Chapter 2. Supply Chain Frameworks and Standards

Supply chain frameworks are supporting structures for supply chain management systems. These frameworks, combined with supply chain standards created by standards bodies, focus on evaluating the risk introduced by organizations and their third parties in the overall supply chain. In Chapter 1, I provided a high-level summary of the supply chain security topics covered in various worldwide laws, regulations, and guidelines. In this chapter, I describe various risk management and supply chain frameworks and standards that an organization can use to meet the requirements established by governments and customers. Although specific vendors are not mentioned in this book, you can also evaluate several commercial risk assessment tools that use a framework approach, and these may target general supply chains or specific industries (e.g., energy or healthcare).

In order to discuss supply chain frameworks and standards, I will first provide an overview of risk management frameworks most used for technologies and software supply chains. By understanding risk management itself, you will then have the foundation, as shown in Figure 2-1, for the supply chain frameworks and standards that usually fit within an overall risk management framework.

Figure 2-1. Supply chain risk management

The NIST IR 8286 series (“Integrating Cybersecurity and Enterprise ...