Software Supply Chain Security Evaluation
Please complete this form to help us assess your organization's software supply chain security practices.
Organization Name
*
Contact Person (Full Name)
*
First Name
Last Name
Contact Email Address
*
example@example.com
Which of the following best describes your organization's primary role in the software supply chain?
*
Software Producer
Software Integrator
Software Consumer
Managed Service Provider
Other
Does your organization maintain an up-to-date inventory (SBOM) of all software components, dependencies, and vendors?
*
Yes, for all products
Yes, for critical products only
No, not yet
Please rate the maturity of your organization's supply chain risk management practices.
*
Not Established
1
2
3
4
Fully Mature
5
1 is Not Established, 5 is Fully Mature
Supply Chain Security Practices Assessment
*
Rows
Not Implemented
Partially Implemented
Fully Implemented
Supplier due diligence and vetting
1
2
3
Verification of software provenance
4
5
6
Vulnerability management for third-party software
7
8
9
Secure software development lifecycle (SDLC)
10
11
12
Incident response planning for supply chain attacks
13
14
15
Does your organization require suppliers to comply with any recognized security standards?
ISO/IEC 27001
NIST SP 800-161
SOC 2
Other (please specify)
How does your organization verify the authenticity and integrity of software components received from suppliers?
*
How frequently does your organization review and update supply chain security policies?
*
Please Select
Annually
Bi-annually
Quarterly
On-demand
Please provide any additional comments or details about your organization's software supply chain security approach.
Submit Evaluation
Should be Empty: