ABSTRACT
This chapter describes the importance of a formal, comprehensive, standards-based definition of the activities and tasks for the three common communities of practice in a supply chain. These communities are malware, counterfeits, and defects. The chapter presents the working understanding of the three communities of practice that must be considered when developing a defense-in-breadth-and-depth solution. It focuses on the means of developing a standardized range of jointly agreeable controls that can be deployed to facilitate effective risk management among the communities of practice involved in the supply chain risk management (SCRM) process. Process standardization is important because commonly understood and well-defined processes are critical to the overall assurance of trust. Products and services are obtained from a supplier or group of suppliers; consequently, the customer/supplier relationship has become one of the most integral and fundamental routine building blocks of any information technology operation.
