TIA Releases Standard on ICT Supply Chain Security
Wednesday, January 26, 2022 | Comments

The Telecommunications Industry Association (TIA) released a supply chain security standard, SCS 9001, which was developed specifically for the information and communications technology (ICT) industry. SCS 9001 is relevant for all ICT industry products, including software, hardware and the services that connect to networks.

The objective of SCS 9001 is to verify end-to-end cyber and physical security across ICT network infrastructure. To accomplish this, SCS 9001 was created as a process-based standard with an independent audit and certification program for suppliers and service providers to verify that critical security controls and processes are in place for their products and solutions. The new standard is unique because it is built around a quality management system (QMS) that operationalizes industry guidelines and best practices, such as ISO 27001, the Prague Proposals, relevant National Institute of Standards and Technology (NIST) standards, and the Center for Strategic and International Studies (CSIS) Criteria for Security and Trust.

“Our global community depends on connectivity and while technology continues to outpace security, we now have a process-based, verifiable standard to significantly mitigate threats to the ICT supply chain,” said TIA CEO David Stehlin. “We thank the members of our industry working group and all those who contributed to this important standard. Two years ago, they set an aggressive timeline to develop this critical new standard to help make our networks more secure and address the global rise in supply chain breaches, and today, we are proud to release SCS 9001.”

SCS 9001 was officially approved for release on December 31 after 20 months of work by TIA’s QuEST Forum Supply Chain Security Working Group and its subcommittees of dedicated industry technology and security experts. The final stages of the development process included an invitation for feedback and comments on the draft standard to more than 90 companies and governments worldwide. This generated nearly 500 different comments that were all reviewed and addressed by the working group.

“Improving the performance of our suppliers by defining outcome-based delivery models has been a key component of building our global communications network,” said Sankaran "Ram" Ramanathan, executive director, network systems, Verizon. “Never more so has this been important with the growing role of software and agile transformation in the network ecosystem. Given the current global landscape and the increased complexity and diversity of the ICT supply chain, a standard like SCS 9001 can help verify which suppliers and manufacturers are building security into their solutions and enhancing trust. Key contributions to this standard came from Verizon India, one of our strategic and innovation hubs.”

The working group identified all the known coverage gaps that existed in the ICT standards landscape and then addressed them by using proven and focused measures, controls and processes that help organizations significantly reduce their risk to cyber infiltrations and attacks.

A key differentiator of SCS 9001 is how organizations can verify that their products meet the industry-approved standard with an independent audit and certification program.

In addition, organizations that leverage SCS 9001 will be provided with anonymized quarterly and annual security benchmark reports to track their organization’s performance against the industry’s best, worst and average results. This data will help drive continual industrywide improvement, especially as technologies advance and evolve.

Would you like to comment on this story? Find our comments system below.



 
 
Post a comment
Name: *
Email: *
Title: *
Comment: *
 

Comments

No Comments Submitted Yet

Be the first by using the form above to submit a comment!


Education





Events
August 2022

7 - 10
APCO Conference and Expo 2022
Anaheim, California
https://www.apco2022.org

More Events >

Site Navigation

Close