Supply Chain Security

May 12 2022
EVENT TIME 17:30 Thursday


About The Event

Working Groups roundtable

Time: 12 May 2022 – 17:30-19:00, with Apéro

Location: Neues Schloss Privat Hotel Zurich and online via Cyber Security Community at SCI

First Critical Infrastructure and Healthcare Working Group Roundtable with Sofia Martinez Gomez and Nathalie Gratzer

As part of global innovation, digital products and systems are increasingly incorporating proprietary and open-source third-party components that offer numerous benefits such as improved functionality and reduced costs. At the same time, relying on third parties introduces new risks due to the dependencies and the loss of control. Therefore supply chain security has become a substantial challenge for the entire ecosystem, but more importantly to critical infrastructure since its reliability is of key importance to society.

Different aspects such as risk management, vulnerability management, compliance complexity or incident response are entailed in supply chain security, but the remaining question is still: how to correctly handle these? Different stakeholders are involved in the effort of protecting critical infrastructure, but roles and responsibilities are oftentimes not clearly defined.

As an example, in the healthcare industry medical device manufacturers must deliver secure products with the highest possible quality standard to healthcare providers. Therefore, medical device manufacturers need to select third party components which meet their quality level and hold the third party providers accountable to maintain the level of security. Furthermore, medical device manufacturers must maintain the security of their medical devices during the entire product lifetime. This task is not entirely the medical device manufacturer’s responsibility, since the operation of medical devices is in an uncontrollable environment, e.g. in the healthcare provider premises. Accordingly, healthcare providers are also part of ensuring the operational security of their medical devices and ecosystem.

Various stakeholders from the public and private sectors have their role and responsibility to deal with supply chain security challenges. It is of great importance to allow for an open conversation about the problem so that all stakeholders can jointly work on building trust and competence.

Questions and points to be covered during the session

Third-party risk assessment 
  • Is my vendor a threat? 
  • How to handle their integration (f.e. remote access)? 
  • Is the Software Bill of Materials a solution to increase transparency? 
  • What are the downsides/introduced risks?

Roles and responsibilities

  • Who is responsible for the security of the products during operation? 
  • What are the roles and responsibilities for risk and vulnerability management? 

This is a hybrid event:

To access the event online: please join our community and access the Working Groups roundtable online via our Cyber Security Community at Swiss Cyber Institute

To participate in person and actively be part of the roundtable discussion at Neues Schloss Privat Hotel Zurich, please contact us at


Neues Schloss Privat Hotel Zurich and online via Cyber Security Community at SCI