Driving Security Through the Supply Chain
Intel’s Supply Chain Risk Management (SCRM) program and award-winning supply chain practices provide assurance to customers, complement our product security capabilities, and are a critical component of Compute Lifecycle Assurance.
Intel’s SCRM program is aligned to industry-recognized frameworks such as those published by the U.S. National Institute of Standards and Technology (NIST) and International Organization for Standardization (ISO).
Elements of Intel’s SCRM include:
- Use of top-tier suppliers, OEMs, and authorized distributors
- Certifications and standards conformance
- Standardized operating procedures
- Industry recognized continuous supplier quality management program
Examples of how Intel practices SCRM include the following:
- After strategically identifying top-tier suppliers, security posture is monitored throughout the supplier lifecycle, from request for information (RFI) and selection, to end of life.
- Security expectations are established in supplier contracts, reinforced through required trainings and recurring assessments.
- Critical vendors are required to maintain applicable certifications and attestations such as:
- ISO 9001:2015, ISO 27001
- U.S. Customs Trade Partnership Against Terrorism (C-TPAT)
- Transported Asset Protection Association (TAPA)
- Our long-standing Supplier Quality Improvement program (EPIC) builds strong supplier relationships, best-in-class performance, and helps ensure security expectations are met through quarterly report cards, Quality Audits and award incentives.
- Cybersecurity-specific SCRM practices include:
- On-site and remote Information Security audits by qualified Intel and third-party auditors
- Continuous monitoring of supplier-provided software applications for security compliance
- Real-time continuous cybersecurity monitoring through a third-party platform
- Assessment of supplier business continuity & recovery plans, including cyberattack readiness