Supply chain elements include organizations, entities, or tools employed for the research and development, design, manufacturing, acquisition, delivery, integration, operations and maintenance, and disposal of systems and system components. Supply chain processes include hardware, software, and firmware development processes; shipping and handling procedures; personnel security and physical security programs; configuration management tools, techniques, and measures to maintain provenance; or other programs, processes, or procedures associated with the development, acquisition, maintenance and disposal of systems and system components.

• This control applies to the university Chief Information Security Officer.

• 1

  It is the responsibility of the Chief Information Security Officer to:

  • 1.1

    Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of the university.

  • 1.2

    Establish a process or processes to identify and address weaknesses or deficiencies in the supply chain elements and processes of the university.

  • 1.3

    Document the selected and implemented supply chain processes and controls in the supply chain risk management plan.