Friday, October 17, 2008

Shoring up Supply Chain Security

Supply chain security breaches can damage brands, break down partnerships and, ultimately, hurt the bottom line. When creating a security framework, consider the following key areas to minimize supply chain risk.

When it comes to securing the supply chain, businesses should not only protect themselves but also their suppliers, customers and the general public. Failure to do so could result in potentially ruinous consequences, Logistics Management says, such as:

  • Widespread disruption to delivery capabilities, which can lead to loss of revenue and service failure in the eyes of customers;
  • Reduced brand equity - especially if customers see the security breakdown as a result of neglect;
  • Investor discontent due to revenue loss;
  • Increase in regulatory scrutiny;
  • Legal liability; and
  • Loss of supply chain partners.

Suffice it to say that no business would want to suffer the above - especially given the currently volatile economy. A recent study by shows that few companies can afford to ignore supply chain risks. Almost 99 percent of the 138 companies surveyed suffered a supply chain disruption and 58 percent suffered a financial loss.

To help companies tackle the challenges for securing the supply chain, Logistics Management (http://www.logisticsmgmt.com/) identified several competencies from which to create a security framework. They are:-

Process Strategy

To implement a security strategy, everyone must be on board and employees must know their managers are committed to the same goal. More than a third of the companies reportedly had an enterprise risk department, but only 3 percent said that department was actually implementing and managing supply chain risk management initiatives.

It's no help to have a chief security officer if that person doesn't actually do anything. "Top management must be visible in their commitment and dedication to implementing security initiatives".

Process Management and Process Technology

Process management is making sure that all the raw materials coming in and all the finished goods coming out of your plant are secure. It also involves ensuring that the manufacturing process is safe. For example, a U.S. Chemical Safety Board study in November 2006 found that 281 industrial dust-related fires and explosions killed 119 people and caused more than 718 injuries in the U.S. during 1980 to 2005, the Wall Street Journal reports. In many accidents, employers and employees were unaware that a hazard even existed. Something as seemingly unimportant as dust could cause a business to lose thousands of dollars because no one made sure the dust levels were safe for the processes in the plant.

Process technology, which is directly tied to process management, involves the means by which companies track the products coming in and out. With counterfeiting now 5 percent to 7 percent of the world trade, according to “’Industry Week”, manufacturers need to keep a close eye on the raw materials coming in and make sure it is their products - not counterfeited ones - that reach the store shelves. The U.S. economy loses as much as $250 billion annually to counterfeiting, “Industry Week” reports. It suggests partnering with governmental and non-governmental agencies to protect supplies and goods.

Individual product protection can be done by using holographic labels and other authentication devices throughout the distribution supply chain. U.S. congress is currently considering making the use of security markings on some pharmaceutical products mandatory after Malaysia's success with a similar program, “Packaging Digest” reports. Since the program was introduced, there was a significant increase in the identification and confiscation of illegal items entering the distribution chain.

Infrastructure Management and Communication Management

Infrastructure management is basically protecting the physical facility. Ready Business (http://www.ready.gov/business/protect/facilities.html) provides a guideline on how to keep your building safe, recommending manufacturers:-

  • Make building site maps available and mark emergency routes;
  • Consider installing closed circuit TV, access control, security guards or other security systems;
  • Secure all the ways people enter and leave the building and what they have access to;
    Identify essential equipment to keep the business open; and
  • Comply with all local, state and federal codes and other safety regulations.

The other part of this is making sure your employees know where to turn when they have security issues or if they witnessed a security breach. Not collaborating within the company can also put companies at extra risk. When decision makers are not alerted on time to possible risks, a more damaging disruption is likely.

Management Technology

Management technology is using technology to detect and share potential threats and security information internally and externally. These information systems are also critical in obtaining and sharing information with suppliers, customers, vendors and government agencies.

Information technology / systems are usually the first to detect breaches or product contamination. Businesses can choose to have multiple systems for inspecting and checking the manufacturing process or have a single network defense that combines hardware, software and networking technologies.

U.S. companies spent $3.85 billion on network security appliances in 2006 with expenditure expected to double by 2011, market researcher IDC says (http://www.idc.com/).

Metrics

To ensure that the security strategy is working, every business must measure its success constantly. The Center for Internet Security (CIS) (http://www.cisecurity.org/) has developed benchmarks to identify and define key information security metrics. The CIS expects to expand the benchmarks list to 20 items in the next year, but for now considers these key areas a high priority:
Average time between security incidents;

  • Mean recovery time;
  • Percent of systems configured to standard;
  • Percent of systems with antivirus; and
  • Percent of applications that had risk and vulnerability assessment.
  • Relationship Management

Most businesses cannot function without their supply chain partners, which is why it is critical that all partners involved are on the same page when it comes to security. "Collaboration with external entities (customers/suppliers and service providers) is necessary to ensure that security procedures are communicated and followed," Logistics Management stresses.

Those with global partners need to be even better at managing these relationships as they are often unable to monitor these partners and protect against theft, contamination or insertion of counterfeit cargo.

Public Interface Management

Public interface management is forging relationships with the government and the public about security. Working together, government and industry can better understand and address the nation's most pressing security needs and create meaningful initiatives to address those needs.
Logistics Management suggests actively participating in the development of government standards or security initiatives as one way of fostering these relationships.


***

No comments: