Recommendation 1a
We recommend the Architect of the Capitol perform an independent risk assessment to identify
and evaluate potential risks within the agency’s supply chain, including risks related to cybersecurity, geopolitical factors, vendor reliability, and compliance with regulatory requirements. This assessment will allow the agency to determine whether a formal Supply Chain Risk Management program is necessary based on the agency’s unique risk profile.
Recommendation 1b
If deemed necessary based on the outcomes of the assessment performed, develop and
implement a Supply Chain Risk Management program tailored to the identified risks. This may
include implementing or enhancing appropriate controls, vendor risk management processes,
continuous monitoring, and integration of risk considerations into procurement and operation
decision-making.