Supply-Chain Risk Management (SCRM) Plan
Many government agencies are now requiring contractors to submit a Supply-Chain Risk Management (SCRM) Plan Template with their proposal or as one of a project's early phase deliverables.
Due to the growing sophistication and complexity and the globalization of information and communications technology (ICT) supply chains, federal agency information systems are increasingly at risk of compromise. ICT supply chain risks may include insertion of counterfeits, unauthorized production, tampering, theft, insertion of malicious software, as well as poor manufacturing and development practices in the ICT supply chain.
These risks are associated with the federal agency’s decreased visibility into, and understanding of, how the technology that they acquire is developed, integrated, and deployed, as well as the processes, procedures, and practices used to assure the integrity, security, resilience, and quality of the products and services.
Currently, federal agencies, and many private sector integrators and suppliers use varied and nonstandard practices, which makes it difficult to consistently measure and manage ICT supply chain risks across different organizations. ICT Supply Chain Risk Management (SCRM) is the process of identifying, assessing, and mitigating the risks associated with the global and distributed nature of ICT product and service supply chains.