Source : Procurement Leaders
A trade group has published a draft for a proposed global IT supply chain security standard.
The Open Group, an organisation dedicated to the development of a global supply chain integrity programme and framework in order to provide buyers of IT products with a choice of accredited technology partners and vendor, has published the Open Trusted Technology Provider Standard (O-TTPS) Snapshot, describing it as a "preview" of what is intended to become the first standard developed by The Open Group Trusted Technology Forum (OTTF).
Geared toward global providers and acquirers of Commercial Off-the-Shelf (COTS) Information and Communication Technology (ICT) products, the draft aims to offer an open standard for organisational best practices that enhance the security of the global supply chains. It is also intended to help assure the integrity of COTS ICT products worldwide.
“The Snapshot enables participants across the COTS ICT supply chain to understand the value in adopting best practice requirements and recommendations. It also provides an early look at the standard so providers, suppliers and integrators can begin planning how to implement the standard in their organisations, and so customers, including government acquirers, can differentiate those providers who adopt the standard’s practices,” Open Group said in a statement.
"With the increasing threats posed by cyberattacks worldwide, technology buyers at large enterprises and government agencies across the globe need assurance the products they source come from trusted technology suppliers and providers who have met set criteria for securing their supply chains," said David Lounsbury, chief technology officer, The Open Group.
"Standards such as O-TTPS will have a significant impact on how organisations procure COTS ICT products over the next few years and how business is done across the global supply chain."
Based on the draft, Version 1.0 of the standard is expected to be published in late 2012. An accreditation programme is planned to help provide assurance that Trusted Technology Providers conform to the standard.