Question THRD-05
Do you have a process and implemented procedures for managing your hardware supply chain? (e.g., telecommunications equipment, export licensing, computing devices)
| Weight | 20 |
| High Risk | No |
| Required | No |
| Compliant Answer | Yes |
Standard Guidance
Make sure you address any national or regional regulations.
Answering "NO"
State your plans to create a process and implemented procedures for managing your hardware supply chain.
Answering "YES"
State what countries and/or regions this process is compliant with.
Reason for Question
Understanding a vendor's hardware supply chain can reveal infrastructure risks that may not be apparent by other means. In some cases, the use of trusted components may be favorable. In others, it may initiate the assessment of the vendor's environment in more detail and/or expand the scope of the institution's assessment.
Follow-Up Inquiries
Follow-up inquiries concerning hardware supply chain will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]