Supply Chain Council of European Union |

Consultation on Security Requirements for the Supply Chain of Information Technology Products

On 27 July 2020 the National Information Security Standardisation Technical Committee published the Information Security Technology – Security Requirements for the Supply Chain of Information Technology Products (Draft for Comment) for public consultation.(1) The consultation period ended on 26 September 2020.

The requirements, as a recommended national standard, will apply to the security management activities of the IT product supply chain for government information systems and critical information infrastructure. They will also provide a reference for the supply chain security management activities of other information systems.

According to the draft requirements, IT product suppliers should, among other things:

  • undertake a supply chain security risk assessment;
  • develop a traceability strategy for purchased IT products and components, recording and retaining such information as the origin and original supplier of the IT products and components; and
  • establish and implement a safety development process for IT products, clarifying development management requirements, safety control measures and personnel codes of conduct, among other things.

Further, customers should, among other things:

  • establish and maintain a catalogue of qualified suppliers; and
  • regularly assess the risk of:
    • IT product supply being interrupted;
    • authorisation being suspended; and
    • product upgrades or technical support services being refused.


(1) Further information is available here.

Related posts

VeChain And Avery Dennison Intelligent Labels Showcase The Joint Blockchain Enabled Food Supply Chain Solution on IOTE 2020


Supply chain faces speed bumps in 2020


Dr. Reddy’s Selects Kinaxis to Transform Supply Chain and Business Operations