White Papers
Copyright © 2019 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries
2. Supply Chain Security
a. Physical (factory/manufacturing) – factories where Dell products are built must meet specified
Transported Asset Protection Association (TAPA) facility security requirements. Dell also maintains
certification with the United States Customs and Border Patrol’s Customs-Trade Partnership Against
Terrorist (C-TPAT).
b. Personnel – Dell policy requires employees throughout the supply chain, including those at contract
suppliers, to go through a pre-employment suitability screening process.
c. Information – Dell collects and uses sensitive information about products, solutions, customers,
suppliers and partners throughout the supply chain lifecycle. Dell uses numerous measures to guard
this sensitive information against exposure and exploitation.
3. Supply Chain Integrity
Dell has developed baseline specifications that are securely preserved and later used as a reference
to verify that no unauthorized modifications have been made to hardware or software. The goal is to
ensure that the products received by customers are the products customers expected and will operate
as intended.
For hardware, this includes processes to minimize the opportunity for counterfeit components to
infiltrate our supply chain. For software, Industry software engineering best practices include security
throughout the development process for any code, including operating systems, applications, firmware,
and device drivers. Dell reduces opportunities for the exploitation of software security flaws by
incorporating Secure Development Lifecycle (SDL) measures throughout the development process.
These measures are tightly aligned with Software Assurance Forum for Excellence in Code
(SAFECode) guidelines and ISO 27034.
4. Stronger together
Dell participates in supply chain risk management activities with trusted industry groups and
public/private partnerships. Dell has been actively engaged in the Open Group Trusted Technology
Forum (O-TTPF), the Software and Supply Chain Assurance Forum, SAFECode, the Supply Chain
Risk Leadership Council, the Internet Security Alliance, and the IT Sector Coordinating Council. Dell is
also an active member of the Government Information Data Exchange Program (GIDEP). Dell has
participated in the development of numerous standards and best-practice guidelines related to supply
chain integrity including the Open Group Trusted Technology Provider Standard (O-TTPS) which is
also recognized as ISO 20243, SAFECode, ISO 27036, and National Institute of Science and Supply
Chain Assurance v4.0 | Dell Inc., 2018 6 Technology (NIST) Interagency Report (IR) 7622, NIST
Special Publication (SP) 800-161, NIST SP800-53, and the NIST Cybersecurity Framework. To
address customer concerns about product tampering and supply chain assurance, Dell continues to
monitor and influence the development and potential impact of legislation, regulations, voluntary
standards, and contract language
For more details on Dell supply chain security please refer to this white paper:
https://i.dell.com/sites/csdocuments/CorpComm_Docs/en/supply-chain-assurance.pdf?newtab=true