Risks and rules: The new reality of supply chain management – Part 1

Article Cyber Security & Privacy

Welcome to the first part of our three-part series on the evolution of Supply Chain Management (SCM). In this series, we dive deeper into how SCM is shifting from a focus on cost control to an emphasis on risk management and regulatory compliance. In this first part, we provide a general introduction to Third Party Risk Management (TPRM) and Supply Chain Risk Management (SCRM) as crucial new components of SCM.

The Evolution of Supply Chain Management (SCM)

In recent years, the world of SCM has changed dramatically. Where once the focus was primarily on cost control, we now see a shift to risk management and regulatory compliance. This development is driven by the growing complexity of supply chains and the increasing threats of cyber attacks and other disruptions. These disruptions can have major societal consequences. As a result, European and national laws have developed in recent years that require companies to include risk management as an integral part of SCM. More on this in parts 2 (NIS2) and 3 (DORA) of this SCM three-part series.

Various European directives such as NIS2, CSDDD and DORA impose increasing responsibilities on companies to keep their supply chains transparent and safe

The Rise of Third-Party Risk Management

Third Party Risk Management (TPRM) has become a critical component of modern SCM strategies. TPRM is concerned with identifying, assessing and mitigating risks associated with engaging external parties. These risks can range from operational and financial risks to data security risks and compliance issues. For example, imagine a supplier of critical components suddenly going out of business. This could cause serious operational disruptions. Another example is a data breach at an external service provider, which could result in sensitive business information falling into the wrong hands. By implementing effective TPRM practices, such as regular risk assessments and establishing clear contractual arrangements for data handling, companies can minimize the likelihood of such disruptions in their supply chain and ensure business continuity.

The importance of data security and business continuity

With cyber attacks becoming more frequent and sophisticated, data security is a top priority for businesses. It is essential that companies protect their data and systems from cyber threats, not only within their own organizations, but also with their external partners. A striking example is the attack on a supplier of a major technology company, which resulted in the theft of confidential company data. To prevent such incidents, companies must take proactive measures, such as imposing strict security requirements, conducting audits and assessments, and monitoring. In addition, they should ensure that their supply chain is resilient to supplier incidents that could jeopardize business continuity by, for example, requiring strict compliance with security standards and establishing continuity plans.

Increasing regulatory burden

In addition to managing risk, companies also face growing pressure to comply with regulations. Various European directives such as NIS2, CSDDD and DORA impose increasing responsibilities on companies to keep their supply chains transparent and safe. This requires not only a thorough knowledge of applicable regulations, but also the implementation of robust risk and compliance programs. Companies must be able to demonstrate regulatory compliance and implement continuous monitoring and control mechanisms to ensure compliance.

New way of working as a solution

We see a shift from a focus on cost control to risk management and compliancy marks a major evolution in SCM. Standing still is going backwards. At Eraneos, we help companies adapt their strategies and optimize processes to effectively manage risk and comply with increasingly stringent regulations. If you want to learn more about our Cybersecurity offering, you can check out our page here. Smart technologies, such as those offered by 3rdRisk, can support companies in this transformation and help them be “in control” while reducing costs and staff deployment.

In the next part of our three-part series, we will take a closer look at supply chain security as part of NIS2 and how companies can take a pragmatic approach to meeting these requirements. Keep following us for more insights and practical tips to keep your supply chain secure and compliant.


This three-part series is written in collaboration with Jelle Groenendaal (jelle@3rdrisk.com) from 3rdRisk.

Stay tuned for part two of this series, in which we discuss supply chain security as part of NIS2 and provide a pragmatic approach to managing risk in your supply chain.


Rico Plomp
By Rico Plomp
Senior Manager – Cyber Security

08 Aug 2024
Knowledge Hub overview