Complex risk management in global supply chains

In today's global, outsourced, and optimized supply chains, corporates build up a business network of third parties. Thousands of suppliers, suppliers-of-suppliers and service providers for quality control, assurance and logistics interact in a complex ecosystem with dependent and intransparent processes. Understanding this network poses a major challenge for brands, importers and retailers, who are ultimately responsible for the products they deliver to consumers.

Brands request audits and self-assessments from suppliers to prove their compliance with policies and regulations. Managing these data for thousands of suppliers is complex, costly and time consuming. Suppliers have to enter all requested data to the brand’s management system. Suppliers are obligated to assist and accommodate each clients’ specific formats and styles of due diligence processes, risk assessments, collaborative corrective actions and roadmaps.

The current solutions for third-party risk management focus on process improvements for the brand and are designed to cover 1:1 relationships. But from a supplier’s perspective, it slows down collaboration processes and raises a significant barrier to entry for new 1:1 relationships, disincentivizing broader, shorter-term, or more agile partnerships. Even guaranteeing the integrity of this data over time with a fixed roster of clients is a cost driver passed on to each of them.

Our solution - Improving existing TPRM systems with blockchain

As blockchain technology can support decentralized management of data, it is the perfect trust fabric for sharing the verified compliance data of suppliers. In practice, it guarantees data integrity and trust between supply chain actors over time.

A key Pharma industry consortium of business and technology companies enabled verifiable and self-sovereign data exchange across supply chain participants. Spherity is contributing its identity wallet, based on decentralized, verifiable digital identities, so that suppliers and brands can sign and share data in a secure yet privacy-preserving way.

Based on the identity wallets of Spherity, every supply-chain actor holds a decentralized identity (DIDs) that signs all of its reusable, verified information in DID-linked documents called “verifiable credentials” (VCs). The unique identifier is anchored on the blockchain, so that it can be used to cryptographically sign data or to open secure channels with other DIDs for data sharing. The identity wallet managing all the identities and verifiable data of an enterprise can be summarized as the “browser” for navigating this blockchain-enabled data exchange.

In the blockchain-enabled TPRM system, the principle of Self-Sovereign Identity (SSI) data exchange between entities is applied. SSI allows for example individuals to issue, store and selectively prove the authenticity of personal data like ID number, date of birth, address or driver's license details; they store and manage these sensitive documents as “verifiable credentials” in a personal identity wallet. In the context of blockchain-enabled TPRM, the same principles is applied: a supplier can use its wallet to store its answers to questionnaires, audit reports or operational policies in an enterprise-scale credentialized data model.

This data model means that the brand can verify the submitted data and use its own enterprise wallet to issue verifiable credentials as confirmation that it has vetted and approved the suppliers data to standards. The verified TPRM data are now stored - together with the credentials issued by the brand - in the supplier’s identity wallet provided by Spherity. These credentials can be reused for the next onboarding process at another brand using an identity wallet. Since all parties benefit from making their credentials reusable, the “identity layer” securing and verifying these credentials functions as a “meta-platform” synchronizing each vendor’s platform or portal. This creates something powerful and efficient: a unified and interoperable data exchange for TPRM data across all supply chain stakeholders on the broader, federated network.

As a result, Spherity´s enables to overcome drawbacks of existing systems by integrating its enterprise and web identity wallets into the existing business processes. The identity wallet can be integrated via exposed APIs into any TPRM system or vendor portal.

Suppliers are able to manage their digital identity and valuable data in an own web based identity wallet, which is securely accessible. These self-sovereign, cloud-based identity wallets enable a secure and verifiable way to exchange high-value data in a self-sovereign way.

Success drivers

The interoperability between different wallet providers is a key driver for the success of this solution. For large players like global brands, interoperability guarantees and future-proofs investments at ecosystem scale; for smaller players, interoperability ensures that they truly own their data in a way that is both widely portable and universally verifiable (and thus valuable and useful to the most clients). Spherity’s entire business is predicated on actively participating in standards bodies to make decentralized identity interoperable and keep it future-proof. Spherity has worked with the W3C for years to cement the foundations of DIDs and VCs protocols, and today is working closely with the Decentralized Identity Foundation (DIF) to evolve communication protocols for verified data exchange built on those protocols.

Amidst this evolving ecosystem of verifiable data, suppliers can transform their normal compliance and risk assessment data into more valuable new forms like verifiable credentials. These credentials can be shared and verified among different siloed TPRM systems by using enterprise-scale identity wallets, bringing objectivity and verification to their reputation.


With a consortium of pharma brands, enterprise wallet providers and other developers, Spherity is building a blockchain-enabled third-party risk management system that will work better for both global brands and their suppliers. Besides cost reductions, faster lead times in the onboarding of suppliers, and new ways of collaborating, powerful data exchanges are also possible within and between supply chains. Blockchain-powered TPRM enables brands to increase transparency in multi-tier sourcing networks, reduce compliance costs, speed up onboarding, and improve the security as well as integrity of sensitive data. On the other side of the blockchain empowered TPRM process, suppliers can benefit from self-sovereign control over their credentials and streamline audits as well as reduce their own onboarding costs.