THREAT ALERT: CVE-2021-44228 is a critical vulnerability resulting in Remote Code Execution (RCE). 

Read Fortress's response to the recent Log4j exploit.

Supply Chain
Risk Management

Fortress performs a broad assessment of third-party risk across the full spectrum of vendor, IT, and industrial components. Our Supply Chain Risk Management services prevent security breaches and ensure regulatory compliance through end-to-end assessment services and continuous monitoring.

The Fortress Risk Management Solution

Roughly 50% of data breaches occur through risks and oversights that are out of your control, usually by way of a third-party vendor. At Fortress, we assess your products, their suppliers, and asset owners to ensure that both your operations and reputation are upheld. 

With the effects of EO [SM1] 14017 to Protect America’s Supply Chains, it is essential that energy companies gain insight into how their business and future security operations will be affected. Fortress illuminates supply chain risks to remediate these gaps in security and ensure the resilience and reliability of the Bulk Electric System.

Supply Chain Risk Management Benefits

The Fortress approach to Supply Chain Risk Management isn’t the standard, one-size-fits-all method you’ll find with other information security professionals – we go the extra mile to ensure the safety and security of your operations now and in the future while offering continuous monitoring. 

Beyond offering industry-leading expertise and support, Fortress has developed, in partnership with the electric power industry, an information sharing environment called the Asset to Vendor Network (A2V). Through the asset to vendor network, suppliers and their customers can exchange information about supply chain risk, internal controls and product security profiles.

Learn More About the A2V Network

What are the Outcomes of Our TPRM Partnership?


Faster program


Days to


More vendor coverage
in the same period



What Sets Us Apart

We ensure your compliance success by providing essential resources and support, including access to audit reports, security frameworks controls, FOCI (foreign ownership, control or influence) assessments, and continuous monitoring services.

Fortress A2V Network

Our A2V Network streamlines the process of compliance and third-party monitoring. Easily purchase compliance assessments from any third-party within your supply chain, making asset to vendor communication an efficient and stress-free process.

FOCI: Foreign Ownership, Control and Influence

In response to Executive Order 13920, Fortress performs assessments on vendors and products to provide insight into the supply chain of the U.S. bulk-power system and source electric grid components. We assess control and influence in the following areas:

  • Cyber & Physical Presence
  • Manufacturing 
  • Mergers & Acquisitions
  • Corporate Families

Validated and Data Driven Vendor & Product Assessments

Via the A2V Network, organizations may access a series of validated and data driven assessments about their suppliers, customers and products. The continuous analytics feed to Fortress Platform enables members to have up-to-date information about supply chain risks delivered in the following ways:

  • A2V Controls Assessment
  • Data Driven Risk Rank
  • Data Driven Vendor Assessment
  • Continuous Monitoring
  • Data Driven Product Assessment
  • Software and Hardware Bill of Material Analysis