Risk Assessment Questions for Federal IT
It’s a perilous world in information systems today. Threats can arise from cradle to grave in the IT life cycle. Critical systems can be compromised internally – within firmware and software – or during the logistical processes of IT configuration, deployment, and maintenance. Threats can be maliciously intentional, as with attacks from malware – or result from neglect, as with the lack of transparency and control.
Yet as serious as these risks are, federal users can significantly mitigate them through smart use of a Supply Chain Risk Management (SCRM) model in the IT supply chain.
Effective SCRM is precisely what Dynamic’s Q-wrxSM solution is designed to help federal contracting officers and procurement officers achieve. Q-wrx is built upon Dynamic’s ISO-certified quality management system. For each Q-wrx customer, we provide a package of proprietary IT configuration and asset management processes, customized to the organization’s security regulations and quality standards.
Answer the questions below to help you assess your own SCRM effectiveness – and whether you may need the help of a custom set of specialized SCRM processes, like Q-wrx.
- Does the supplier match all order requirements against approved customer standards?
- Does the supplier confirm receipt and expected deliver date?
- Is the order life cycle transparent so that technology hand-offs to our technology team is seamless?
- Does the supplier confirm and approve authorized channels for procurement of the product?
- Does the supplier confirm that we are receiving current, agreed-upon pricing?
- Does the supplier verify that no additional cost savings are available from the OEM?
- Does the supplier confirm that the OEM will meet the expected delivery date?
3. Technical Services
- When a program requires software imaging and hardware integration, does the supplier documented all requirements and verified through a checklist process that each and every step was taken?
- Does the supplier inspect incoming shipments to confirm specifications?
- Does the supplier ensure that the system is 100% compliant with our requirements, and that hand-off to our technology team will be seamless?
4. Audit Proofing
- Does the supplier document and store, in secured files, all system specifications, asset tag information, and software licensing information?
- Does the supplier have all appropriate SOPs, Certificates of Conformance (CoCs), and certified procedures securely documented and retained for future reference?
- Does the supplier inspect the product upon receipt and again upon delivery?
- Does the supplier comply with our packaging, labeling, and shipping requirements?
- Does the supplier provide required traceability on all equipment to ensure seamless receipt into our locations?
- Does the supplier provide secure destruction for decommissioned products?
- Does the supplier use responsible methods for disposal?
- Does the supplier verify compliance with current Department of Defense requirements for disposal?
8. Life Cycle Management
- Does the supplier worked with us and OEMs to smooth the transition to the next generation of technology?
- Does the supplier communicated technology roadmaps to us? Can the supplier provide inventory support during transition? Does the supplier have a first article validation process?
Strict adherence to these practices helps ensure that our customers in U.S. government (and other regulated environments; see this whitepaper) receive the IT products expected, operating in precisely the ways intended.