SCS 9001: The First Global Supply Chain Security Standard
With sophisticated supply chain cyber attacks on the rise, SCS 9001 addresses the urgent need for an information and communications technology (ICT) specific standard for global supply chain security.
SCS 9001 is more than just a standard, it is a complete supply chain security management system that verifies trusted ICT providers and suppliers for businesses, governments and consumers.
Developed by TIA QuEST Forum's Supply Chain Security Working Group, the standard provides guidance for key components of supply chain security:
- Secure software development
- Validation methods for ensuring software ID and source traceability
- Product security
- Governmental requirements on source of origin and transparency of internal controls
WHY SCS 9001?
SCS 9001 is a process-based standard, built on top of a quality management system (QMS). Companies benefit from assured consistent security across all products and services by using SCS 9001 certified suppliers.
Comprehensive: SCS 9001 was developed to address the critical gaps in the ICT standards community. SCS 9001 will ensure trust can be verified by covering 10 security domains with 55 controls, and 7 additional processes with requirements which include sBOM, Zero Trust Architecture, Supplier Trust Principles, Incident Management and Response, and more.
Verifiable: The SCS 9001 certification guarantees that suppliers have an appropriate management system in place that has been systematically audited by an independent and accredited SCS 9001 certification body.
COMPARISON WITH OTHER STANDARDS
SCS 9001 is built upon standards and protocols already available. We have included many of the components in other standards, but SCS 9001 also contains several new and unique components that are not found in other standards.
SCS 9001: The First ICT-Specific Global Supply Chain Security Standard
With sophisticated supply chain cyberattacks on the rise, SCS 9001 is on an accelerated schedule to address the urgent need for an ICT-specific standard for global supply chain security. Scheduled to release later this year, the new process-based standard will be measurable and verify trusted ICT providers and suppliers for businesses, governments and consumers.