16 June 2026

Cyber & Supply Chain Assurance in Action

Learn Read Transformation Stories

Cyber Security

Enabling more efficient and confident decision making across the supply chain.

We recently partnered with a large unique, independent institution that operates much like a private entity and a global toy manufacturer, to strengthen cyber and information security across complex, large-scale supply chains.

While operating in very different environments, both organisations faced a common challenge: how to manage supplier risk effectively in an increasingly dynamic and interconnected threat landscape, without adding unnecessary operational burden.

The Challenge:

Scaling Assurance in Complex Supplier Ecosystems

Both organisations were managing large and diverse supplier bases, spanning critical services, technology providers, and operational partners.

Over time, their existing approaches to supplier assurance had become difficult to scale and maintain.

Together, these challenges created barriers to achieving a consistent, scalable, and insight-driven assurance model. Key challenges included:

Fragmented Processes

Different teams had developed their own approaches, resulting in inconsistency and limited standardisation.

Manual and time-intensive workflows

Supplier assessments were often conducted using spreadsheets and email-based processes, creating significant administrative overhead and slowing down delivery.

Limited visibility of risk

Without a centralised system, it was difficult to gain a clear, real-time view of supplier risk across the organisation.

Difficulty adapting to change

As supplier landscapes evolved and cyber threats increased, point-in-time assessments quickly became outdated.

Inconsistent application of standards

There was a need to better align assurance activities to recognised frameworks such as ISO 27001 and the NCSC Cyber Assessment Framework (CAF).

Security Assessment Questionnaire (SAQ) design

SAQ Composition not structured to key security domains, granular questions affecting the quality and diligence of respondent response.

The Solution

End-to-End Automation and Standardisation

The SAQ platform transformed the way supplier assurance was delivered, introducing a structured and repeatable process across four key stages:

Supplier Onboarding and Preparation

Suppliers are onboarded through a structured process

Automated communications provide clear guidance and expectations

Assessment scope is aligned to supplier criticality

Digital Questionnaire Completion

Suppliers complete tailored questionnaires via a secure online platform

Questions dynamically adjust based on responses and certifications

Internal collaboration is enabled through delegation functionality

Review and Risk Assessment

Responses are reviewed against industry-recognised standards

Risks are identified, categorised, and prioritised

Automated scoring provides a consistent, data-driven risk view

Reporting and Remediation

Structured reports highlight findings, risk and recommended actions

Clear, actionable insights support supplier improvement

Progress can be tracked over time, enabling continuous assurance

Key Capabilities Delivered

The platform introduced several important capabilities that enhanced both efficiency and effectiveness:

Process Automation

Replacement of manual, spreadsheet-based processes
Automated distribution and reminders
Streamlined workflows across assessments

Administrative Efficiency

Reduced administrative burden across teams
Less manual follow-up and coordination
More time for strategic risk management

Secure Evidence Collection

Suppliers can securely attach necessary evidence (e.g.., policy documents, screenshots) via drag-and-drop

Real-Time Visibility

Centralised dashboard providing live status updates
Ability to monitor assessment progress and completion rates
Improved oversight across large supplier populations

Dynamic Risk Assessment

Tailored questionnaires based on supplier profile and risk level
Weighted scoring models to prioritise critical risks
Consistent evaluation aligned to recognised frameworks

Enhanced Collaboration

Suppliers can assign questions to appropriate internal experts
Clear communication channels between stakeholders
Improved quality and completeness of responses

The Impact

The implementation delivered meaningful improvements across both organisations:

Operational Efficiency and Scalability

Significant reduction in time and effort required to complete assessments
Ability to manage large volumes of suppliers with greater ease
Repeatable processes reducing duplication and inconsistency

Stronger Risk Management

Improved visibility of risk across the supplier landscape
Ability to prioritise high-risk suppliers and focus mitigation efforts
More proactive approach to managing emerging threats

Improved Governance and Consistency

Standardised assurance approach across the organisation
Alignment with ISO 27001 and NCSC CAF principles
Clear audit trail of assessments, decisions, and actions

Better Supplier Engagement

Simplified and more intuitive experience for suppliers
Clear expectations and structured feedback
Increased collaboration and transparency

Why It Matters

As organisations become more reliant on complex supply chains, traditional approaches to assurance are no longer sufficient.

This work demonstrates how a strategic combination of technology, standardisation, and risk-based thinking can transform supplier assurance from a manual, reactive process into a proactive, data-driven capability.

By improving visibility, consistency, and scalability, organisations are better equipped to strengthen cyber resilience, manage third-party risk effectively and support long-term business continuity. These engagements highlight the growing importance of modern cyber assurance models in supporting organisational resilience.

By moving towards automated, standards aligned and insight led approaches, organisations can not only reduce risk but also enable more efficient and confident decision making across their supply chains.