Factory & Handling Solutions May 2026

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

SUPPLY CHAINS I

t is, therefore, important not only to ensure the cybersecurity of an organisation, but also its global digital supply chain. Every part of the supply chain should follow the principle of security by

default/security by design. This means that cybersecurity is embedded within products, services or underlying processes from the very beginning. Organisations should also treat employees as a ‘firewall’ by increasing their awareness of cybersecurity and risk. This makes comprehensive training for

employees and other relevant stakeholders key to avoiding and mitigating cyber risks. Alongside this, an active and positive culture for employees to engage in cybersecurity should be encouraged. For example, by participating in industry consortia or public-private projects on cybersecurity. Cybersecurity needs to be seen as a business-enabling priority for management, and cascade down to all parts of the organisation and throughout the supply chain, irrespective of business size and location. Cybersecurity or quality certifications for

products, services and business processes should be obtained and documented as part of any contract, such as ISO 9001, ISO 28000, ISO 27001, and Cyber Essentials. Regular audits, particularly by a third party, are also highly recommended. These measures help establish a strong cybersecurity baseline and show the entire supply chain that a company is well prepared to defend against the consequences of cyber-attacks.

NIS2 NIS2 is the EU’s updated Directive on Security of Network and Information Systems. It strengthens cybersecurity requirements for essential and important entities, expands sector coverage, and introduces stricter reporting obligations. NIS2 aims to enhance cyber resilience and harmonise security across all EU member states. NIS2 compliance is crucial for

organisations active within the European Union (EU). While NIS2 does not apply to organisations based solely in the UK, it does if they operate in the EU. There is also the ‘Brussels effect’, as the EU’s large market size often means its regulations become a global standard. UK businesses trading with or supplying EU partners will, therefore, need to align their practices with NIS2 for commercial and practical reasons. By adhering to NIS2, businesses can effectively identify and mitigate cybersecurity risks, reducing the chances of operational disruptions caused by cyber incidents and avoiding significant fines or reputational damage. Cyber risks in the supply chain are often

underestimated. The NIS2 Directive not only requires organisations to protect their own systems, but also explicitly requires them to systematically assess the risks in their supply chain. Companies must demonstrate that third parties with IT access and rights

ENSURING CYBERSECURITY ALONG THE SUPPLY CHAIN

By Chris Whyborn, Head of Cybersecurity Services (UK & Europe), TÜV SÜD Business Assurance

Cyber threats can arise internally or via any third party that has access to critical data or is involved with processes or products that support a business

to remote maintenance or data processing are integrated into a robust security management system. NIS2 also places particular emphasis on the role of senior management. Top management must be aware of cybersecurity risks and anchor and enforce their treatment in the organisation through processes, controls, documentation and training. Customers and clients are increasingly

aware of cybersecurity vulnerabilities that can affect network and information systems along their entire supply chain. Achieving NIS2 compliance not only builds trust and confidence but also provides a competitive edge through assurance that their data and

28 MAY 2026 | FACTORY&HANDLINGSOLUTIONS

information are secure when partnering with an organisation.

ISO 28000 AND CYBERSECURITY ISO 28000 covers cybersecurity in the supply chain from a management and risk perspective, rather than a technical one. It helps organisations identify weak points across global supply chains and develop disaster management strategies. Although ISO 28000 does not provide

technical checklists, it requires that cybersecurity is managed through these three pillars: 1. Risk assessment - mandates identifying all security-related risks

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46