Resilience is the New Name of the Game in Supply Chain

Resilience is the New Name of the Game in Supply Chain

Resilience is the New Name of the Game in Supply Chain

For the majority of Supply Chain’s history, this evolution has been driven by a knack for finding efficiency. Companies have leveraged digital tools, and evolving skills, to collect vast data about product or raw materials sourcing, transportation, logistics, and manufacturing. They’ve hired strategic Supply Chain professionals who can turn this data into actionable intelligence, and redesign the supplier, production, and transportation network to get products to market quicker and cheaper. They use advanced ERP software and S&OP strategy to match supply with demand, and turn over inventory faster and faster. “Just-in-time” production has become a hallmark of today’s Supply Chains.

Case in point: research firm Gartner includes the speed of inventory turns as a key metric in its annual Top 25 List recognizing companies for their excellence in Supply Chain.

Now, the top Supply Chain professionals are those who can find those efficiencies, while providing a strong customer experience that safeguards the company’s brand. It’s been a long evolution, and it’s made the field more ascendant within companies than it’s ever been, with a bigger seat at the C-suite table. Risk mitigation, innovation through supplier collaboration, and increased sustainability have also driven Supply Chain’s strategic value – but they’ve taken a back seat to efficiency.

Then came COVID-19.

As we’ve also written about recently, the COVID-19 pandemic has caused almost-unprecedented disruptions to a majority of companies’ Supply Chains – as many as 72%, according to a recent Supply Chain Canada survey.

We’re four months into the pandemic, and it appears that these disruptions have spurred another evolution:

More than ever, companies are focusing on Supply Chain resilience

All around the Supply Chain world, professionals are shifting their focus to make sure that they can withstand supplier disruptions, not only due to COVID-19, but to future emerging issues as well.

In our recent interview with Procurement Guru Jill Button about the particular Supply Chain challenges of the moment, she highlighted this shift, saying: “People are beginning to understand the risks and fragility of a Supply Chain and not having a sound Procurement practice. I think, as a field, we need to step up and embrace this moment.” In March, at the outset of the pandemic, industry thought leader Bob Ferrari wrote about how, in a world of supplier disruption, companies might shift from a just-in-time inventory model that maximizes efficiency, to one that prioritizes a diverse supplier base to maximize resilience.

Top consulting firms are taking notice too, in their own advice to corporate leaders: Bain, Deloitte, McKinsie, and Baker McKenzie, and others have released white papers in recent days on the importance of Supply Chain resiliency and risk mitigation in this new era.

Read more at Resilience is the New Name of the Game in Supply Chain

Leave your comments below and subscribe us to get updates.

Enabling Resilience in National Critical Infrastructure

Growing concerns related to dependencies on software-reliant information communications technology (ICT) and Internet of Things (IoT) devices are pushing changes in governance associated with supply chain risk management (SCRM). The possibility of disruption of critical infrastructure exists because the software that enables these capabilities is vulnerable and exploitable.

Exploit potential is often more about the vulnerability of assets in target organizations than the ingenuity of the attackers. Several breach reports show that the source vectors of attack are in software. Consequently, organizations expanding the use of network-connectable devices need comprehensive software security initiatives to address weaknesses resulting from technological vulnerabilities and a lack of “cyber hygiene” (lack of caution) among those who develop and use software applications and software-reliant IoT devices.

Exploitable weaknesses, known vulnerabilities, and even malware can be embedded in software without malicious intent. Indeed, sloppy manufacturing hygiene is more often the cause of exploitable software. Such poor hygiene can be attributed to the lack of due care exercised by supply organizations with developers, integrators and testers who are often unaware of or untrained on software security, compounded by inadequate testing tools and the failure of suppliers to prioritize addressing the risks associated with the poor security of the software they deliver to the organizations that use it.

How do organizations proactively protect critical infrastructure from being the victim of software provided by others? As a start, they use contracts to set supply chain expectations for their suppliers. Sample software procurement language is available for free to assist organizations in developing their contracts and establishing test criteria as part of software SCRM due diligence. Procurement criteria should contain these specifications, at a minimum:

  1. Software composition analysis of all compiled code found in the supplier product to identify all third-party open source components via a software bill of materials and to identify all known vulnerabilities listed in Common Vulnerabilities and Exposures (CVE) in publicly available databases, such as the NIST-hosted National Vulnerability Database (NVD);
  2. Static source code analysis of all available source code found in the supplier product to identify weaknesses listed in Common Weakness Enumeration (CWE);
  3. Malware analysis of supplier-provided software to determine whether any known malware exists in that software, along with a risk assessment of mitigation controls;
  4. Validation of security measures described in the product’s design documentation to ensure they are properly implemented and have been used to mitigate the risks associated with use of the component or device.

Read more at Software Supply Chain Risk Management: Enabling Resilience in National Critical Infrastructure

Share your opinion below or send us a message for further information. Subscribe to get updates.

How Does Your Supply Chain Resilience Rank?

Hurricanes, earthquakes, terror and political upheaval all took a toll.

In addition, three emerging drivers of resilience have come to the forefront in recent years that are now included in the 2017 FM Global Resilience Index: the rate of urbanization, inherent cyber risk and supply chain visibility.

Resilience against events that could disrupt operations is a top priority for business executives seeking to minimize risk and maximize performance across their operations.

The ability of businesses to overcome disruptions throughout the world can make all the difference.

The FM Global Resilience Index is an annual ranking of 130 countries and territories according to their enterprise resilience to disruptive events.

Rankings are calculated as an equally weighted composite of 12 core drivers that affect the enterprise resilience of countries significantly and directly.

The historical data in this year’s index has been updated and calculated on this new basis for each of the last five years to enable valid historic comparison.

Here are the key results.

Switzerland occupies the top position in the 2017 FM Global Resilience Index. This reflects the fact that Switzerland is among the best in the world for its infrastructure and local suppliers, its political stability, control of corruption and economic productivity.

Luxembourg has risen gradually from eighth in 2013 to second in 2017, owing partly to its reduced reliance on oil for economic productivity. This reflects the continued growth in the importance of its services sector. Luxembourg enjoys a strong reputation for its financial sector, its network of service providers and its responsive, business-friendly regulations.

The country is well-placed to benefit from financial institutions that may be seeking a new home, post-Brexit, following the United Kingdom’s departure from the European Union.

Read more at How Does Your Supply Chain Resilience Rank?

If you have any opinions, share it with us in the comment box. Subscribe us to get updates in your inbox.

Helping Procurement Professionals Build Resilience in Their Own Supply Chains

The Chartered Institute of Procurement & Supply (CIPS) has launched a free online tool to support procurement and supply management professionals and those with an interest in buying to develop resilience in their own supply chains.

A CIPS survey in 2016 of 900 professionals revealed a growing awareness that unmitigated risk can have disastrous consequences for companies in terms of revenue and impact on margins.

Of those surveyed, 46% ‘sometimes’ have mitigation strategies in place and yet 52% expected the same level of service from their suppliers in the event of a disruption.

The Risk and Resilience Online Assessment Tool helps procurement professionals to identify where specific risk exists in their supply chains in seven key areas:

  1. Geographical. Restrictions on commodities or trade tariffs can have devastating effects on supply chains along with environmental concerns and reputational damage.
  2. Functional. Poorly conceived strategies and poor systems controls can make critical parts of the supply chain high risk.
  3. Performance. Suppliers may be engaging in bad working practices or failing to provide the right product, at the right time, to the right place.
  4. Technical. An inadequate level of internal security surrounding IT systems could lead to cyber risk and loss of customer, or partner data and loss of revenue.
  5. Governmental. Actions from governments could influence the movement of goods, with sanctions and embargoes and could affect reputation if found to be supportive of human rights abuses.
  6. Ethical. Dents in customer confidence will affect revenue streams and reputation, disaffected workforces can produced delayed, poor-quality goods.
  7. Legal. Breach of laws and statutes will cause delays and issues in supply chains. Diligence is required to ensure suppliers and contractors are also compliant.

Read more at Helping Procurement Professionals Build Resilience in Their Own Supply Chains

6 in 10 businesses experienced at least one supply chain disruption in Asia Pacific in 2016

One in four businesses exceed ‎US$1 million in losses, but almost half of survey respondents in Asia Pacific did not insure their losses.

Zurich Insurance has revealed the key Asia Pacific findings of the Business Continuity Institute (BCI) “Supply Chain Resilience Report 2016”. Despite six out of ten organisations experiencing at least one supply chain disruption during the past year, with one in four exceeding ‎US$1 million in losses, the report found that almost half of survey respondents in Asia Pacific did not insure their losses.

Partnering with BCI for the eighth year, the annual report is regarded as one of the most authoritative benchmark reports in this business area. The key findings for Asia Pacific (APAC) this year are:

  1. IT/Telecom outages was named as the number one cause of supply chain disruption
  2. One in four organisations experienced cumulative losses of over ‎US$1 million
  3. 46% of organisations do not insure their losses, meaning they bore the full brunt of the cost
  4. Only 30% of disruptions occur with an immediate supplier
  5. 48% responded that top management have made commitments to supply chain resilience

Read more 6 in 10 businesses experienced at least one supply chain disruption in Asia Pacific in 2016

Subscribe us to get updates in your inbox. If you have any opinions, please share it at the comment box below.