1. Home/
  2. Services/
  3. Informationssicherheit/
  4. Business Continuity Resilience/
  5. Auslagerungsmanagement/
  6. Dienstleisterauswahl/
  7. Supply Chain Assessment

Subscribe to Newsletter

Stay up to date with the latest trends and developments

By subscribing, you agree to our privacy policy.

A
ADVISORI FTC GmbH

Transformation. Innovation. Security.

Office Address

Kaiserstraße 44

60329 Frankfurt am Main

Germany

View on map

Contact

info@advisori.de+49 69 913 113-01

Mon-Fri: 9:00 AM - 6:00 PM

Company

Services

Social Media

Follow us and stay up to date.

  • /
  • /

© 2024 ADVISORI FTC GmbH. All rights reserved.

Your browser does not support the video tag.
Transparent. Resilient. Sustainable.

Supply Chain Assessment

We support you in the systematic assessment and optimization of your supply chains. From risk identification to the implementation of resilience measures – for a transparent and future-proof supply chain.

  • ✓Identification and assessment of supply chain risks
  • ✓Increased transparency and resilience
  • ✓Compliance with regulatory requirements
  • ✓Strategic optimization of supplier relationships

Your strategic success starts here

Our clients trust our expertise in digital transformation, compliance, and risk management

30 Minutes • Non-binding • Immediately available

For optimal preparation of your strategy session:

  • Your strategic goals and objectives
  • Desired business outcomes and ROI
  • Steps already taken

Or contact us directly:

info@advisori.de+49 69 913 113-01

Certifications, Partners and more...

ISO 9001 CertifiedISO 27001 CertifiedISO 14001 CertifiedBeyondTrust PartnerBVMW Bundesverband MitgliedMitigant PartnerGoogle PartnerTop 100 InnovatorMicrosoft AzureAmazon Web Services

Supply Chain Assessment

Our Strengths

  • Comprehensive expertise in supply chain risk management
  • Experience with international supply chains and regulatory requirements
  • Proven methods for risk assessment and mitigation
  • Interdisciplinary expertise in compliance, sustainability, and risk management
⚠

Expert Tip

An integrated supply chain assessment that considers both operational risks and compliance and sustainability aspects creates significant added value. Investments in transparency and resilience pay off through reduced failure risks and improved stakeholder relationships.

ADVISORI in Numbers

11+

Years of Experience

120+

Employees

520+

Projects

Our approach to supply chain assessment is systematic, risk-oriented, and tailored to your specific requirements.

Our Approach:

Analysis of existing supply chain and risk potentials

Development of a customized assessment model

Conducting the assessment and risk analysis

Derivation of optimization measures

Implementation and continuous monitoring

"A resilient supply chain is a decisive competitive advantage today. The systematic assessment and optimization of supply chain risks not only creates more security but also opens up strategic opportunities through improved transparency and agility."
Sarah Richter

Sarah Richter

Head of Information Security, Cyber Security

Expertise & Experience:

10+ years of experience, CISA, CISM, Lead Auditor, DORA, NIS2, BCM, Cyber and Information Security

LinkedIn Profile

Our Services

We offer you tailored solutions for your digital transformation

Supply Chain Risk Assessment

Comprehensive identification and assessment of risks along your supply chain.

  • Supply chain mapping and visualization
  • Risk assessment and categorization
  • Vulnerability analysis and optimization potentials
  • Prioritization of action areas

Supplier Due Diligence

Systematic review and assessment of suppliers according to various criteria.

  • Development of assessment models
  • Conducting supplier audits
  • Compliance reviews (LkSG, ESG)
  • Supplier assessment and classification

Implementation & Monitoring

Implementation of measures for continuous monitoring and optimization.

  • Development of KPIs and monitoring systems
  • Implementation of early warning systems
  • Building governance structures
  • Continuous improvement and reporting

Looking for a complete overview of all our services?

View Complete Service Overview

Our Areas of Expertise in Information Security

Discover our specialized areas of information security

Strategy

Development of comprehensive security strategies for your company

▼
    • Information Security Strategy
    • Cyber Security Strategy
    • Information Security Governance
    • Cyber Security Governance
    • Cyber Security Framework
    • Policy Framework
    • Security Measures
    • KPI Framework
    • Zero Trust Framework
IT Risk Management

Identification, assessment, and management of IT risks

▼
    • Cyber Risk
    • IT Risk Analysis
    • IT Risk Assessment
    • IT Risk Management Process
    • Control Catalog Development
    • Control Implementation
    • Measure Tracking
    • Effectiveness Testing
    • Audit
    • Management Review
    • Continuous Improvement
Enterprise GRC

Governance, risk, and compliance management at enterprise level

▼
    • GRC Strategy
    • Operating Model
    • Tool Implementation
    • Process Integration
    • Reporting Framework
    • Regulatory Change Management
Identity & Access Management (IAM)

Secure management of identities and access rights

▼
    • Identity & Access Management (IAM)
    • Access Governance
    • Privileged Access Management (PAM)
    • Multi-Faktor Authentifizierung (MFA)
    • Access Control
Security Architecture

Secure architecture concepts for your IT landscape

▼
    • Enterprise Security Architecture
    • Secure Software Development Life Cycle (SSDLC)
    • DevSecOps
    • API Security
    • Cloud Security
    • Network Security
Security Testing

Identification and remediation of security vulnerabilities

▼
    • Vulnerability Management
    • Penetration Testing
    • Security Assessment
    • Vulnerability Remediation
Security Operations (SecOps)

Operational security management for your company

▼
    • SIEM
    • Log Management
    • Threat Detection
    • Threat Analysis
    • Incident Management
    • Incident Response
    • IT Forensics
Data Protection & Encryption

Data protection and encryption solutions

▼
    • Data Classification
    • Encryption Management
    • PKI
    • Data Lifecycle Management
Security Awareness

Employee awareness and training

▼
    • Security Awareness Training
    • Phishing Training
    • Employee Training
    • Leadership Training
    • Culture Development
Business Continuity & Resilience

Ensuring business continuity and resilience

▼
    • BCM Framework
      • Business Impact Analysis
      • Recovery Strategy
      • Crisis Management
      • Emergency Response
      • Testing & Training
      • Create Emergency Documentation
      • Transition to Regular Operations
    • Resilience
      • Digital Resilience
      • Operational Resilience
      • Supply Chain Resilience
      • IT Service Continuity
      • Disaster Recovery
    • Outsourcing Management
      • Strategy
        • Outsourcing Policy
        • Governance Framework
        • Risk Management Integration
        • ESG Criteria
      • Contract Management
        • Contract Design
        • Service Level Agreements
        • Exit Strategy
      • Service Provider Selection
        • Due Diligence
        • Risk Analysis
        • Third Party Management
        • Supply Chain Assessment
      • Service Provider Management
        • Outsourcing Management Health Check

Frequently Asked Questions about Supply Chain Assessment

What is an IT supply chain assessment and why does it matter?

An IT supply chain assessment is the systematic analysis and risk evaluation of all external IT service providers, software vendors and cloud providers an organisation relies on. It matters because over

80 percent of cyberattacks originate from third-party vulnerabilities. Regulatory frameworks including NIS-2 (Article 21), DORA (Chapter V) and ISO 27001 (Annex A.15) require organisations to continuously monitor and document the security posture of their IT suppliers.

What methods are used for vendor risk assessment?

Common methods include security questionnaires (SIG, CAIQ), automated security ratings (e.g. Bitsight, SecurityScorecard), ISO 27001 certification reviews, penetration testing and on-site audits. Best practice is a risk-based approach: critical suppliers with access to sensitive data receive comprehensive assessments, while non-critical suppliers are evaluated through self-assessments.

What does NIS-2 require for IT supply chain security?

NIS-2 (Article 21, paragraph 2d) requires affected organisations to implement security measures for the supply chain, including security aspects in the relationships with suppliers and service providers. Specifically, organisations must assess the cybersecurity practices of their suppliers, establish contractual security requirements and monitor compliance. The EU ICT Supply Chain Security Toolbox provides a coordinated framework for implementation.

How does DORA differ from NIS-2 for supplier assessment?

DORA (Digital Operational Resilience Act) applies specifically to the financial sector with stricter requirements than NIS-2: financial entities must maintain a register of all ICT third-party providers, comply with minimum contractual requirements (Articles 28‑30), and critical ICT third-party providers are directly supervised by European Supervisory Authorities. NIS-2 is the general framework, while DORA is the sector-specific regulation for financial services.

How is a vendor scoring system structured?

A vendor scoring system evaluates IT service providers against weighted criteria across categories such as information security (ISO 27001 certification, technical controls), data protection (GDPR compliance), availability (SLAs, disaster recovery), financial stability and regulatory compliance. Suppliers are classified into criticality tiers (critical, important, standard) that determine assessment depth and review frequency.

What are typical risks in the IT supply chain?

Typical IT supply chain risks include supply chain attacks (such as SolarWinds and MOVEit), compromised software updates, insecure APIs, missing security patches at subcontractors, data exfiltration through third parties and dependency on single cloud providers. Tier-2 suppliers with indirect system access are particularly critical — only

42 percent of organisations have visibility at this level.

How does ADVISORI support IT supply chain assessment?

ADVISORI guides you through the entire vendor risk assessment process: building a supplier inventory with criticality classification, developing tailored evaluation criteria based on ISO 27001 and ISO 27036, conducting supplier audits, implementing a continuous monitoring system and ensuring compliance with NIS-2 and DORA. From initial analysis through to ongoing third-party risk management.

Success Stories

Discover how we support companies in their digital transformation

Digitalization in Steel Trading

Klöckner & Co

Digital Transformation in Steel Trading

Case Study
Digitalisierung im Stahlhandel - Klöckner & Co

Results

Over 2 billion euros in annual revenue through digital channels
Goal to achieve 60% of revenue online by 2022
Improved customer satisfaction through automated processes

AI-Powered Manufacturing Optimization

Siemens

Smart Manufacturing Solutions for Maximum Value Creation

Case Study
Case study image for AI-Powered Manufacturing Optimization

Results

Significant increase in production performance
Reduction of downtime and production costs
Improved sustainability through more efficient resource utilization

AI Automation in Production

Festo

Intelligent Networking for Future-Proof Production Systems

Case Study
FESTO AI Case Study

Results

Improved production speed and flexibility
Reduced manufacturing costs through more efficient resource utilization
Increased customer satisfaction through personalized products

Generative AI in Manufacturing

Bosch

AI Process Optimization for Improved Production Efficiency

Case Study
BOSCH KI-Prozessoptimierung für bessere Produktionseffizienz

Results

Reduction of AI application implementation time to just a few weeks
Improvement in product quality through early defect detection
Increased manufacturing efficiency through reduced downtime

Let's

Work Together!

Is your organization ready for the next step into the digital future? Contact us for a personal consultation.

Your strategic success starts here

Our clients trust our expertise in digital transformation, compliance, and risk management

Ready for the next step?

Schedule a strategic consultation with our experts now

30 Minutes • Non-binding • Immediately available

For optimal preparation of your strategy session:

Your strategic goals and challenges
Desired business outcomes and ROI expectations
Current compliance and risk situation
Stakeholders and decision-makers in the project

Prefer direct contact?

Direct hotline for decision-makers

Strategic inquiries via email

Detailed Project Inquiry

For complex inquiries or if you want to provide specific information in advance

ADVISORI Logo
BlogCase StudiesAbout Us
info@advisori.de+49 69 913 113-01

Latest Insights on Supply Chain Assessment

Discover our latest articles, expert knowledge and practical guides about Supply Chain Assessment

Cyber Insurance: Requirements, Costs, and Selection Guide for Businesses 2026
Informationssicherheit

Cyber Insurance: Requirements, Costs, and Selection Guide for Businesses 2026

April 17, 2026
12 min

Cyber insurance covers financial losses from cyberattacks, data breaches, and IT outages. This guide explains what insurers require in 2026, coverage types, costs by company size, and how to choose the right policy — including how ISO 27001 certification reduces premiums.

Boris Friedrich
Read
Vulnerability Management: The Complete Lifecycle for Finding, Prioritizing, and Remediating Weaknesses
Informationssicherheit

Vulnerability Management: The Complete Lifecycle for Finding, Prioritizing, and Remediating Weaknesses

April 16, 2026
14 min

Over 30,000 CVEs are published annually. Effective vulnerability management prioritizes what matters most to your organization and remediates before attackers exploit. This guide covers the full lifecycle: discovery, scanning, risk-based prioritization, remediation, and compliance.

Boris Friedrich
Read
Security Awareness Training: Building Effective Programs and Measuring Impact
Informationssicherheit

Security Awareness Training: Building Effective Programs and Measuring Impact

April 15, 2026
12 min

The human layer remains the weakest link in cybersecurity. This guide covers how to build an effective security awareness program, run phishing simulations, design role-based training, and measure whether your program actually reduces risk — with benchmarks and KPIs.

Boris Friedrich
Read
Penetration Testing: Methods, Process & Provider Selection Guide 2026
Informationssicherheit

Penetration Testing: Methods, Process & Provider Selection Guide 2026

April 15, 2026
14 min

Penetration testing reveals vulnerabilities before attackers exploit them. This comprehensive guide covers black box, grey box, and white box methods, the 5-phase pentest process, provider selection criteria, DORA TLPT requirements, and cost benchmarks for every test type.

Boris Friedrich
Read
Business Continuity Software: Comparing Leading BCM Platforms 2026
Informationssicherheit

Business Continuity Software: Comparing Leading BCM Platforms 2026

April 14, 2026
18 min

Business continuity software automates BIA, plan management, exercise tracking, and incident response. This comparison reviews leading BCM platforms, selection criteria, DORA alignment, and which solution fits organizations at different maturity levels.

Boris Friedrich
Read
SOC 2 vs. ISO 27001: Which Security Certification Do You Need?
Informationssicherheit

SOC 2 vs. ISO 27001: Which Security Certification Do You Need?

April 14, 2026
16 min

SOC 2 and ISO 27001 are the most requested security certifications. This practical comparison covers scope, cost, timeline, customer expectations, regulatory alignment, and the 70% control overlap — helping you decide which to pursue (or whether you need both).

Boris Friedrich
Read
View All Articles