Supply Chain
Skill packages tagged with “Supply Chain”
Ecosystem Risk Ranker (CISA CPG 4.1)
Map and rank external dependencies (SaaS, cloud, utilities) essential to a Critical Service. Assigns criticality scores by impact of vendor outage on mission and validates vendor uptime SLAs against the organization's Maximum Allowable Downtime (MAD). Aligned with CISA CPG 4.1 Critical Service Dependency Map.
Fairtrade CoC Author
Guided elaboration of Fairtrade supply chain and Chain of Custody (CoC) documentation — product scope, trader license scope, CoC procedures, and mass balance or physical separation evidence.
ISO 27001 Critical Supplier Register
Operational register of critical suppliers with data access, SLA thresholds, BCP dependencies, security assessment history, and internal ownership. The auditor-expected evidence document that proves supply chain operational knowledge per Clause 7.5.1(b) and Controls A.5.19–A.5.22.
LkSG Supply Chain Due Diligence
Erstellt Grundsatzerklaerungen (Policy Statements) und Jahresberichte gemaess dem Lieferkettensorgfaltspflichtengesetz (LkSG). Mappt Lieferantenaudits auf die 11 geschuetzten Rechtspositionen und validiert die BAFA-Berichtskonformitaet.
Modern Slavery Statements (AU)
Annual drafting of Modern Slavery Statements for the Australian regime under the Modern Slavery Act 2018 (Cth). Covers the seven mandatory criteria (s16), approval by the principal governing body, and submission to the ABF Online Register. For entities with consolidated revenue ≥ A$100m.
NIS2 Supply Chain Security
Assess and manage supply chain cybersecurity risks per NIS2 Art. 21(2)(d). Scores supplier criticality and cybersecurity maturity, validates contractual security clauses, and identifies concentration risks in the ICT supply chain. Produces a supplier risk register and contractual review report.
Procurement Sync
Generate a procurement requirements matrix from construction specifications — maps spec clauses to material requirements, vendor qualifications, submittal obligations, and delivery constraints.
SBOM Risk Scorer
CISA CPG 6.1 Supply Chain SBOM Review: analyze CycloneDX or SPDX SBOMs for Vulnerability Debt and gatekeeping evidence. Summarizes vulnerability debt and flags EOL and critical-CVE components for Accept/Reject decisions.
Supply Chain Clause Harmonizer
Draft and validate C-SCRM Security Requirement Annexes for vendor contracts. Selects clauses by Criticality Tier (right to audit, vulnerability disclosure, breach notification) and validates against NIST SP 800-161 (GV.SC).
Supply Chain Code of Conduct
Draft and validate supply chain codes of conduct defining the ethical standards suppliers must sign. Covers labour rights, environmental obligations, Right to Audit clauses, and sub-tier flow-down requirements aligned with Modern Slavery Act (UK/AU), LkSG (Germany), ILO Core Conventions, and EU CSDDD. Automated tools validate audit clause strength and flag Tier 1-only compliance gaps.
UK Modern Slavery Statements
Annual drafting of transparency statements for the UK government registry under the Modern Slavery Act 2015 (s54). Covers the six recommended areas—organisation structure and supply chains, policies, due diligence, risk assessment and management, KPIs, training—and registry requirements (board approval, director sign-off).