Improving supply chain strength and agility

Across the world, many countries are in their second wave of the pandemic. As such, organisations with overseas operations and suppliers may still be feeling the impact of a disrupted supply chain.

Having worked with many organisations through the years, including natural disasters and pandemics, there are a few commonalities organisations have adopted around their supply chains that have led to business efficiencies and optimisation, reduced downtime, and as a result decreased costs and increased productivity:

1) Be agile and embrace the various forms of risks that are emerging

COVID saw some businesses turn on a dime, such as gin manufacturers switching to produce hand sanitiser. Yet other enterprises completely stopped or massively reduced operations until their region was out of lockdown.

Adopt the new ways of working and business models but understand the new risks. Working from home is a great example. As employees migrated to the home office, cybersecurity risks emerged in accessing and sharing valuable business data.

Similarly, for enterprises that are integrators, or ‘hubs’, between different organisations that deal with upstream and downstream suppliers, take the initiative and start the conversation with suppliers to understand the core dependencies, review dual/multi-supplier arrangements and lean on local suppliers instead of global suppliers that may be non-existent or under pressure.

If the business does change suppliers and streamline processes, understand the weak links and identify the single points of success. If one component goes down, do you have backups? Do you have the upstream and downstream controls in place? It often takes just one supplier to have an issue and the rest of the chain fails, which can lead to huge business disruptions and long-lasting financial impacts.

2) Work collaboratively

Embracing different ways of thinking is exactly what enabled a client to embrace collaboration and consider ‘Area business continuity planning (BCP)’. Located in a remote part of Asia, the manufacturer knew if the organisation was impacted by an incident, it could be waiting for hours for the nearest emergency services. The organisation, based in an industry park, approached other local businesses to look at ways to support and utilise each other’s resources productively in an emergency. As it turned out, one business had fire trucks and another had a medical office with onsite doctor, all of which could be utilised locally if an issue occurred in their community or organisation.

Aligning BCP strategies to those of others can be applied to supply chains too, especially if the organisation is a hub in the supply chain. This can help save costs and streamline efficiencies. However, proper testing of an integrated BCP strategy is critical to ensure your supply chain doesn’t fail.

Managing information system (IS) or digital supply chains, which often resembles product supply chains is also critical to business success and achieving the objectives and goals.

As noted in the recent ISACA whitepaper Supply Chain Resilience and Continuity, “Managing the IS supply chain helps enterprises to focus on core business functions, optimise costs, and deliver products and services faster, thereby maximising benefits from information and technology investment.”

3) Resilience is more powerful than redundancy

Redundant solutions, whereby organisations rely on “spares”, often implies a false sense of security. Just as with the product supply chain, ensure there is adequate stock of components. If there is an issue in the server room and IT staff are working from home, how quickly can someone attend to the problem on site?

Don’t assume a secondary supplier will be available, especially on hardware components.

Another recent example is a manufacturing plant that realised during testing the plan for any mobile telephony issues was to move to two-way radio. After much searching, the walkie-talkies were found in a box covered in dust. The batteries were drained, and on-site managers had no idea how to use them. Redundancy and backup systems do not trump resiliency.

Furthermore, many organisations do not have an adequate plan in place if the internet goes down. Don’t postpone BCP work and tests around connectivity. Double and triple check your backup links and test them. During testing, organisations often realise the configuration of network switch gear is no longer applicable or the software patch level is out-of-date.

Final points

If the organisation relies on integrated supply chains, consider the security aspects when linking up systems with external partners. While optimisation and efficiency are the main goals, it can open the door to cybersecurity risk. In addition to the ISACA whitepaper, ISO28000 provides good guidance on supply chain information security.

As we move towards 2021, now is a good time to review the changes and new implementations the organisation has made, and update and test the BCP to ensure future resiliency of the traditional and IS supply chains.

Rinske Geerlings is the Managing Director of Business as Usual and an ISACA member. She was awarded the Risk Consultant of the Year in 2017 by the Risk Management Institute of Australia and Outstanding Security Consultant of the Year 2019 Finalist by the OSPAs.