The ISA launched its first supply chain program in 2005, in conjunction with ISA Founding Partner Carnegie Mellon University.
Since then, ISA has released a series of reports on managing the IT supply chain for security purposes with ever greater specificity.
In 2007, ISA released its report with Carnegie Mellon on the nature of the problem and the need to appreciate it from not just its technical, but enterprise, perspectives.
In 2008, in conjunction with Scott Borg of the U.S. Cyber Consequences Unit, ISA released its first supply chain framework document, which was subsequently cited in President Obama’s signature document on cyber security: “The Cyberspace Policy Review” (2009).
In 2010 and 2011, ISA held a series of nationwide workshops attempting to create a clear, specific and detailed set of instructions for managing the IT supply chain in a secure, but economic, fashion. The document was drawn from the expertise of more than 70 private and government entities and crafted by Mr. Borg and is available on the ISA website.
To view or download this document, please click here.