Beacon employs a risk-based approach to vendor and supply chain management. This focuses on minimizing environmental risks to confidentiality, integrity, and availability.
​

The Beacon team reviews the supply chain to assess what security issues may exist. This informs documenting the approach to address those risks. Key elements of this process include:

Supplier risk management starts with establishing clear security requirements in contractual documents where appropriate. At a minimum, end-user license agreements (EULAs) and/or Terms of Service are reviewed in detail to understand what impacts they may have on the expected delivery of resources. The Beacon team also performs detailed risk assessments of each supplier’s security program to make sure it adheres to industry best practices and the Beacon team’s standards. This includes verification of third-party compliance audit reports.
​

Availability requirements for Beacon may require supplier diversity in support of some features and resources within the solution. In those cases, the Beacon team identifies a diverse suite of vendors that can provide equivalent resources, components, and functionality where necessary. The Beacon team regularly (at a minimum annually) assesses vendors to determine if there are competitive options that would improve the capability, availability, or security of the system. If alternate paths are identified as options, detailed reviews and assessments of those capabilities will commence and the new capability will be added using the appropriate configuration and change management processes.