic cybersecurity - your benefits:

Easy integration

PROOF provides mappings from relevant product security regulations, standards, and guidelines such as the UN R 155 and the ISO/SAE 21434 so you can build a holistic product security organization. PROOF is also continuously updated so you have one less thing to worry about.

Towards smart and strategic cybersecurity

PROOF provides explicit guidance for reaching higher cyber maturity that strengthens your quality promise, increases your return on invest, and improves alignment with your digitalization strategy.

Tailored insights

PROOF captures fulfillment on multiple levels, from individual requirements, to objectives, to aggregated domains, so you can derive the right actions – whether it be preparing for certification, continuous improvement, or re-focusing your cyber risk management program.

Digitalize your supplier governance

Integration of PROOF in Alyne streamlines efforts, automates risk-based auditing, and provides benchmarking across suppliers.