ISO/WD 22373

Security and resilience — Authenticity, integrity and trust for products and documents — Framework for establishing trustworthy supply chains

Scope

This document provides an approach that support stakeholders in a supply chain to accomplish a chain of trust regarding properties of identifiable material goods along a supply chain. This document gives guidance on the identification of trust domains and their corresponding trustworthiness attributes, and the measures to achieve the targeted trustworthiness attributes.

As a supply chain comprises of several stakeholder and numerous distinct trust domains, this document specifies a systematic approach for identification of interaction points between trust domains. It defines criteria for ensuring that each interaction is trustworthy and aids the establishment of a chain of trust.

This document introduces a standardized data structure to exchange trustworthiness relevant information. This can be used to negotiate and exchange trustworthiness properties between different supply chain nodes. It will support several properties, such as interoperability, robustness, accountability, transparency while preserving privacy.

This document does not interfere with any known standards. Different technologies can be leveraged for the implementation of the approaches guided in this document. It can be used to support existing systems. This document is technology agnostic, and the aspects specified in this document can be implemented using various technologies such as PKI certificates, Decentralized Identifiers and Verifiable Credentials.