Skip to main content

Start Here: Supply Chain Security Reader Paths

Use these role paths when you know who you are in the supply chain security assurance workflow, but not yet which handbook pages to read first.

The role paths are a routing layer through the existing handbook. They do not replace the main structure:

Standards & Threats -> Practices & Controls -> Technology Options -> Resources

If you already know the task you need to complete, you can go directly to the main sections. If you are starting from your role, choose the closest path below.

Start by role

RoleUse this path when...
Procurement and supplier assuranceYou buy, qualify, contract with, renew, or review suppliers based on evidence.
Product securityYou own product assurance across acceptance, release, vulnerability response, update, and lifecycle monitoring.
Supplier or manufacturerYou need to prepare evidence-backed answers for customers, buyers, auditors, or assessors.
Audit, compliance, and customer assuranceYou need to prepare, review, or explain retained evidence for audit, customer assurance, certification support, or internal review.
Technical implementerYou need to implement technical mechanisms, tools, workflows, repositories, or integrations that support assurance decisions.
Standards, policy, and compliance mappingYou need to translate external drivers into practices, controls, evidence, technology options, and mapping confidence.

Main handbook sections

  • Standards & Threats explains the standards, regulations, assurance pressures, threats, and failure modes that create the need for action.
  • Practices & Controls explains what should operate, what evidence should be produced, and how controls support decisions.
  • Technology Options explains mechanisms that may help implement controls or generate, protect, exchange, verify, and retain evidence.
  • Resources contains checklists, templates, maturity models, glossaries, workflows, and worked examples.

Common topic shortcuts