Tony Pelli is practice director of security and resilience at the British Standards Institution.
Supply chain problems came into the global spotlight following the COVID-19 pandemic and Russia’s invasion of Ukraine. Soon, businesses realized that they had less control over their supply chains as they thought.
To fortify operations moving forward, businesses must shift to a proactive supply chain risk management mindset and work twice as hard to build resiliency into their supply chains from the start, ensuring there are contingency plans in place for unexpected interruptions or disasters.
The British Standards Institution recently reviewed some of the most common mistakes companies make with their supply chains. Here’s what we found, along with tips on how to improve.
Supply chains unprepared for ‘secondary risks’
Over time, most corporations have learned to respond to primary risks, such as supplier financial failures or disruptions at a singular supplier site. However, this is no longer strong enough for today’s business practices.
Corporations must now understand how to respond to secondary risks, or scenarios that are less likely to occur but much harder to control. Key examples of these secondary risks in recent years include commodity pricing and supply chain disruption during the COVID-19 pandemic and the Russia-Ukraine war.
While these secondary risks are significantly harder to prepare for, it is critical that corporations work diligently to see potential threats ahead and create a plan of action.
That should especially be the case when approaching climate change, which has become a major topic for supply chain officers. Business planning must include flags around limited resources, supplier zones at risk and changes to operational modeling.
Lack of cyber mapping creates vulnerabilities
Cyber mapping is a very important part of the supply chain resilience process. Control of data will become more important in the years to come, and suppliers often perform critical business functions for many organizations.
Key suppliers may have data on critical IP, payment systems, customer data and go to market plans. Further, as globalized corporations grow, virtual flows of data and information between companies, suppliers and their customers are increasing. One breach could take down hundreds of suppliers if not protected properly.
Through the adoption and implementation of a robust vulnerability and remediation management system, an organization can make continual improvements to the security posture of its systems, ensuring the ongoing security of its critical business processes.
An effective system involves the implementation of vulnerability management software coupled with the development and deployment of well-designed supporting policies and procedures built in line with industry standards such as ISO and NIST.
Businesses need more visibility into their supply chains
Corporations must work to build resiliency within their total supply base. The best way to find out whether suppliers can withstand shocks of inflation, geopolitical change, climate change and more, is by fully mapping the supply chain.
Mapping your supply chain means looking at the whole of your vendor process. First, a corporation must understand the supplier life cycle. Next, the relationships within the local supply chain must be understood, such as who within the organization owns the supplier relationship.
Once those items are established, a corporation must review all purchase orders and invoices to understand the size, scale and frequency of supplier relationships. If that supplier were to go down, how much would the business feel the impact?
Once mapping is complete, work toward generating as many touch points with suppliers as possible. Be sure to also include risk management when building your own supply chain. Microlevel improvements, such as diversifying vendors for one product, and macrolevel improvements like shifting out of a country where unethical business practices may be ongoing, are both essential steps.
Ensure that supply chain mapping is more than just an exercise. Work to change your supply chain for the better through direct engagement with suppliers and contingency planning.
