TIA’s New SCS 9001™ 2.0 Supply Chain Security Management System Helps Improve Global Organizations’ Security Posture

Arlington, VA (November 28, 2023) – The Telecommunications Industry Association—the trusted industry association for the connected world— today announced the release of SCS 9001™ 2.0 Supply Chain Security Management System. SCS 9001 Release 2.0 is a certifiable standard designed to help organizations operationalize the National Institution of Standards and Technology (NIST) and other government guidelines and frameworks. The SCS 9001 2.0 standard builds on its predecessor by providing a more comprehensive global cybersecurity and supply chain security standard that is adaptable to any type of communications network across all industries and sectors. It is smartly designed to adhere to the evolving Information and Communications Technology (ICT) market, increased government legislation and growing industry initiatives.

“Cyber and Supply Chain Security are complex issues and there is nothing more important than designing processes that help ensure the solution is secure,” said Dave Stehlin, CEO at TIA. “The processes that an organization uses to develop a product, solution or service must ensure security is built into the design and SCS 9001 does just that. Technology is advancing rapidly, and TIA is releasing SCS 9001 2.0 less than two years after our initial version of the standard to capture the expanding needs of the broad ICT industry.”

Through the work of TIA’s QuEST Forum Supply Chain Security Working Group and its subcommittees of dedicated industry technology and security experts, the SCS 9001 Release 2.0 has been updated to provide:

• Enhanced coverage for the origin of products, traceability of components, and the authenticity of provenance
• Expanded coverage for global supply chain procurement, shipping and logistic policies and procedures
• Improved support for government policy and legislative requirements
• Updated mapping controls to other global standards and publications

“Contemporary standards focus on improving operational cybersecurity whereas SCS 9001 addresses many of those aspects but distinguishes itself by enhancing assurance of a network operator and vendor’s supply chain practices,” said Mike Regan, Vice President, Business Performance at TIA. “SCS 9001 is a comprehensive global cybersecurity standard that is network, technology and device agnostic. SCS 9001 2.0 builds on the prior version with enhanced capabilities and support and we look forward to working with organizations around the world to leverage it to improve their cybersecurity posture.”

With the steep rise in cyberattacks, governments and regulators around the world are becoming more prescriptive in their cybersecurity requirements for organizations, especially when it comes to protecting critical network infrastructure. As an example, the National Telecommunications and Information Administration (NTIA) recently adopted a measure that includes new cybersecurity and supply chain risk management (SCRM) requirements for the U.S. Department of Commerce’s $42.5 billion Broadband Equity Access and Deployment (BEAD) program rules. Internationally, Costa Rica became the first government in Latin America to mandate that vendors certify to the TIA SCS 9001 standard following a disruptive attack on its critical network infrastructure in 2022.

TIA has published a white paper highlighting the factors contributing to the increase in cyberattacks and how its SCS 9001 standard can help protect against bad actors that can disrupt business continuity, damage reputations and threaten national security.

A key differentiator of SCS 9001 2.0 is how organizations can verify that their products meet the security requirements with an independent audit and certification program. Information on accredited audit and certification organizations for SCS 9001 2.0 can be found here.

TIA will provide updated training including both on-demand and instructor-led options. The training courses are designed to introduce the standard, provide guidance on implementation and the certification process.

Stakeholders may include but are not limited to subject matter experts from: network operators and service providers, data center and cloud providers, equipment and device manufacturers and suppliers, information security officers, designers, integrators, consultants and retailers.

Because SCS 9001 2.0 helps operationalize NIST and other government programs, it is applicable to several U.S. Department of Commerce and FCC initiatives currently underway such as the BEAD program.

For questions or more information about SCS 9001 and how to participate in the supply chain work group, contact supplychainsecurity@tiaonline.org.

To learn more about SCS 9001, CLICK HERE

To purchase the SCS 9001^TM R2.0 standard, CLICK HERE