Securing every link in the supply chain during COVID-19

Securing every link in the supply chain during COVID-19

COVID-19 has thrown a spanner in the works when it comes to operating the supply chain and organisations have been forced to adapt and plan for dramatic impacts up and down their supply chains. Richard Hibbert, CEO and Co-founder of SureCloud, provides his thoughts on the supply chain risks facing many organisations during the COVID-19 era.

The unknown risks businesses face

The Harvard Business Review has previously made a stark statement with regards to global supply chains: the vast majority of global companies have no idea of what their risk exposure is; that’s because few, if any, have complete knowledge of all the companies that provide services or parts to their direct suppliers.

The unfolding Coronavirus pandemic has thrown into sharp relief just how complex and interdependent today’s international supply chains are – and how little visibility companies can have over those interdependencies. Organisations are being forced to adapt and plan for dramatic impacts up and down their supply chains, with some deploying all-new tools and solutions in order to facilitate last-minute remote working – often with very little understanding of how those new solutions might affect their own security and risk levels.

These issues go far beyond third-parties alone. The chain of security and risk responsibility goes much further; a substantial proportion of supply chain disruption is due to problems with fourth parties. Fourth parties are the suppliers of your third party, who you rarely have clear visibility and assurance over. 

Effective visibility over today’s global and fast-moving supply chains needs to strike a careful balance. Members of that supply chain need to be properly scrutinised – certain processes, tools and technologies need to be confirmed. Yet this scrutiny needs to be done in an efficient and agile way, without requiring organisations who may be several links away in the chain to undertake really onerous processes.

The answer, then, is a lightweight assessment question set focused on the most important aspects of managing business operations through adversity. This assessment must be able to be pushed out to any organisation in your supply chain – whether they are third parties, qualified fourth parties or beyond – to rapidly gain a clear picture of their response to security and risk in the current climate. To provide additional business context, users of the application should be able to add their own questions to the assessment.

Organisations deploying such a solution need to combine documentation of their own key assets and processes with assessment of their critical suppliers’ management of security and risk. And all this intelligence needs to be reported in a clear and intuitive way, through flexible dashboards which can be tailored to the needs of different stakeholders within the organisation. SureCloud’s free solution for supply chain risk does all of the above and more.

The questions you need to ask 

Supply chain assurance need to take in a broad spectrum of information. It’s not just about the obvious – what cybersecurity tools do they have in place, who is responsible for which process, what the contingency plans are – but also ‘softer’ information like where their offices are based and who their customers are. Supply chain audit solutions need to be able to collect all of this data as efficiently as possible, which means that cloud-based solutions are often most appropriate. Third and fourth parties and beyond can respond to digital questionnaires with the information collated and aggregated automatically. The result is a snapshot view of the health – or risk – of the supply chain at any time.

This approach gives businesses a time advantage as questionnaires can be sent directly to crucial suppliers in a matter of days or even hours, enabling a quicker understanding of affected products and/or services. This, in turn, helps measure the potential impacts posed by supplier risks and determine wider impacts on the supply chain.

Global insights: Giving back to the community

There are broader impacts with a cloud-based solution too. With multiple organisations using the same tool, they can collectively build valuable global insight into the current state of the supply chain, which then supports other organisations with their resilience strategy.

If the results of such supply chain audits are anonymised and aggregated, suppliers can use them to measure and report on global trends relating to the impact and readiness of supply chains. In turn, such analysis can be used to develop new guidance and create a dialogue to further improve supply chain management. It’s about building an international, dynamic knowledge base.

Effective supply chain management is particularly important in this time of global crisis. The effects of the Coronavirus pandemic have transformed the way suppliers are managed and relied upon and created uncertainty for third-party risk programmes. As with so many other areas of response to COVID-19, by working together, organisations can make a really powerful difference. 

Browse our latest issue

Intelligent CIO North America

View Magazine Archive