The Telecommunications Industry Association (TIA) has released a modernized version of its Supply Chain Security (SCS) Management System.
Release SCS 9001 2.0 is a “certifiable standard” designed to help organizations “operationalize” the National Institution of Standards and Technology (NIST) and other government guidelines and frameworks, the trade association said.
According to the TIA, version 2.0 of the supply chain security system adds to the earlier release in that it provides a more "comprehensive global cybersecurity and supply chain security standard" adaptable to any type of communications network across all industries and sectors.
In addition, it is designed to adhere to the evolving Information and Communications Technology (ICT) market, increased government legislation and growing industry initiatives.
What's New and Different
SCS 9001 Release 2.0 has been updated to provide:
- Enhanced coverage for the origin of products, traceability of components, and the authenticity of provenance
- Expanded coverage for global supply chain procurement, shipping and logistic policies and procedures
- Improved support for government policy and legislative requirements
- Updated mapping controls to other global standards and publications
Explaining the impact and intent of its SCS system, Dave Stehlin, TIA chief executive, said, "Cyber and supply chain security are complex issues and there is nothing more important than designing processes that help ensure the solution is secure. The processes that an organization uses to develop a product, solution or service must ensure security is built into the design and SCS 9001 does just that. Technology is advancing rapidly, and TIA is releasing SCS 9001 2.0 less than two years after our initial version of the standard to capture the expanding needs of the broad ICT industry."
A key differentiator of SCS 9001 2.0 is how organizations can verify that their products meet the security requirements with an independent audit and certification program.
"Contemporary standards focus on improving operational cybersecurity whereas SCS 9001 addresses many of those aspects but distinguishes itself by enhancing assurance of a network operator and vendor's supply chain practices," said Mike Regan, TIA business performance vice president. "SCS 9001 is a comprehensive global cybersecurity standard that is network, technology and device agnostic."
TIA said it will provide updated training including both on-demand and instructor-led options.
Stakeholders may include but are not limited to subject matter experts from network operators and service providers, data center and cloud providers, equipment and device manufacturers and suppliers, information security officers, designers, integrators, consultants and retailers.