Information Security Assessment and Certification within Supply Chains

Cybersecurity threats have been on the rise lately, along with the digital revolution. In the industrial area and the supply chains, the disruptions that have already occurred require the search for solutions that minimize the impact of those threats without hampering the digital transformation, equally and globally recognized as bringing enormous benefits. At the heart of the solutions is the ability to manage information security conveniently. To this end, it is essential to put a safety assessment program in place using a set of appropriate metrics. In this article and through an analysis of work already carried out in the area, we propose a metrics framework suitable for supply chains and in the industrial context. Additionally, and to promote the level of trust between the nodes of a supply chain, it is also elaborated on a model of continuous safety assessment, using the same metrics and goals related to certification (based on the IEC 62443 standard). In addition to the contribution to the trust level, the proposed framework can also facilitate the certification process from the perspective of the technological infrastructure. The work is part of a European project (FISHY) that aims to increase resilience in supply chains.