C08. Course Cyber Resilience in the Industrial Supply Chain
4 live sessions
Date to be determined
From 15:30 to 19:00 CET.
Practical and downloadable
Seats
Governing the industrial supply chain is not only about protecting systems, but about making decisions on dependency, sovereignty, resilience, and operational continuity.
What will you achieve with this course?
Industrial digitalization has turned the supply chain into a direct extension of the operational process. Manufacturers, integrators, cloud providers, telecommunications companies, SOCs, and specialized third parties now take part in decisions that affect operational continuity, security, and industrial resilience.
This course on cyber resilience in the industrial supply chain provides a practical, technical, and strategic perspective to understand and govern cyber resilience in industrial supply chains within OT environments.
Participants will learn to identify hidden technological dependencies, assess the real capabilities of suppliers, transform evaluations into operational controls, and build digital trust models aligned with NIS2, CRA, and IEC 62443.
The training focuses on real industrial scenarios, moving away from a purely documentary or compliance-based approach, and uses RECIN and the SCR² framework from the CCI to work on the relationship between the industrial operator and technology providers.
What you will learn in this training
- Identify invisible technological dependencies.
- Assess the real capabilities of suppliers.
- Transform evaluations into operational controls.
- Build sustainable digital trust models.
- Governing the client–supplier relationship from a practical, technical, and strategic perspective.
Practical team-based work (client/supplier) on real industrial case studies.
Who is it for?
This training is aimed at professionals involved in the operation, protection, supervision, procurement, or provision of services for industrial infrastructures and critical processes.
It is especially targeted at:
- Industrial Cybersecurity Managers (ICSO)
- OT Managers
- Industrial Operations Managers
- CISOs with OT environments
- Industrial integrators
- OT technology providers
- Procurement managers
- Industrial maintenance companies
- Continuity and resilience managers
- NIS2/CRA compliance managers
- Engineering firms and industrial manufacturers
- SOC/NOC teams with OT responsibilities
- Consultants specialized in industry
The training is particularly valuable for organizations that need to improve the management of risks associated with third parties, critical suppliers, and industrial digital dependencies.
Course teaching team
LIMITED SEATS
¡Formación exclusiva!
Frequently asked questions
Do I need prior knowledge in cybersecurity?
Yes. The training is aimed at professionals with prior experience or regular exposure to industrial environments, OT, or technology supplier management.
Why participate in this training?
Because the supply chain has become one of the main risk and dependency factors in modern industrial operations. The course provides a practical and realistic perspective on how to manage that complexity.
What does the full program look like?
Block 1. Understanding the extended industrial ecosystem
- Reconstruct real architectures of critical industrial processes.
- Identify assets, flows, dependencies, and relevant stakeholders.
- Translate technological risks into business impact.
- Detect invisible dependencies in suppliers and third parties.
- Analyze technical, operational, and decision-making sovereignty.
Block 2. Assessing supplier capabilities and maturity
- Use the SCR² model to classify suppliers.
- Evaluate essential cybersecurity capabilities.
- Analyze maturity in governance, access management, monitoring, and vulnerability handling.
- Apply real-world questions for supplier conversations.
- Identify critical gaps and justify risks.
Block 3. Designing joint supervision and resilience
- Define reasonable operational controls.
- Design shared supervision models.
- Coordinate SOC/NOC/OT with third parties.
- Create joint review cycles and simulations.
- Build realistic client–supplier roadmaps.
Block 4. Integrating regulation and OT digital trust
- Understand the implications of NIS2 and CRA.
- Relate requirements to IEC 62443
- Build scalable trust models.
- Prepare for regulatory audits.
- Prioritize investments based on criticality and dependency.
Course differentiators:
- Real industrial case studies.
- Dual-role work (client/supplier).
- Strategic dilemmas based on real conflicts.
- OT and operational continuity focus.
- Integration of resilience, sovereignty, and compliance.
What supporting materials will I receive?
Each participant will receive:
- Included documentation: CCI guides, SCR² Framework, sector studies, pocket guide for supplier assessment, NIST SP 800-161 Rev. 1 references.
- The presentations used during the course training sessions.
What methodology is used?
A practical methodology based on collaborative exercises, real industrial scenarios, and client/supplier dynamics using RECIN and the SCR² framework.
Are real cases used?
Yes. Participants will work on cases from various industrial sectors, based on industrial architectures specifically designed for the course.
What makes this training different from other supply chain cybersecurity courses?
OT and industrial focus: The course is not limited to documentary compliance, but addresses operational continuity, technological sovereignty, structural dependency, and real decision-making between client and supplier.
What are the session times?
From 15:30 to 19:00 (Spain time – CET).
What are the classes like?
The training modality developed for this course is synchronous online (accessible from any location with a stable internet connection).
Sessions are always live through the videoconferencing system provided by the CCI School.
These sessions will be recorded and available for later viewing by the student for a limited time.
How long do I have access to the material after the training ends?
All training material offered during the course (session recordings, dossiers, etc.) will be available to the student for a period of 1 calendar month.
During this time, the student can freely access the material remotely.
What document certifies my participation?
Upon completion of the training and after meeting the necessary requirements, the student will receive a certificate from the school. This certificate attests to your attendance, participation, and fulfillment of the training requirements.
*CCI School is an internationally recognized organization whose training, experience, faculty, and professionalism are accredited.
Along with the certificate, you will receive the Green Professional Credential (which is obtained through the knowledge acquired during the training) from our CCI Industrial Cybersecurity Commitment Recognition Program.
What are the payment methods?
Payment is one-time. To access the training and reserve a spot, the student must make the full payment via credit/debit card.
If, due to special circumstances, the only possible way is through bank transfer, please email us at escuela@cci-es.org, and we will handle the request personally.
Can my company subsidize this training?
Yes. You can subsidize the number of hours included in this training using your training credit through FUNDAE (State Foundation for Employment Training).
The Industrial Cybersecurity Center does not manage the subsidy process, but we will provide all the necessary information and documentation for you to do so.
Prices and Enrollment Conditions
This course offers personalized pricing for members of the CCI ecosystem. Conditions allow exclusive benefits and price reductions for training at the School.
- Non-CCI Member…………………..€ 1.100
- Basic Member:…………………..€ 990
- Professional Member……………€ 935
- Enterprise Member……………..€ 935
- Platforms Member……………€ 880
- Subscription Member……………€ 825
Prices exclude VAT or taxes.
Eligible for FUNDAE funding
Only 15 students per edition