Supply chain security is a growing concern for federal agencies and the government contractors they work with. But how are companies proving that their supply chains are actually secure? DTS CEO and President Ed Tuorinsky answers this and other questions in a new video interview with Executive Mosaic.
“A lot of companies are going out and getting third party certifications. That really helps if you’re going to an ISO standard,” Tuorinsky said in conversation with Executive Mosaic’s video reporter Summer Myatt.
There are also state and federal standards that software companies can meet to prove their supply chain security. FedRAMP ensures that companies are meeting federal requirements, and StateRAMP is for ensuring supply chain security at the state level. Tuorinsky said FedRAMP and StateRAMP approval is currently the “gold standard” for supply chain security.
Other certifications companies could have to prove their security include International Organization for Standardization, or ISO, certifications and International Traffic in Arms Regulation, or ITAR, certifications.
“These are third parties that come in and verify that they’re actually following the controls as part of that program. So that’s a really great place to start,” Tuorinsky said.
Another thing companies can do to ensure the supply chain security of their vendors and partners is to take a look at their system security plans. Tuorinsky noted that a non-disclosure agreement may be required to pursue this method, but it can be a great way to make sure the company you’re doing business with has the proper software security, physical security and cybersecurity controls in place.
How else can companies ensure supply chain security? Watch Ed Tuorinsky’s video interview for more insights.