Requirement

Assist a multinational organization with headquarters in North America with implementing comprehensive cybersecurity measures throughout their supply chain.

Issues

The client’s list of external suppliers in their overall supply chain was large - 96 companies, and growing - yet they had no formalized cybersecurity practices - or agreements - in place with such entities. Leadership wanted to develop an immediate plan for addressing what was becoming a serious issue.

Additional issues for the client

No Experience with a Project at this Level: While the client had familiarity with basic cybersecurity best practices, they had no real understanding of the complexities in terms of addressing, designing, and executing such a program. They needed immediate help.

No Cybersecurity Documentation: With no experience - and no real understanding - of cybersecurity when it came to their vast, complex - and growing - supply chain, naturally, the client had no cybersecurity policies and procedures in place. Additionally, they were also void of any real or meaningful Third-Party Risk Management (TPRM) measures.

Unclear Roadmap: The client was also unsure of where to even begin in terms of such a daunting compliance project. There were different opinions and recommendations, all of which had a number of challenges.

Unclear Roadmap: Naturally, senior management wanted the deficiencies corrected immediately, yet there was a lack of internal manpower - and overall understanding - on where to even begin.

Solution

Centris deployed a team of experts specializing in both Third-Party Risk Management (TPRM) program development and cybersecurity that successfully accomplished the following:

• Defined project scope and client participation, assigning roles, responsibilities - and hard deadlines and deliverables - to all personnel involved on the project.
• Identified all external suppliers and ranked them accordingly in terms of overall risks to the organization.
• Developed a comprehensive cybersecurity due-diligence program for both new and existing suppliers. Specifically, the program would be executed when onboarding new suppliers, and when conducting regularly scheduled due-diligence measures for existing suppliers.
• Developed a comprehensive Third-Party Risk Management (TPRM) program that incorporated not only provisions for cybersecurity, but also measures relating to all other aspects of TPRM.

Outcome

• Built and deployed an all-new TPRM program, which included a comprehensive cybersecurity strategy for assessing new and existing suppliers.
• Created a true culture of compliance where employees now understand and value cybersecurity and the importance of protecting the organization’s supply chain.
• Implemented a continuous monitoring program for ensuring the TPRM program is properly monitored long after the consultants are gone.

Duration: 6 Months