Managing Product Cybersecurity: Security as a Process and impact on your Suppliers

Product cybersecurity is changing rapidly as standards and subsequent legislation is appearing in many different industries.? A key point in much of legislation is that it mirrors the adage that cybersecurity is a process, not just a feature of your product. This means that legislation applies to your processes, e.g. your cybersecurity management system.?To be compliant, a company must have an independently audited cybersecurity management system.

Qing AB works with many different types of companies helping with their cybersecurity management systems and working with solutions and evidence of compliance.? We see that for some companies, the requirements on management systems is nothing new, some industries have had regulated management systems for decades.? But for other industries, such as IIoT and Transport, building and maintaining compliance goes much deeper into the manufacturer's existing processes and business strategies than most ever expect.

An example of this is where manufacturers have large supply chains of electrical components and software.? Cybersecurity regulations now require that a manufacturer must have clear and contractual processes for dealing with the cybersecurity of the supplied components and software.? This, we have seen, can be something of a shock for many industries.

Not only are the suppliers shocked with cybersecurity requirements and monitoring, that they never planned on in their P&L calculations, but the manufacturers are surprised when the cybersecurity and management systems now place new complexities on supplier and business relations. ?

Outsourcing now requires clear handling of the cybersecurity. Similarly for re-branding and multi-stage manufacturing.? Passing on supplier contracts and relations is more complex where cybersecurity responsibility together with design responsibility come into play.

While cybersecurity process regulations are good as a whole, they add a new layer of complexity that extends well beyond the normal product development processes and can create unpleasant surprises when creating business agreements that were never a problem previously.

At Qing AB we recommend preparation, and it starts with the realization that cybersecurity and cybersecurity management systems impact many more parts of a company than most industries expect. If you need help with understanding the impact on your business, and how to efficiently comply with the legislation, reach out to our expert Dr Steve Murphy at [email protected] or our CEO Jonas L?nje at [email protected]. Let’s tackle the requirements together.