search menu icon-carat-right cmu-wordmark

Finding a Vendor You Can Trust in the Global Marketplace

July 2013 White Paper
Art Conklin, Dan Shoemaker (University of Detroit Mercy)

In this paper, the authors introduce the concept of standardized third-party certification of supplier process capability.

Publisher:

CERT

Abstract

 

This article introduces the concept of standardized third-party certification of supplier process capability. It is based on the principle that capable suppliers provide capable products. At a time when security concerns are preeminent, it should be clear that purchasing software from unknown or unvetted suppliers is a risky proposition, and the trend toward global outsourcing only exacerbates the problem. Yet businesses lose competitive advantage if they deal only with local suppliers. The approach outlined here allows acquirers to trust even previously unknown suppliers if those suppliers have undergone third-party assessment of the security capability of their processes. It allows acquisition officers to deal with a much wider range of suppliers and increases the competitive pressure necessary to ensure cost-efficient products.