Goal of setting information and communications technology (ICT) specific standard for global supply chain security

“This standard is intended to allow a network operator to assess the security hygiene of its vendors,” says Mike Regan of TIA (Telecommunications Industry Association). According to Regan, the SCS 9001 standard takes a very broad overview of the vendor, “…how they manage their products, from conception, through their entire lifecycle, to disposition,” Regan adds. SCS 9001 is more than just a standard, it is a complete cybersecurity and supply chain security management system that verifies trusted ICT providers and suppliers for businesses, governments, and consumers.

Developed by TIA QuEST Forum's Supply Chain Security Working Group, the standard provides guidance for key components of supply chain security:

Secure software development

Validation methods for ensuring software ID and source traceability.

Product security

Governmental requirements on source of origin and transparency of internal controls

“We don’t think you can truly have a secure product without assuring that the supply chain has also been pursued with security at top of mind,” says Regan.

We hear about SCS 9001 in the context of the administration’s efforts, with the U.S Cyber Trust Mark program to be a “good housekeeping seal” for ensuring IoT devices have passed a certain cyber security threshold.

Visit https://tiaonline.org/what-we-do/tia-quest-forum/working-groups/supply-chain-security-working-group/