Supply Chain Risk Management (SCRM) definition in Computer Security terms:
Definition(s): A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities, and threats throughout the supply chain and developing mitigation strategies to combat those threats whether presented by the supplier, the supplies product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal).
Source(s): CNSSI 4009-2015 (CNSSD No. 505)
Synonym(s): ICT Supply Chain Risk Management
The process of identifying, assessing, and mitigating the risks associated with the global and distributed nature of ICT product and service supply chains.
Source(s): NIST SP 800-161
reference: CSRC Glossary