It’s a perilous world in information systems today. Threats can arise from cradle to grave in the IT life cycle. Critical systems can be compromised internally – within firmware and software – or during the logistical processes of IT configuration, deployment, and maintenance. Threats can be maliciously intentional, as with attacks from malware – or result from neglect, as with the lack of transparency and control.

Yet as serious as these risks are, federal users can significantly mitigate them through smart use of a Supply Chain Risk Management (SCRM) model in the IT supply chain.

Effective SCRM is precisely what Dynamic’s Q-wrx^SM solution is designed to help federal contracting officers and procurement officers achieve. Q-wrx is built upon Dynamic’s ISO-certified quality management system. For each Q-wrx customer, we provide a package of proprietary IT configuration and asset management processes, customized to the organization’s security regulations and quality standards.

Answer the questions below to help you assess your own SCRM effectiveness – and whether you may need the help of a custom set of specialized SCRM processes, like Q-wrx.

1. Acquisition

• Does the supplier match all order requirements against approved customer standards?
• Does the supplier confirm receipt and expected deliver date?
• Is the order life cycle transparent so that technology hand-offs to our technology team is seamless?
• Does the supplier confirm and approve authorized channels for procurement of the product?
• Does the supplier confirm that we are receiving current, agreed-upon pricing?
• Does the supplier verify that no additional cost savings are available from the OEM?
• Does the supplier confirm that the OEM will meet the expected delivery date?

3. Technical Services

• When a program requires software imaging and hardware integration, does the supplier documented all requirements and verified through a checklist process that each and every step was taken?
• Does the supplier inspect incoming shipments to confirm specifications?
• Does the supplier ensure that the system is 100% compliant with our requirements, and that hand-off to our technology team will be seamless?

4. Audit Proofing

• Does the supplier document and store, in secured files, all system specifications, asset tag information, and software licensing information?
• Does the supplier have all appropriate SOPs, Certificates of Conformance (CoCs), and certified procedures securely documented and retained for future reference?

6. Logistics

• Does the supplier inspect the product upon receipt and again upon delivery?
• Does the supplier comply with our packaging, labeling, and shipping requirements?
• Does the supplier provide required traceability on all equipment to ensure seamless receipt into our locations?

7. Disposal

• Does the supplier provide secure destruction for decommissioned products?
• Does the supplier use responsible methods for disposal?
• Does the supplier verify compliance with current Department of Defense requirements for disposal?

8. Life Cycle Management

• Does the supplier worked with us and OEMs to smooth the transition to the next generation of technology?
• Does the supplier communicated technology roadmaps to us? Can the supplier provide inventory support during transition? Does the supplier have a first article validation process?

Strict adherence to these practices helps ensure that our customers in U.S. government (and other regulated environments; see this whitepaper) receive the IT products expected, operating in precisely the ways intended.