I'm curious what other TPRM Program are doing to proactively monitor Executive Orders (EO). The EO for Chinese applications in January is one we were able to quickly scan our systems, contract repositories and documentation (at least in the US) to determine if we were impacted. Internationally it was trickier. Initial and on-going due diligence, tracking and monitoring against new contracts, purchases, etc. is proving to be a challenge. I'm curious if others have guidance/governance on how this is best handled within your programs you'd be willing to share.
https://www.federalregister.gov/documents/2021/01/08/2021-00305/addressing-the-threat-posed-by-applications-and-other-software-developed-or-controlled-by-chinese