Have Supply Chain Information Readily at Hand
Customers also want to know whether products conform to quality and risk management standards, such as those published by the National Institute of Standards and Technology (NIST) and International Standards Organization, as well as any applicable local, state and federal laws.
Given that CDW is secure supply chain certified, we maintain a certain level of capability compliances. That translates to transparency with our partners and customers. Our customers are offered the option of auditing us as well.
We collaborate with our partners to get that level of transparency. We require partners to maintain information about their products even before we begin to recommend products to our customers — there is an expectation partners will ensure their products meet certain criteria, comply with applicable regulations and have all of the supporting documentation.
As we start to get products out to our federal customers, who typically ask for supply chain documentation, we can give them a very straightforward answer: “Yes, we have that information you want; we require that from all the partners.”
New Recommendations and Programs Guide Agencies to Increased Security
Lately we’ve been getting questions about whether products are made in America. Federal agencies are required to buy only products made in the U.S. or in any of the 100-plus Trade Agreements Act-designated countries.
Most technology components are made on other continents, and the U.S.-based part of the industry is trying to catch up on governance in that area. While that process continues, we don’t wait for our customers to ask about the product; we are more proactive on their behalf. We’re the forward thinkers who manage potential risk on their behalf.
However, there is only so much a company like ours can do in terms of driving governance on a national level. We’re seeing more assistance from the government through executive orders and regulations that drive supply chain governance.
The Information and Communications Technology (ICT) Supply Chain Risk Management Task Force organized by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently released a report outlining nearly 200 specific threats across nine categories, including counterfeit parts, cybersecurity, insider threats and inherited risk; the report also comes with interim recommendations for future action.
In addition, the General Services Administration and the Defense Logistics Agency teamed up for the first Federal Supply Class review in nearly 50 years. Each of the government’s 600 FSCs classifies more than 7 million items into like categories. The agencies are working together to solve supply chain challenges including fraud, cybersecurity and troublesome shipment routes (especially critical for the military).
Between the additional concern from our customers, industry efforts to address supply chain risks and these actions from the federal government, an agency looking to shop safely for new technology should find its procurement path less troublesome and more secure.