SA-12(4) — Diversity of Suppliers

Using multiple suppliers for critical components reduces the risk of a single supplier compromise affecting your entire operation. Diversity in your supply chain builds resilience.

Example 1: Identify components and services where you depend on a single supplier. For each one, evaluate whether a viable alternative exists. Maintain a secondary vendor for your most critical components so that if your primary vendor is compromised or unavailable, you have a fallback option.

Example 2: For software components, avoid depending on a single open-source library or vendor SDK when alternatives exist. If a critical library is compromised (as in the SolarWinds or Log4j incidents), having familiarity with alternatives lets you switch more quickly.