{"id":277,"date":"2026-02-11T15:16:22","date_gmt":"2026-02-11T15:16:22","guid":{"rendered":"https:\/\/virgilia.ch\/?p=277"},"modified":"2026-02-18T18:22:43","modified_gmt":"2026-02-18T18:22:43","slug":"risk-management","status":"publish","type":"post","link":"https:\/\/virgilia.ch\/en\/risk-management\/","title":{"rendered":"Risk Management 4.0: Managing Third Party Risk and the Supply Chain with AI"},"content":{"rendered":"<p id=\"block-n2i6rEFdw1\" class=\"wp-block-nectar-blocks-text nectar-blocks-text\">he global marketplace demands trust, and the International Standard ISO 27001 is the currency of that trust. However, maintaining a solid certification in 2026 requires more than a set of well-written policies. The complexity of modern cloud-based and microservices infrastructures has made third party management the most vulnerable element of any cybersecurity strategy. Into this already complex landscape comes the NIS2 Directive, which makes proper supply chain risk management not only a desirable goal but also a regulatory obligation.<\/p>\n\n\n\n<h4 id=\"block-jjs8u5ORpE\" class=\"wp-block-nectar-blocks-text nectar-blocks-text\">The Critical Issue: Third Party Risk (TPRM)<\/h4>\n\n\n\n<p id=\"block-KDP0adHZto\" class=\"wp-block-nectar-blocks-text nectar-blocks-text\">Any external supplier accessing your data or network is a potential vector of attack. Corporate governance often fails to adequately monitor the supply chain, limiting itself to collecting static certifications at the beginning of the contractual relationship. Instead, a true risk management system must be able to constantly assess whether partners maintain the promised levels of security.<\/p>\n\n\n\n<p id=\"block-zx6cWA775V\" class=\"wp-block-nectar-blocks-text nectar-blocks-text\">Auditors are now trained to dig deep into this aspect: they no longer just ask \u201cwho are your suppliers\u201d, but \u201chow do you monitor their risk in real time\u201d. A lack of structured answers can lead to serious non-conformities that jeopardise the permanence of certification.<\/p>\n\n\n\n<h4 id=\"block-vy7fVWJ4Hj\" class=\"wp-block-nectar-blocks-text nectar-blocks-text\">Virgil.ia and the Augmented GRC: Beyond Passive Management<\/h4>\n\n\n\n<p id=\"block-yg9awN6QNf\" class=\"wp-block-nectar-blocks-text nectar-blocks-text\">Through our Platform, GRC (Governance, Risk, Compliance) management takes a generational leap.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Integration of Risk Management Processes:<\/strong>\u00a0Virgil.ia centralises risk assessment, correlating external threats with internal vulnerabilities and those arising from\u00a0<strong>Third Parties<\/strong>.<\/li>\n\n\n\n<li><strong>IA for Documentary Analysis:<\/strong>\u00a0Our\u00a0<strong>IA<\/strong>\u00a0is able to read and analyse the\u00a0<strong>Certifications<\/strong>\u00a0and supplier safety reports, highlighting impending deadlines or risk clauses that do not meet company standards.<\/li>\n\n\n\n<li><strong>Support for Auditors:<\/strong>\u00a0During the audit phases, Virgil.ia offers a transparent and navigable dashboard. This drastically reduces the audit time and increases the CISO's authority in the eyes of the certification bodies.<\/li>\n\n\n\n<li><strong>Optimisation of Selection Times:<\/strong>\u00a0Reducing bureaucracy in the evaluation of new partners means speeding up business, ensuring that each new collaboration is secure \u201cby design\u201d.<\/li>\n<\/ul>\n\n\n\n<p id=\"block-B8WhbXBFtN\" class=\"wp-block-nectar-blocks-text nectar-blocks-text\"><\/p>","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":31256,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_nectar_blocks_hide_post_title":false,"_nectar_blocks_transparent_header_effect":false,"_nectar_blocks_transparent_header_effect_color":"light","_nectar_blocks_header_animation":false,"_nectar_blocks_header_animation_delay":0,"_nectar_blocks_header_animation_effect":"fade","_nectar_blocks_page_css":"","_nectar_blocks_page_js":"","footnotes":""},"categories":[6],"tags":[],"class_list":{"0":"post-277","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-risk-management"},"_links":{"self":[{"href":"https:\/\/virgilia.ch\/en\/wp-json\/wp\/v2\/posts\/277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/virgilia.ch\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/virgilia.ch\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/virgilia.ch\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/virgilia.ch\/en\/wp-json\/wp\/v2\/comments?post=277"}],"version-history":[{"count":2,"href":"https:\/\/virgilia.ch\/en\/wp-json\/wp\/v2\/posts\/277\/revisions"}],"predecessor-version":[{"id":31257,"href":"https:\/\/virgilia.ch\/en\/wp-json\/wp\/v2\/posts\/277\/revisions\/31257"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/virgilia.ch\/en\/wp-json\/wp\/v2\/media\/31256"}],"wp:attachment":[{"href":"https:\/\/virgilia.ch\/en\/wp-json\/wp\/v2\/media?parent=277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/virgilia.ch\/en\/wp-json\/wp\/v2\/categories?post=277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/virgilia.ch\/en\/wp-json\/wp\/v2\/tags?post=277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}