Acquisition and Outsourcing Working Group
Activities
Software Assurance (SwA) in Acquisition: Mitigating Risks to the Enterprise provides information on how to incorporate SwA considerations in key decisions and how to exercise due diligence throughout the acquisition process relative to potential risk exposures that could be introduced by the supply chain. It includes
- practices that enhance SwA in the purchasing process
- due diligence questionnaires designed to support risk mitigation efforts by eliciting information about the software supply chain (these are also provided in Word format so they can be customized)
- sample contract provisions
- sample language to include in statements of work
A general acquisition process and its associated acquisition phases are used in the document to organize the discussion of SwA considerations throughout the acquisition process.
We developed two SwA in Acquisition and Outsourcing pocket guides from this document:
- Software Assurance in Acquisition and Contract Language
- Software Supply Chain Risk Management and Due Diligence
Please send us your feedback on this document and the above pocket guides.