h-Cyber Risk
Supply Chain and Third-party Risk Assessment Service

3.h-Cyber Risk

The CIS Components, Supply Chain Trustworthy Analysis and Third-Party Risk Service, provides assessment to CIS components and their trustworthiness as well as analysis of vendor risk.

This service provides analysis and evaluation on the reliability of CIS components and the trust that can be placed upon them. Coordination in Security Risk Assessment of Customer Working Groups supports, leads, or coordinates Security Risk Assessment Working Groups for Customer programmes or projects.


CIS Component Cyber Security: Analyse and evaluate the extent to which one can rely on a CIS component, be it hardware, software, or both, to function as intended. The assessment can be made through either a set of assurance techniques or less rigorous means.

Supply Chain Cyber Security: Plan for, collect information about, assess, and handle the level of trust that can be placed in the components of a CIS based on the supply of sub-components, manufacturing, and logistics.

Coordination in Security Risk Assessment Working Groups: Support, lead, or coordinate Security Risk Assessment Working Groups for Customer programmes or projects. This includes lead or coordinating the meetings and ex-committee work, providing advice regarding security risk assessment and risk management process, and support conducting SRA by Hardsecure. This service entails the review and approval (in coordination with Customer Security Audit Authorities) of the specification of risk assessment/management tools used for Customer CIS (e.g. Customer profile for EAR/PILAR), the development and maintenance of generic security risk assessment for Customer CIS scenarios.

Security Test and Verification (ST&V): Pre-Production Security Testing and Consultancy services conducted in support of Change Management and accreditation processes, for projects includes documentation review, vulnerability assessment and penetration testing.

Third-party Risk Assessment support the analysis of vendor risk posed by an organization's third-party relationships along the entire supply chain, including vendors, service providers, and suppliers. Risks to be considered include security risk, business continuity risk, privacy risk, and reputational risk.

Added Value

  • We do Automated Third-Party Security Risk Assessments. This is necessary for organizations to conduct a comprehensive security evaluation of new vendors, and grant security of all supply chain of services & solutions.

  • Our third-party assessment team with an OT/ICS background can connect manufacturer products and solutions with industry best-practices and methodologies that meet customer requirements. It fills in the OT knowledge gaps that customer IT team may lack. For example, assessors with OT backgrounds can provide insight on which control hardware customer system uses that meet ISA Secure program (based upon the IAC security lifecycle as defined in ISA/IEC 62443). This is especially critical if customer control system uses hardware and software from many different manufacturers.

  • Our Third-Party assessment team, who do not represent any hardware or software manufactures, take an unbiased approach to your system. While internal teams may have critical knowledge of customer control system and may have even designed it, Hardsecure third-party assessors can see the high-level view of customer control system as well as the minute parts of it. We will see gaps in a system that internal teams can miss.
Looking for More Information?
Service Datasheet Download or fill the form.
Service Statistics
Number of organizations under Risk assessment
Number of external vulnerabilities exposed out of organization
Request a Quote
We will get back to you as soon as possible.
* Required Field
How can we help?
Contact Us