How to Apply Risk-Based Management Concepts to the Supply Chain

Organizations must use risk-based management concepts when they contract out tasks (such as hiring an air conditioning company to maintain the air conditioning in their data centers), bring on new suppliers or utilize service companies to transport their goods. Many of these concepts apply to mergers and acquisitions too.

    • Risks associated with hardware, software, and services. The company should perform due diligence, which includes looking at the IT infrastructure of the supplier. When thinking about the risk considerations, you must consider:
    • Hardware. Is the company using antiquated hardware that introduces potential availability issues? Is the company using legacy hardware that isn’t being patched by the vendor? Will there be integration issues with the hardware?
    • Software. Is the company using software that is out of support, or from a vendor that is no longer in business? Is the software up to date on security patches? Are there other security risks associated with the software?
    • Services. Does the company provide services for other companies or to end users? Is the company reliant on third-party providers for services (such as SaaS apps)? Did the company evaluate service providers in a way that enables your company to meet its requirements? Does the company provide services to your competitors? If so, does that introduce any conflicts of interest.
  • Third-party assessment and monitoring. Before agreeing to do business with another company, your organization needs to learn as much as it can about that company. Often, third-party assessments are used to help gather information and perform the assessment. An on-site assessment is useful to gain information about physical security and operations. During the document review, your goal is to thoroughly review all the architecture, designs, implementations, policies, procedures, etc. You need to have a good understanding of the current state of the environment, especially so you can understand any shortcomings or compliance issues prior to integrating the IT infrastructures. You need to ensure that the other company’s infrastructure meets all your company’s security and compliance requirements. The level of access and depth of information you are able to gain is often directly related to how closely your companies will work together. For example, if a company is your primary supplier of a critical hardware component, then a thorough assessment is critical. If the company is one of 3 delivery companies used to transport goods from your warehouse, then the assessment is important but does not have to be as deep.
  • Minimum security requirements. As part of the assessment, the minimum security requirements must be established. In some cases, the minimum security requirements are your company’s security requirements. In other cases, new minimum security requirements are established. In such scenarios, the minimum security requirements should have a defined period, such as 12 months.
  • Service-level requirements. A final area to review involves service level agreements (SLAs). Companies have SLAs for internal operations (such as how long it takes for the helpdesk to respond to a new ticket), for customers (such as the availability of a public-facing service), and for partner organizations (such as how much support a vendor provides a partner). All the SLAs of the company should be reviewed. Your company sometimes has an SLA standard that should be applied, when possible, to the SLAs as part of working with another company. This can sometimes take time, as the acquiring company might have to support established SLAs until they expire or renewal comes up.

7 thoughts on “How to Apply Risk-Based Management Concepts to the Supply Chain”

  1. First off I would like to say excellent blog!
    I had a quick question that I’d like
    to ask if you do not mind. I was curious to find
    out how you center yourself and clear your thoughts
    prior to writing. I have had a tough time clearing my thoughts
    in getting my thoughts out.
    I truly do enjoy writing however it just seems like the first
    10 to 15 minutes are lost just trying to
    figure out how to begin. Any ideas or hints?

    1. Keep a list of ideas handy. You never know when writer’s block will hit.
      Eliminate distractions. A lot of people claim to work better while multitasking. when you do, do it with 100% concentration.
      Research efficiently.
      Keep it simple.
      Edit after writing.
      Set a timer.

  2. The Stainless Steel Store

    great and also impressive blog site. I truly wish to thank you, for giving us far better

  3. I have been browsing online more than 3 hours today, yet I
    never discovered any interesting article like yours. It’s beautiful worth enough for me.
    Personally, if all site owners and bloggers made just right content material as
    you did, the web will be much more useful than ever before.

  4. Have you ever considered about adding a little bit more than just
    your articles? I mean, what you say is valuable
    and all. Nevertheless imagine if you added some great
    images or video clips to give your posts more, “pop”! Your content is excellent
    but with pics and video clips, this blog could certainly be one of the most beneficial in its
    field. Great blog!

Leave a Comment

Your email address will not be published. Required fields are marked *

error: Content is protected !!