Interim CIO: Dr. Claus Michael Sattler

How CDMOs make optimum use of the CRA in the purchasing process

By Claus Michael SattlerIn UnkategorisiertPosted 0 Comment(s)
CDMO

Interim CIO: Dr. Claus Michael Sattler

CDMO Purchasing

How can CDMOs make the most of the Cyber Resilience Act in the procurement process?

The pharmaceutical industry, especially Contract Development and Manufacturing Organizations (CDMOs), face a number of challenges and opportunities with regard to the Cyber Resilience Act (CRA). This new EU regulation offers CDMOs the opportunity to increase their competitiveness by making the most of the CRA in the CDMO purchasing process. The CRA requires manufacturers of products with digital elements to strengthen their cybersecurity and ensure that all requirements are met throughout the product lifecycle.

What is the Cyber Resilience Act?

The Cyber Resilience Act is an EU regulation that focuses on the cybersecurity of connected products. The CRA applies to hardware and software with digital components and requires manufacturers to actively minimize cybersecurity risks throughout the entire product life cycle. The aim is to create a uniform Europe-wide standard for the cybersecurity of products and to strengthen consumer confidence [source: 6].

CDMO purchasing and the Cyber Resilience Act

In the CDMO purchasing process, the CRA can be used as an argument for a secure and reliable supply chain. By complying with the CRA requirements, CDMOs can ensure that their suppliers also meet the required cybersecurity standards. This can serve as a control tool to minimize the risk of cyberattacks along the entire supply chain.

Strategies for using the CRA in CDMO purchasing

To make the best use of CRA in CDMO purchasing, CDMOs should pursue the following strategies:

  1. Risk assessment and management: A comprehensive risk assessment is crucial to identify and evaluate potential security risks in the supply chain. This includes analyzing cyberattacks on critical infrastructure and taking regulatory changes into account [source: 2].
  2. Implementation of cybersecurity requirements in the purchasing process: CDMOs should ensure that all suppliers meet the requirements of the CRA. This can be done by integrating cybersecurity criteria into purchasing contracts [source: 1].
  3. Collaboration with suppliers: Collaboration with suppliers is critical to ensure that all CRA requirements are met. This can be done through regular audits and safety checks [source: 4].
  4. Develop a vulnerability management process: Effective vulnerability management is critical to quickly responding to and remediating security vulnerabilities. This also includes the creation of a software bill of materials (SBOM) [source: 3].
  5. Promote collaboration across industry boundaries: Collaboration with other companies and industries can help to overcome existing challenges more effectively and share best practices.

Competitiveness through the CRA

Compliance with the requirements of the CRA can be a significant competitive advantage for CDMOs. By complying with the CRA, CDMOs can build trust with consumers and regulators, which increases their competitiveness in the marketplace. Compliance also provides the opportunity to optimize processes and reduce costs through more efficient safety measures.

Conclusion

The Cyber Resilience Act offers CDMOs the opportunity to increase their competitiveness by making the most of the CRA in the CDMO purchasing process. By integrating cybersecurity requirements into the purchasing process and working with suppliers, CDMOs can ensure that their supply chain is secure and reliable. Collaboration with other industries and consideration of guidelines such as NIS2 and DORA are key to developing a comprehensive CDMO procurement strategy.

The Cyber Resilience Act will play a central role in shaping the cybersecurity landscape in the EU in the coming years. Through its comprehensive requirements for manufacturers of products with digital elements, it will help keep consumers and businesses safer. The challenges posed by the CRA also offer opportunities for innovation and growth, especially in sectors such as the pharmaceutical industry, which are particularly affected by increasing digitalization. CDMO purchasing can become a crucial control tool through the CRA to ensure cybersecurity along the entire supply chain.

CDMO purchasing processes can be optimized through the CRA by CDMOs auditing their suppliers for compliance with CRA requirements. This can be used as an argument for a secure and reliable supply chain, which increases the competitiveness of CDMOs. Collaboration with other companies and consideration of guidelines such as NIS2 and DORA are key to developing a comprehensive CDMO purchasing strategy.

Sources

  1. https://www.european-cyber-resilience-act.com/Cyber_Resilience_Act_Article_5.html
  2. https://www.outsourcedpharma.com/doc/new-eu-directive-marks-cybersecurity-regulatory-paradigm-shift-for-bio-pharma-medical-devices-0001
  3. https://my.avnet.com/silica/solutions/security-services/secure-device-management-provisioning/cyber-resilience-act/
  4. https://supplychaindigital.com/technology/kroll-cybercriminals-target-supply-chain-it
  5. https://boracdmo.com/how-a-cdmo-can-increase-the-competitiveness-of-your-product/
  6. https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act
  7. https://cybermagazine.com/articles/a-mixed-response-on-eus-new-vulnerability-disclosure-rules
  8. https://www.cyberresilienceact.eu/the-cyber-resilience-act/
  9. https://www.european-cyber-resilience-act.com
  10. https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act
  11. https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Cyber_Resilience_Act/cyber_resilience_act_node.html
  12. https://locaterisk.com/en/cybersicherheit-in-der-digitalen-lieferkette/
  13. https://www.marketsandmarkets.com
  14. https://www.european-cyber-resilience-act.com/Cyber_Resilience_Act_Preamble_11_to_20.html
  15. https://markets.ft.com/data/announce/detail?dockey=600-202503110800PR_NEWS_USPRX____LA37635-1
  16. https://www.cyberresilienceact.eu/the-cra-explained/
  17. https://ec.europa.eu/commission/presscorner/detail/en/QANDA_22_5375
  18. https://www.rmmagazine.com/articles/article/2024/08/08/challenges-and-opportunities-of-the-eu-cyber-resilience-act
  19. https://www.rolandberger.com/en/Insights/Publications/Unlocking-Value-in-the-CDMOs-market.html
  20. https://www.europeanlawblog.eu/pub/cybersecurity-for-europe-without-a-legal-basis
  21. https://www.simon-kucher.com/en/insights/unlocking-better-growth-cdmos
  22. https://www.womblebonddickinson.com/uk/insights/articles-and-briefings/eu-cyber-resilience-act
  23. https://www.ey.com/en_gl/insights/strategy/how-cdmo-companies-are-leading-innovation-for-pharmaceutical-partners
  24. https://www.strategyand.pwc.com/de/en/industries/pharma-life-sciences/2022-global-cdmo-study.html
  25. https://www.concepture.de/en/eu-cyber-resilience-act-requirements-impacts-for-businesses/
  26. https://www.prnewswire.com/news-releases/optimizing-outsourcing-a-case-study-on-evaluating-cdmo-capabilities-for-api-and-fd-development-302341149.html
  27. https://www.enisa.europa.eu/publications/cyber-resilience-act-requirements-standards-mapping
  28. https://www.reuschlaw.de/en/news/the-cyber-resilience-act-content-and-practical-implementation/
  29. https://drug-dev.com/cdmo-case-study-ajility-streamlining-drug-product-manufacturing/
  30. https://www.pwc.de/de/cyber-security/case-study-sichere-produktentwicklung-und-cra-compliance.html
  31. https://www.unity-consulting.com/en/consulting-services/governance-risk-compliance/cyber-resilience-act/
  32. https://www.pwc.de/de/gesundheitswesen-und-pharma/studie-pharma-cdmo-market.pdf
  33. https://www.european-cyber-resilience-act.com/Cyber_Resilience_Act_Articles.html
  34. https://www.outsourcedpharma.com/doc/one-stop-shop-or-best-of-breed-cdmo-selection-case-studies-0001
  35. https://www.zuehlke.com/en/insights/cyber-resilience-act-how-the-eu-security-regulation-affects-business
  36. https://industrialcyber.co/regulation-standards-and-compliance/eu-cyber-resilience-act-takes-effect-brings-new-era-of-mandatory-cybersecurity-standards-for-digital-products/
  37. https://www.taylorwessing.com/-/media/taylor-wessing/files/germany/2025/tw24_cra_2.pdf
  38. https://www.dotmagazine.online/issues/building-trust-in-the-digital-world/the-cyber-resilience-act-iot-security
  39. https://industrialcyber.co/regulation-standards-and-compliance/eu-adopts-cyber-resilience-act-bolsters-security-requirements-of-connected-devices-and-infrastructure/
  40. https://www.ocmconsulting.de/en/references-highlights/case-studies/procurement-pharmaceutical-raw-materials
  41. https://cdn.digitaleurope.org/uploads/2024/09/Developing-guidelines-for-the-Cyber-Resilience-Act_DE.pdf
  42. https://www.strategyand.pwc.com/de/en/industries/pharma-life-sciences/2022-global-cdmo-study/strategyand-2022-global-cdmo-study.pdf
  43. https://www.pickplace.de/en/hub-blog-1/der-cyber-resilience-act-und-die-bedeutung-f%C3%BCr-eingebettete-elektronik
  44. https://apeloconsulting.com/case-studies/cdmo-case-study/
  45. https://www.linkedin.com/posts/stephencawley_impact-of-eu-cyber-resilience-act-on-device-making-activity-7190979261615276032-rsZS
  46. https://ubuntu.com/blog/a-cisos-comprehensive-breakdown-of-the-cyber-resilience-act
Dr. Claus Michael Sattler

P.O. Box 1142
28833 Weyhe
Germany

Phone: 0049 174 6031377

E-Mail: cms@sattlerinterim.com

www.sattler-interim.com - Logo mit weißem Hintergrund
Dr. Claus Michael Sattler - interim CIO
www.renate-sattler.com - linkedin-Logo
www-ihr-interim-cio-com-DDIM-Mitglied-Dr-Claus-Michael-Sattler
www.sattler-interim.com - DÖIM-Mitglied
TOP 100 INTERIM
www.sattler-interim.com - Renate H. Sattler
www.renate-sattler.com - linkedin-Logo
www-ihr-interim-cio-com-DDIM-Mitglied-Dr-Claus-Michael-Sattler
www.sattler-interim.com - DÖIM-Mitglied
www.sattler-interim.com - Logo von Renate H. Sattler-300x300
www.china-interim-managerin.com - China Consulting Partner
Post Views: 23
Administrator

Claus Michael Sattler

Leave a Reply

Your email address will not be published. Required fields are marked *