A vendor solution may be delivered as a single solution or in volume, be physical or digital in nature. Each of these eventualities needs to be considered in this phase.
- This will require a defined process for delivery and acceptance of the solution including security verification.
- Requirements for secure delivery of sensitive physical equipment (e.g. leaving it unattended in an insecure area where it can be tampered with) and responsibilities in the delivery process must be clear
- Requirements for secure delivery of digital solutions (e.g. using a secure delivery channel) and responsibilities in the delivery process must be clear
- Supply chain and/or technical buyers within the operator may wish to conduct their own acceptance testing prior to accepting a solution from their vendors. This may be particularly appropriate where units are to be supplied in volume and appropriate batch testing may be appropriate. In this context security testing should be part of the standard testing regime.
- Note this function may also be performed by a third party on behalf of the mobile operator. Again the third party must meet the supply chain requirements in terms of quality, reliability and security