David Lounsbury, Chief Technology Officer of The Open Group agreed, adding that “technology buyers across the globe need assurance the products they source come from trusted technology suppliers and providers who have met set criteria for securing their supply chains.”
And while there are other standards affecting certain segments of the supply chain industry—including IPC standards for the electronics industry which are accredited by the American National Standards Institute (ANSI) and PPAP standards for production part approval—the O-TTPS standard benefits a host of players in the industry.
“The uniqueness of this standard is its approach to identify best practices which serve the multiple players in the industry,” said Conway. “Suppliers, providers, integrators and acquirers will all benefit from knowledge and implementation of these practices which span the product lifecycle and supply chain stages of technology design, planning and ordering, sourcing, build, quality, delivery, sustainment and disposal/end of life management. Differentiation can be made based on understanding the degree to which we ourselves and our supply chains are implementing these best practices.”
The tainted and counterfeit risks identified in the standard pose significant threat to organizations because altered or non-genuine products introduce the possibility of untracked, malicious behavior or poor performance. Both product risks can damage customers and suppliers resulting in failed products, revenue and brand equity loss and disclosure of intellectual property.
“We have spoken with numerous government organizations and industry groups around the world and the reality of malware and substituted technology—which is the heart of the risk of tainted product —is something that everyone is concerned about,” confirmed Conway. “Governments are looking at nation-state concerns and are seeking to offer procurement guidance for ICT. Individual enterprises and industry sectors are equally concerned and often address concerns on an ad hoc rather than comprehensive way. A set of limited and integrated international standards will avoid balkanized ad hoc efforts by acquirers of ICT.”
“We wanted to issue a preview of the standard so we could show governments and organizations around the world that this standard can raise the bar for protecting against tainted and counterfeit products throughout the global supply chain,” Long added.
“One of the main drivers pushing the adoption for this standard is the global nature of technology,” Long continued. “Asking such large companies like IBM, Microsoft, HP and Oracle that they follow best practices is one thing. But because these threats are global, all governments and large commercial customers could benefit from taking an interest in this standard and encouraging all their suppliers to follow suit as well. Market adoption is being driven by the need for security throughout the entire global supply chain.”
One evident factor of this need for supply chain security is through the National Strategy for Global Supply Chain Security, initiated in January 2012 and released by the Department of Homeland Security, which focuses on two goals: “to promote the efficient and secure movement of goods; and foster a global supply chain system that is prepared for and can withstand evolving threats and hazards and recover rapidly from disruptions.”
“The global system relies upon an interconnected Web of transportation infrastructure and pathways, information technology, and cyber and energy networks,” said Janet Napolitano, Secretary, Department of Homeland Security. “While these interdependencies promote economic activity they also serve to propagate risk across a wide geographic area or industry that arises from a local or regional disruption.”
The O-TTPS Snapshot has been shaped by the following organizations: Apex Assurance, atsec Information Security, Boeing, Booz Allen Hamilton, CA Technologies, Carnegie Mellon SEI, Cisco, EMC, Fraunhofer SIT, Hewlett-Packard, IBM, IDA, Juniper Networks, Kingdee, Lockheed Martin, Microsoft, MITRE, Motorola Solutions, NASA, Oracle, Office of the Under Secretary of Defense for Acquisition, Technology and Logistics (OUSD AT&L), SAIC, Tata Consultancy Services, and the U.S. Department of Defense/CIO.