Driving Security Through the Supply Chain

Intel’s Supply Chain Risk Management (SCRM) program and award-winning supply chain practices provide assurance to customers, complement our product security capabilities, and are a critical component of Compute Lifecycle Assurance.

Intel’s SCRM program is aligned to industry-recognized frameworks such as those published by the U.S. National Institute of Standards and Technology (NIST) and International Organization for Standardization (ISO).

Elements of Intel’s SCRM include:

• Use of top-tier suppliers, OEMs, and authorized distributors
• Certifications and standards conformance
• Standardized operating procedures
• Industry recognized continuous supplier quality management program

Examples of how Intel practices SCRM include the following:

• After strategically identifying top-tier suppliers, security posture is monitored throughout the supplier lifecycle, from request for information (RFI) and selection, to end of life.
• Security expectations are established in supplier contracts, reinforced through required trainings and recurring assessments.
• Critical vendors are required to maintain applicable certifications and attestations such as:
• ISO 9001:2015, ISO 27001
• U.S. Customs Trade Partnership Against Terrorism (C-TPAT)
• Transported Asset Protection Association (TAPA)
• Our long-standing Supplier Quality Improvement program (EPIC) builds strong supplier relationships, best-in-class performance, and helps ensure security expectations are met through quarterly report cards, Quality Audits and award incentives.
• Cybersecurity-specific SCRM practices include:
• On-site and remote Information Security audits by qualified Intel and third-party auditors
• Continuous monitoring of supplier-provided software applications for security compliance
• Real-time continuous cybersecurity monitoring through a third-party platform
• Assessment of supplier business continuity & recovery plans, including cyberattack readiness