Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

IT supply-chain security standard aims to prevent counterfeits, tampering

Standard lays out best practices in design, sourcing, building and fulfillment

Article comments

The danger of counterfeit and tampered IT products is well known, and to fight it, the Open Group has published a technical security standard aimed at supply-chain safety. It's anticipated that by year-end there will also be an official process under way for accreditation so technology suppliers can prove adherence to the standard, according to some involved, which include IBM and Cisco.

The Open Group's Trusted Technology Forum (OTTF) has published the standard, called the "Open Trusted Technology Provider Standard (O-TTPS)," as a 32-page document available on the Open Group website. It's described as "a set of guidelines, requirements and recommendations that, when practically applied, create a business benefit in terms of reduced risk of acquiring maliciously tainted or counterfeit products for the technology acquirer."

It seeks to lay out best practices in design, sourcing, building, fulfillment and other facets of supply chain distribution, including for integrators. It addresses the huge concern that fake or tampered electronics, hardware and software is being sold, a concern that has been voiced specifically by the U.S. government and the Department of Defense in particular.

Andras Szakal, vice president and chief technology officer at IBM, is chair of OTTF, and Edna Conway, chief security officer, global value chain, at Cisco, serves as its vice chair.

While neither would discuss specifics about how the Open Group's new supply-chain safety standard might be adopted at IBM and Cisco, they underscored the importance ascribed to it. They indicated a formal accreditation process is being formulated at Open Group in which technology suppliers in the future would be able to demonstrate adherence to O-TTPS.

"The focus is on conformance criteria to the standard and the structure of an accreditation program," said Szakal, adding the goal is to have a formal independent accreditation process in place towards the end of the year.

O-TTPS is intended to assure satisfactory security controls are in place for both logical and physical security for a trusted supplier, even down to how open-source components are used in information security and how you mitigate malware, Szakal says.

In addition to IBM and Cisco, high-tech firms and government agencies contributing to it include Juniper, Raytheon, CA Technologies, HP, Microsoft, Booz-Allen Hamilton, Huawei, EMC, Qualys, LynuxWorks, Boeing, the National Security Agency, the U.S. Department of Defense and NASA.

Conway pointed out that this public-private partnership for the standard was accomplished to address concerns that have been raised about the safety of the supply chain, as Department of Homeland Security Secretary Janet Napolitano emphasised over a year ago in her talk at the global economics conference in Davos, Switzerland.

The Open Group was seen as a good technical forum to develop a supply-chain safety standard because its membership extends to over 90 countries, says Sally Long, director of the Open Group Trusted Technology Forum (OTTF). While there's no specific date yet set to announce how the conformance testing and accreditation process for the Open Group standard will be carried out, the standard's backers are urging their IT industry supply-chain partners of all stripes to become familiar with the concepts in the document as adherence to it is expected to grow in importance as time goes on.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *