The Telecommunications Industry Association (TIA) released the first-ever supply chain security standard (SCS 9001), developed specifically to aid the information and communications technology (ICT) industry.
The SCS 9001 is intended to be objective to verify end-to-end cyber and physical security across ICT network infrastructure. TIA created the SCS 9001 as a process-based standard with an independent audit and certification program for suppliers and service providers to verify critical security controls and processes for their products and solutions are in place.
“Our global community depends on connectivity, and while technology continues to outpace security, we now have a process-based, verifiable standard to significantly mitigate threats to the ICT supply chain,” said David Stehlin, CEO of TIA in a press release.
After 20 months, the SCS 9001 was officially approved for release last year on Dec. 31 by TIA’s QuEST Forum Supply Chain Security Working Group and its subcommittees of industry technology and security experts. The new standard is built around a Quality Management System which operationalizes industry guidelines and best practices relevant to measures put forward by the National Institute of Standards and Technology.
What makes SCS 9001 stand out, TIA notes, is that organizations can verify if products meet the industry-approved standard with an independent audit and certification program.
Additionally, organizations that leverage SCS 9001 will be provided with anonymized quarterly and annual security benchmark reports tracking their organization’s performance against the industry’s best, worst, and average results. This information is intended to help drive continual industry-wide improvement, especially as technologies advance and evolve.