A supply chain is a sequence of suppliers involved in delivering some product.
A good resource to help integrate supply chain risk into your risk management program is NIST SP 800-161, “Supply Chain Risk Management Practices for Federal Information Systems and Organizations.”
Upstream and Downstream Suppliers
Suppliers are “upstream” from your company if they supply materials, goods, or services to your company and your company uses those in turn to provide whatever it is that it supplies to others.
your company may be upstream from others in the same supply chain. These would be your company’s downstream suppliers.
剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:1.14 供应链风险管理