/

Risk

/

Supply-Chain & Third-Party Risk

EXPERTISE

Supply-Chain & Third-Party Risk

Your security is only as strong as your suppliers'. We help you assess, govern, and continuously manage third-party and supply-chain risk — now a direct requirement under NIS2 and DORA.

What it is — and why it matters.

Modern organisations depend on a web of suppliers, cloud services, and partners — each a potential point of exposure. Supply-chain and third-party risk is the discipline of understanding and managing that exposure deliberately, rather than inheriting it by accident. It's also now a regulatory obligation: NIS2 mandates supply-chain security, and DORA places strict requirements on ICT third-party risk for financial entities.

Who this affects.

Any organisation that relies on external suppliers or ICT providers — nearly all of them — and especially those in scope for NIS2 or DORA, where supply-chain and third-party obligations are explicit.

What's involved

How we help.

  • Risk assessment & tiering | Identify and rank your third parties by the risk they carry.

  • Supplier due diligence | Due diligence and contractual security requirements.

  • Register of information | The oversight and register DORA expects.

  • Ongoing monitoring & governance | Continuous oversight rather than one-off reviews.

  • Integrated with NIS2 & DORA | One effort that satisfies the regulatory duties too.

Risk

Within your managed office.

Sits under Risk, tightly linked to Compliance (NIS2, DORA) and Architecture & Transformation (how suppliers integrate). Managed as part of your program, with strong cross-links to the NIS2 and DORA pages.

Within your managed office.

Sits under Risk, tightly linked to Compliance (NIS2, DORA) and Architecture & Transformation (how suppliers integrate). Managed as part of your program, with strong cross-links to the NIS2 and DORA pages.

CTRL Disrupt

Your Managed Security & Risk Office.
Based in the Netherlands.

EXPERTISE

ISO 27001

NIS2

BIO2.0

EU AI Act

AI Security & Compliance

Marshalllaan 2
2625 GZ Delft
The Netherlands

© 2026 CTRL Disrupt Consulting B.V. · KvK 87198983 · All rights reserved.