We have all heard the saying “A chain is only as strong as its weakest link” but to repair or replace that weak link, you first need to identify it.
This is the first of my seven tips for improving the sustainability or resilience of your supply chain security: Identify all of the nodes in your supply chain. No two organisational supply chains are alike, as there are many dependencies and interdependencies at all levels. Some organisations perform a cursory mapping of their supply chain (some not at all) and I believe this is a crucial step to get correct. Identify all nodes both upstream and downstream, and the identification process needs to cover both internal resources as well as external delivery partners (which I will cover shortly). Effective supply chain risk management needs to be a systematic assessment and treatment of all potential risks across the entire operation – both inside and outside of the supply chain.
This is a great starting point and from performing the mapping process, some aspects to focus on may become immediately apparent. The supply chain process should be mapped from initial raw material stages right through to consumer acquisition, which brings me to the second tip: Also map the flow of information through the chain. This can be an item that can be easily overlooked but can be an integral part of supply chain security. Packaging guidelines, delivery routes and security protocols are all examples of items that should be covered with this part of the process. This not only helps to improve process accuracy, it assists with identifying potential information security risks downstream that can, therefore, be effectively mitigated. Confidential information should also be supported by an audit trail clearly showing access details.
To ensure a thorough analysis can be conducted of the entire supply chain, key representatives from all stakeholders should be involved in the process. Through the formation of a diverse Supply Chain Risk Management Team (tip three), each department has the opportunity to outline its specific risks and concerns to be included in the planning process. Some examples of this may be the legal/administration team having some concerns with logistics partners compliance and contractual responsibilities. It could also include the procurement team identifying that background vetting of the staff of those logistics partners is a sound idea, whilst the security team put forward their ideas for physical security standards for the logistics partners warehouse to ensure the integrity of the products during that stage of the process.
Tip number four would be to: integrate security awareness into the organisation’s culture. This is obviously an aspect that requires the support of upper management and the flow on support of all departments but is incredibly powerful. Security awareness programs should be part of an organisation’s induction programs and some level of this type of training should occur across all departments to help reinforce their respective roles in the security program. Elements of this training can even be replicated to business partners to ensure that objectives are aligned. This initial training needs to be supported by structured procedural security programs which should be “living documents”. They should be reviewed and updated as there are any changes to the business structure, any changes in expectations and as per a set review period.
I previously touched on the use of external delivery partners (logistics partners, labour suppliers, etc) and they can be a crucial element in an organisation’s service delivery as they can bring unique skill sets and resources and through their effective engagement, organisations can focus on their core business more effectively. They can also greatly assist with organisational expansion in different geographical areas where the partner has existing infrastructure. However, they also bring with them various additional risks that need to form part of the SCRM planning process. Delivery partner security procedures and standards (tip five) should be developed and form part of the external supplier engagement process.
These standards should cover a variety of aspects ranging from required documentation and conduct of their supplied staff, through to physical security standards of their transport vehicles and premises where the organisation’s goods may be held during the transport process. This sends a very strong message to business partners and helps to further strengthen the entire security culture of an organisation. Agreed supplier premises access control guidelines are another example of an item that would be of key importance where there are potential risks of contamination to product.
As a basic starting point, the organisation can issue its business partners with a “Supply Chain Security Self-Assessment Audit” sheet. Once completed, period site visits should also be conducted to ensure adherence to the agreed protocols and guidelines. These contractor/business partner guidelines and standards should be in addition to any existing risk transference system that is in place (contractual or insurance) as although the financial risk transference may cover for lost/damaged goods, there is still the potential damage to the organisation’s brand from delayed or non-delivery of items.
The question may be asked “how does the organisation know what type of physical and procedural security guidelines should be put in place with its delivery partners?” This is a very valid question. The organisation’s designated security representative/s need to play a very important role here with regards to structured sourcing of benchmarking and best practise (tip six). The security industry is a fluid and dynamic industry, with technological advances and procedural improvements occurring at a startling rate. Member associations, industry publications and even social media relevant groups can all assist with providing valuable information and contacts for improvements that can be integrated into the organisation’s security operation. Once new information and ideas are gathered, they can be discussed with the SCRM team to see if they are of benefit and how they can be best implemented.
A personal recent example of this that I experienced is a new product from Sonic Force Security with their Inferno Sound and Light Barriers. Whilst I have previously investigated effective use of strobes and increased volume alarm sirens in response to unauthorised access, their combination of a disorienting 2,700W white strobe light coupled with an utterly intolerable 127dB sound spectrum makes for an extremely effective response. Now imagine this unit being mobile and mounted in the back of large delivery vehicles for smaller high price individual electronic items, I am sure you get the idea.
An organisation can have the best business continuity and technology recovery plans in place, have organisational wide support for the program – including from its business partners – and can have ensured that the plan is overarching across the entire company to cover any gaps between individual responsibilities/accountabilities, but it still needs to ensure that the plan is underpinned with operational efficiency (tip seven).
This is another reason why it is crucial to ensure multi-department representation in the SCRM team as any system changes need to be tested for their impact on operations which can then be weighed against the benefit of implementation. Implementing new technology, new procedures and protocols all comes at a cost and, as such, needs to provide a return on investment to the organisation. Some of the benefits of improving supply chain security are clear and tangible – such as improved delivery times, decreased shrinkage, improved response times to incidents and improved KPI results from business partners, etc – however there are also many other associated benefits that occur such as an improved SCRM culture within the organisation, the improved protection of the integrity and reliability of information networks, and an improvement in the integrity of products, to name a few.
Although there are many benefits (both tangible and intangible) from the improvement of Supply Chain Security Risk Management within an organisation, due to its positive flow-on effect across the entire organisation and multiple benefits, the biggest improvement it has is on what is arguably an organisation’s most important asset: its reputation.