Skip to main content

Supplier Cyber Trust Level

Managing cybersecurity risk in the supply chain

Get started today

Increased diversity and complexity of global supply chains lead to growing cybersecurity threats, and end application ecosystems are only as strong as their weakest link.  

UL’s Supplier Cyber Trust Level solution aids procurement mechanisms and helps strengthen the overall supply chain. Our IoT supply chain solution helps industrial, automotive and medical device organizations minimize risk of introducing security issues into their end products, applications and ecosystems that could expose software or system vulnerabilities for customers and end product use.

UL’s Supplier Cyber Trust Level helps suppliers and vendors better navigate procurement and quality assurance processes by demonstrating the trustworthiness of their security practices across the following key trust categories:

  • Software development practices
  • Software development environment and infrastructure
  • Hardware development practices
  • Product documentation
  • Secure production processes and delivery management
  • Security issue management
  • Hosted software
  • Quality management
  • Enterprise security
  • Supplier management

Suppliers and vendors benefit from a single security level provided through an experienced assessment and evaluation process. The Supplier Trust Level also helps with an additional level of competitive differentiation via an independent, documented Supplier Maturity Trust Level.

Supplier Maturity Trust Levels:

  • Level 1: Nascent – No or few ad-hoc security practices have been implemented 
  • Level 2: Challenger – Basic security practices have been incorporated in some processes 
  • Level 3: Contender – Intermediate security practices have been incorporated in some processes
  • Level 4: Strong Performer – Advanced security practices have been incorporated in most of the processes
  • Level 5: Leader – Highest trust level attained 

UL’s Supplier Cyber Trust Level helps navigate the current global complexity of cybersecurity by mapping and leveraging security controls from well-known/popular industry best practices, standards and frameworks, including:

  • NIST cyber supply chain risk management
  • ENISA supply chain attacks
  • METI Society 5.0
  • NERC CIP-013-1UK
  • Supplier Assurance
  • ISO/IEC 20243-1
  • IEC 62443-4-1 & 62443-2-4
  • ISO 27001

As an independent trusted third party, UL helps manage the Supplier Cyber Trust Level on behalf of organizations as a time-efficient and cost-efficient process to assess supply chain security risk.

Get started today