3.4 Evaluate Supply Chain Risk Management Process
3.4 – Evaluate Supply Chain Risk Management Process
Requirement Description
Supply chain risk identification, assessment, prioritization, and mitigation shall be conducted. The vendor must provide risk management documentation, including business continuity planning policies, supply chain disruption playbooks, and post-incident summaries (if any).
DUT Confirmation Details
(To be provided by the vendor/OEM)
Device Name: [Insert Device Name]
Model Number: [Insert Model Number]
Manufacturer: [Insert Manufacturer Name]
DUT Software Details
Firmware Version: [Insert Version]
Operating System/Platform: [e.g., Embedded Linux, FreeRTOS]
Software Build Number/Date: [Insert Details]
Hash Checksum Verification for DUT’s Software Image
Hashing Algorithm Used: SHA-256
Software Image Checksum: [Insert SHA-256 Hash]
Verification Status: Verified / Not Verified
DUT Configuration
Deployment Mode: [Standalone / Integrated / Gateway]
Connected Interfaces: [Ethernet / Wi-Fi / Serial / USB]
Update Mechanism: [OTA / Manual USB / Web-based]
Pre-Conditions
The vendor shall provide the following:
Supply chain risk identification, assessment, prioritization, and mitigation documents.
Business continuity planning documents addressing supply chain disruptions.
Playbooks and post-incident summaries demonstrating preparedness and prior response actions, if applicable.
Test Plan
Total Number of Test Cases: 1
Validation Method: Documentation audit and verification of policies/playbooks in accordance with BIS guidelines.
Test-bed Diagram with Interfaces and IPs
(Attach relevant network/test environment diagram if required for validation or demonstration purposes.)
Last updated
Was this helpful?