3.4 Evaluate Supply Chain Risk Management Process

3.4 – Evaluate Supply Chain Risk Management Process

Requirement Description

Supply chain risk identification, assessment, prioritization, and mitigation shall be conducted. The vendor must provide risk management documentation, including business continuity planning policies, supply chain disruption playbooks, and post-incident summaries (if any).

---

DUT Confirmation Details

(To be provided by the vendor/OEM)

• Device Name: [Insert Device Name]

• Model Number: [Insert Model Number]

• Manufacturer: [Insert Manufacturer Name]

---

DUT Software Details

• Firmware Version: [Insert Version]

• Operating System/Platform: [e.g., Embedded Linux, FreeRTOS]

• Software Build Number/Date: [Insert Details]

---

Hash Checksum Verification for DUT’s Software Image

• Hashing Algorithm Used: SHA-256

• Software Image Checksum: [Insert SHA-256 Hash]

• Verification Status: Verified / Not Verified

---

DUT Configuration

• Deployment Mode: [Standalone / Integrated / Gateway]

• Connected Interfaces: [Ethernet / Wi-Fi / Serial / USB]

• Update Mechanism: [OTA / Manual USB / Web-based]

---

Pre-Conditions

The vendor shall provide the following:

• Supply chain risk identification, assessment, prioritization, and mitigation documents.

• Business continuity planning documents addressing supply chain disruptions.

• Playbooks and post-incident summaries demonstrating preparedness and prior response actions, if applicable.

---

Test Plan

• Total Number of Test Cases: 1

• Validation Method: Documentation audit and verification of policies/playbooks in accordance with BIS guidelines.

---

Test-bed Diagram with Interfaces and IPs

(Attach relevant network/test environment diagram if required for validation or demonstration purposes.)