Skip to main content

ESCRYPT Supplier governance

Risk management for your supplier ecosystem

The ESCRYPT Supplier governance service by ETAS provides you with tools to reliably and efficiently assess, monitor, and successfully manage your supply chain cyber risks. This enables you to fulfill a key requirement of a cybersecurity management system (CSMS) as demanded by UN regulations and standards such as ISO/SAE 21434.

Contact us
Presenter leading a data analysis meeting, discussing charts and graphs with a team of employees.

Your benefits

Strategic

Risk classification of your suppliers and derivation of target maturity levels.

Digitalized

Supplier risk management via the Alyne GRC platform to streamline efforts, automate risk-based auditing, and provide benchmarking across suppliers.

Integrated

Integral part of ESCRYPT Product security organization framework PROOF, which guides you and your suppliers towards higher cyber maturity.

Regulations demand comprehensive cyber risk management of the supplier network

Man typing on laptop in office.

UN regulation 155: cybersecurity and cybersecurity management system

The vehicle manufacturer shall

  • be required to demonstrate how their cybersecurity management system will manage dependencies that may exist with contracted suppliers, service providers or manufacturer’s sub-organizations in regards of the requirements of paragraph 7.2.2.2. [7.2.2.5.].
  • identify and manage, for the vehicle type being approved, supplier-related risks. [7.3.2.].

ISO/SAE 21434: road vehicles – cybersecurity engineering

[…] the capability of the considered supplier, to develop and, if applicable, perform post-development activities according to this document shall be evaluated. [RQ-15-01].

Your roadmap to CSMS certification

A graphic showing the different layers for cybersecurity risk management

Automotive-specific regulations make it critical for OEMs and suppliers to set up adequate cybersecurity management systems with greatest efficiency. Our ESCRYPT Product security organization framework PROOF helps you cover cybersecurity development in five domains: governance, risk management, concept & development, production & operation, and ecosystem. Your advantage: a structured, traceable approach to achieving cybersecurity in accordance with the legal and standard requirements.

ESCRYPT Cybersecurity management systems with PROOF
18,000
An automotive OEM may have more than 18,000 suppliers involved in its production process.

Digitalize your supplier risk management

Graphics showcasing the target maturity of an organization

Digitalize your supplier risk management

Take your supplier risk management to the next level and realize smart cybersecurity with the ESCRYPT PROOF maturity framework – now also available on the Alyne GRC platform. This integration enables a digitalized supplier risk management including efficient audit, evaluation, and benchmarking. Take advantage of higher maturity levels and continuously guide your supply chain to your organization’s target maturity. Close the plan-do-check-act loop with follow-up delta audits and hints for continuous improvement.

Explore our related use cases

Illustration of people with a smart phone, email icon and laptop

Contact us

Do you have any questions? Feel free to send us a message. We will be more than happy to help. Contact us today!

Contact form