GV.SC-10.114

Has your organization established and implemented a formal plan for managing component end-of-life, maintenance support, and obsolescence?

Explanation

This question assesses whether your organization has a structured approach to handling technology components as they reach end-of-life or become obsolete. Without proper planning, organizations risk using unsupported components that may contain unpatched security vulnerabilities, face unexpected costs for emergency replacements, or experience operational disruptions when critical components fail without available replacements. Evidence could include a documented component lifecycle management policy, an inventory database with end-of-life dates for hardware and software components, replacement schedules, or vendor support contract documentation that shows planning for transitions from aging technologies.

Implementation Example

Define and implement plans for component end-of-life maintenance support and obsolescence

ID: GV.SC-10.114

Context

Function: GV: GOVERN
Category: GV.SC: Cybersecurity Supply Chain Risk Management
Sub-Category: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub