National Supply Chain Integrity Month: Resources to Assess the Trustworthiness of Vendors and Suppliers

April is National Supply Chain Integrity Month, and CISA is promoting a call to action to “Fortify The Chain”.

Protecting your organization’s information requires understanding not only your immediate supply chain, but also the extended supply chains of vendors and suppliers. The Cybersecurity and Infrastructure Security Agency (CISA) and Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force developed two new resources to help organizations and businesses with this effort:

Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists: This report provides a list of criteria and factors that can be used to inform an organization's decision to build or rely on a qualified list for the acquisition of ICT products and services.

Vendor SCRM Template: This template provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help guide supply chain risk planning in a standardized way. The template provides organizations clarity for reporting and vetting processes when purchasing ICT hardware, software, and services.

• Please note: The Task Force is also looking for parties interested in piloting the template and ascertaining the usefulness of the product. 

Both of these tools are great resources for IT or cybersecurity personnel; acquisitions and procurement officials; those who manage vendor and supplier lists; and others. Please feel free to share, download, and use these free, voluntary.

If you would like to learn more about making your manufacturing facility more resilient, contact your Local Solutions Consultant today to schedule a free consultation.