Page 7 - Federal Computer Week, March/April 2019
P. 7
procedures and policies (as for ISO conformance), you can never be sure.”
The federal government acknowledges the risk to supply chains. The White House’s 2018 ������������������������������� broached the issue, saying government “should improve awareness of supply-chain threats and reduce duplicative activities within the United States government.”
The National Risk Management Center, housed within the Department of Homeland Security, sponsors the Information and Communication Technologies (ICT) Supply Chain Risk Management Task Force, a public-private partnership that eventually will provide what it describes as “consensus recommendations to identify and manage risk to the global ICT supply chain.”
There have also been initiatives aimed at shoring up the IT supply chain, including an outright ban on the federal government’s use of anti-virus software developed by Moscow-based Kaspersky Lab; bills out of Congress to allow the DHS to disallow government contracts that include suspicious technologies; and legislation that bans agencies from using certain Chinese IT vendors.
Even if the original manufacturers of IT products bought by federal agencies are innocent of nefarious activity, there are concerns that products could be tampered with while in transit, resulting in more threats or counterfeit products.
ISO 28000 Standards
The ISO 28000 standards spell out the requirements to ensure safety throughout the supply chain. CDW·G has been the leader in the adoption of security standards. The broader IT industry and its partners are starting to adopt these practices, as well. Recently, government agencies have begun including requirements
in solicitations for certain ISO standards that:
• Establish, implement, maintain and improve a supply-chain security management system;
• Assure conformity with supply- chain security management policy;
• Seek conformity through
���������������������������
• Make a self-determination of conformity.
ISO 28000 requires proving supply-chain security – time and �������������������������������� vendor itself, CDW·G must
undergo regular, rigorous audits by the ISO certifying body. CDW·G also works with major suppliers and reviews their compliance with their supply chain.
Product quality factors into the ISO 28000 standards, as well. If
a buyer wants assurances that security and quality are up to snuff with regard to the global supply chain, the ISO standards are the only vehicle that can deliver both.
Because of the complexity and dynamism of global supply chains, rigorous adherence to standards “has to be ongoing to make sure unauthorized products are not allowed into the supply chain, and that our government customers know they are always working with trusted partners,” Holden says.
FOR MORE INFORMATION ON CDW•G’S OFFERINGS, PLEASE VISIT: CDWG.COM/FEDERAL
CDW·G Supports Supply-Chain Integrity
• Trusted Supplier – Complies with government requirements to prevent counterfeit or “grey ��������������������������������������������������
• Upstream Governance – Collaborates with original equipment manufacturers to maintain product and brand integrity.
• Alignment with Government Requirements –
Customizes deliverables to accommodate unique requirements of government customers.
