Cyber Supply Chain Risk Management

Leave your supplier risk management to the professionals to be confident that suppliers are doing the right thing.

Cyber Supply Chain Risk Management (C-SCRM), also known as Vendor Risk Management, is the process of identifying, assessing, and mitigating the risks associated with the products and services provided by suppliers.

Organizations are dependent on suppliers to achieve business objectives and those suppliers are handling sensitive data.   The risk of supply chain compromise continues to increase and mitigating that risk requires a focused approach to ensure suppliers are meeting their commitments.   

Our 5 step program can help proactively manage your supplier risk:

    1. Create a C-SCRM Program
    2. Know and Manage Suppliers
    3. Work with Key Suppliers
    4. Assess and Monitor
    5. Plan for Full Life Cycle

If you aren’t confident your suppliers are managing security properly, give us a shout to schedule a consultation. 


3rd Party Supplier Statistics

Loricca’s Cyber Supply Chain Risk Management Strategy

Surveys by the Office of Civil Rights show 73% of healthcare organizations are not confident in their Business Associates’ ability to handle sensitive information.

Managing cyber supply chain risks requires ensuring the integrity, security, quality and resilience of the supply chain and its products and services.  When considering third parties, ask these questions:

  • What is the data processing environments used by a third party?
  • What type of cloud environment, if one is used by a third party?
  • What are the mechanisms used by a third party to access your data?
  • How is the data stored by a third party?
  • Can they produce evidence to demonstrate their Security Program?
  • Does the third party use subcontractors, and if so, are there controls in place to oversee their activity?

Our Cyber Supply Chain Risk Management services cover the entire life cycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction) as supply chain threats and vulnerabilities may compromise a product or service at any stage.

concerned about ransomware?   Get our ransomware toolkit

Data Breach COST Per Record



Why is health data so valuable?


The life span is much longer than a credit card.  No expiration dates. Healthcare records contain the most valuable information available, including Social Security numbers, home addresses and patient health histories. It can be used to file fraudulent claims, open credit accounts, obtain government issued documents such as passports and driver’s licenses, and even create new identities.

proactively manage your supply chain 


Loricca’s strategy involves identifying and assessing risks, determining appropriate mitigating actions, developing a C-SCRM Plan to document selected policies and mitigating actions, and monitoring performance against that Plan. Because cyber supply chains differ across and organizations, the C-SCRM Plan should be tailored to individual organizational need.  We will prepare your team, provide tools, and identify high risk areas to be addressed.

Our program includes:

  • Cybersecurity Supply Chain Risk Management  (C-SCRM) Policy
  • C-SCRM Plan
  • BAA template review
  • Supplier Management Process Review
  • Management Consulting to review and advise
  • Acquisition and Purchasing process review
  • Risk Management templates and questionnaires



Are you ready?  schedule a meeting with us here

See our Security Services

Click to Call Us Skip to content