SCS 9001: The First Global Cybersecurity and Supply Chain Security Standard
With sophisticated supply chain cyber attacks on the rise, SCS 9001 addresses the urgent need for an information and communications technology (ICT) specific standard for global supply chain security.
SCS 9001 is more than just a standard, it is a complete cybersecurity and supply chain security management system that verifies trusted ICT providers and suppliers for businesses, governments and consumers.
Developed by TIA QuEST Forum's Supply Chain Security Working Group, the standard provides guidance for key components of supply chain security:
- Secure software development
- Validation methods for ensuring software ID and source traceability
- Product security
- Governmental requirements on source of origin and transparency of internal controls
WHY SCS 9001?
Security is not a product, it's a process. SCS 9001 is a process-based standard, built on top of a quality management system (QMS). Companies benefit from assured consistent security across all products and services by using SCS 9001 certified suppliers.
Comprehensive: SCS 9001 was developed to address the critical gaps in the ICT standards community. SCS 9001 will ensure trust can be verified by covering 10 security domains with 55 controls, and 7 additional processes with requirements which include sBOM, Zero Trust Architecture, Supplier Trust Principles, Incident Management and Response, and more.
Verifiable: The SCS 9001 certification guarantees that suppliers have an appropriate management system in place that has been systematically audited by an independent and accredited SCS 9001 certification body.
ALIGNMENT WITH OTHER STANDARDS AND REGULATIONS
SCS 9001 is built upon standards and protocols already available. We have included many of the components in other standards, but SCS 9001 also contains several new and unique components that are not found in other standards.
Furthermore, as the US Government and global governments are becoming more prescriptive in terms of cybersecurity and supply chain security SCS 9001 will help ICT organizations stay compliant to the increasing set of regulations.
Visit our Technical Bulletins Library for more information.
SCS 9001: The First ICT-Specific Global Cybersecurity and Supply Chain Security Standard
With sophisticated supply chain cyberattacks on the rise, SCS 9001 is positioned to address the urgent need for an ICT-specific standard for global supply chain security. This new process-based standard is measurable and offers an independent certification program to verify trusted ICT solutions and suppliers for businesses, governments and consumers.
Get involved with SCS 9001
Interested in joining our Supply Chain Security Working Group? Join leaders from global service providers, equipment suppliers, software providers and consultants to evolve SCS 9001 to meet the ever changing cybersecurity and supply chain risk management (SCRM) landscape.