It’s a perilous world in information systems today. Threats can arise from cradle to grave in the IT life cycle. Critical systems can be compromised internally – within firmware and software – or during the logistical processes of IT configuration, deployment, and maintenance. Threats can be maliciously intentional, as with attacks from malware – or result from neglect, as with the lack of transparency and control.
Yet as serious as these risks are, federal users can significantly mitigate them through smart use of a Supply Chain Risk Management (SCRM) model in the IT supply chain.
Effective SCRM is precisely what Dynamic's Q-wrxSM solution is designed to help federal contracting officers and procurement officers achieve. Q-wrx is built upon Dynamic’s ISO-certified quality management system. For each Q-wrx customer, we provide a package of proprietary IT configuration and asset management processes, customized to the organization’s security regulations and quality standards.
Answer the questions below to help you assess your own SCRM effectiveness – and whether you may need the help of a custom set of specialized SCRM processes, like Q-wrx.
Does the supplier match all order requirements against approved customer standards?
Does the supplier confirm receipt and expected deliver date?
Is the order life cycle transparent so that technology hand-offs to our technology team is seamless?
Does the supplier confirm and approve authorized channels for procurement of the product?
Does the supplier confirm that we are receiving current, agreed-upon pricing?
Does the supplier verify that no additional cost savings are available from the OEM?
Does the supplier confirm that the OEM will meet the expected delivery date?
3. Technical Services
When a program requires software imaging and hardware integration, does the supplier documented all requirements and verified through a checklist process that each and every step was taken?
Does the supplier inspect incoming shipments to confirm specifications?
Does the supplier ensure that the system is 100% compliant with our requirements, and that hand-off to our technology team will be seamless?
4. Audit Proofing
Does the supplier document and store, in secured files, all system specifications, asset tag information, and software licensing information?
Does the supplier have all appropriate SOPs, Certificates of Conformance (CoCs), and certified procedures securely documented and retained for future reference?
Does the supplier inspect the product upon receipt and again upon delivery?
Does the supplier comply with our packaging, labeling, and shipping requirements?
Does the supplier provide required traceability on all equipment to ensure seamless receipt into our locations?
Does the supplier provide secure destruction for decommissioned products?
Does the supplier use responsible methods for disposal?
Does the supplier verify compliance with current Department of Defense requirements for disposal?
8. Life Cycle Management
Does the supplier worked with us and OEMs to smooth the transition to the next generation of technology?
Does the supplier communicated technology roadmaps to us? Can the supplier provide inventory support during transition? Does the supplier have a first article validation process?
Strict adherence to these practices helps ensure that our customers in U.S. government (and other regulated environments; see this whitepaper) receive the IT products expected, operating in precisely the ways intended.