Developing Supply Chain Management Philosophy alongside NIST Supply Chain Risk Management Guidelines

Supply Chain Risk ManagementOne key element to good supply chain management is the mitigation of risk. A new publication entitled “Supply Chain Risk Management Practices for Federal Information Systems and Organizations” produced by The National Institute of Science and Technology (NIST) has just been released. Its focus is the supply chain risk management (SCRM) that is inherent when new IT systems are being procured.

The growing influence of Supply Chain Management

Supply Chain Management is now becoming increasingly recognized by organizations as the key part in any supply situation.   Given the prominence with which companies now regard the subject, it seems hard to believe that the first time “supply chain management” was coined as a phrase, was back in 1982 when a British consultant named Keith Oliver used it in an interview with The Financial Times newspaper. The term gradually became adopted more frequently, and during the 1990s, supply chain management became a specific science and grew to become accepted as the new procurement Bible.

The inherent risks of off-the-shelf SCM software applications

With the growth of supply chain management (SCM) as a desirable business discipline; to the stage where it is now an indispensible attribute in any manufacturing organization, and even country; supply chain management software programs have proliferated like crazy. It’s simply the law of supply and demand. Once the demand became established, the opportunities to meet that demand have been exploited to the full.

As IT technology has become more and more sophisticated, and new platforms like “The Cloud” have come into the picture, the opportunities to design and develop new SCM program software have multiplied. But designs are often far from foolproof, and this is where SCRM has now had to become far more sophisticated. NIST’s new publication lays out some recommended guidelines that organizations should adopt in terms of screening new supply chain management software before setting it loose.

Managing Supply Chain Risk Management

The new document outlines the types of threat that new SCM software programs can introduce; things like system tampering, information theft, sub-standard production practices, and the introduction of malicious software and hardware.

The new publication discusses ways of being able to mitigate these risks by way of creating plans to install, test, and remove systems, in ways that first check that said systems are working correctly, and that they do not present security risks to supply chain management program integrity.

The document describes how to go about forming good working partnerships with IT providers following best supply chain risk management practice that allows risks to be correctly measured.

In terms of the costs involved with partnering with the right IT experts, the NIST document advises that this cost must be measured against the risks borne out of not assessing the dangers correctly; risks which are increased when the software is intended for general supply chain management use, rather than when the applications have been specifically designed to work with a company’s existing SCRM controls.

The 4 Basic Recommendations

The NIST recommends four particular goals that need to be adhered to when formulating an SCRM philosophy:

  • Rather than trying to eliminate risk altogether – look to manage any risks
  • Make sure that all supply chain operations can be constantly adapted to keep pace with ongoing threat evolution
  • Have an inclusive policy in terms of any internal changes, both policy-wise and operational-wise
  • Be able to modify practices so that they reflect global ICT supply chain management strategy

Whilst the NIST document is specifically targeted at US Federal Agencies, it is a wholly professional IT document, designed and written by IT experts, and can be devolved for use in any standard commercial environment. This may be of particular use to companies who do not have such a high level presence of in-house IT professionals with experience of the appropriate SCRM protocols.  A copy of the Supply Chain Risk Management document can be downloaded free from the nist.gov website.

Protecting your Supply Chain and your Supply Chain Partners

Supply Chain Management is totally reliant on Supply Chain Risk Management for protecting the integrity of supply chains, and the products and services that they manage. The new NIST document can be used as a useful tool for furthering best practice in SCRM for the benefit and protection of all supply chain partners, including the end users.


Can your in-house IT team learn anything from the new NIST Supply Chain Risk Management document? Have your say at the feedback section below.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>