Supply chain risk management – protecting intellectual data

Protect business ideas, , knowledge,data and copyrightThe backbone of today’s global economy is the global supply chain. As consumers we have all become rather blaze about eating strawberries in winter that were grown in Spain, or competitively priced, quality cars that are on sale throughout Europe and the USA but that those were manufactured in Korea.

But what would happen if we were to suddenly experience some major disruptions to the supply chains that bring all these products to market? It’s a thought that turns the blood running through the arteries of many major manufacturers and distributors to ice; so its small wonder that supply chain risk management is a subject that’s very close to the hearts of many.

Collaborative environments create risk

The fact of the matter is that global supply chains comprise one of the most collaborative environments in the business sector. The more diverse and the more complex the collaborations become, the greater the risk of one of those elements breaking down or under-performing. There’s also the ever present risk of exposing supply chain owners to the risks of fractured confidentiality.

In order to pinpoint the event of any disruptions, or to read the warning signs and try to forestall them from taking place, it is necessary to map-out the flow of information within the supply chain to enable close surveillance on key access points and nodes. Companies need to continuously be on top of supply chain risk management in order to underpin and safeguard their operations.

The importance of protecting information and intellectual property

Sensitive information is a concern for many businesses, and protecting intellectual property is a key issue. It’s not a duty that can be outsourced. It’s unlikely that any partners you work with will be prepared to protect your business’s intellectual data as well as you are. So, knowing who you’re dealing with, and adopting policies to control them is essential.

The place to start in terms of information risk management is in considering the nature of the supply chains you’re involved with; establishing what information is being shared, and determining the possibility of probability of the impacts that any potential breaches could bring about.

A problem that all sizes of business must consider

This isn’t just the domain of large corporations; businesses of all sizes need to stop and think about what the consequences could be of any supplier within the supply chain, either accidentally or purposely releasing any sensitive information that could damage their business.

Sensitive information isn’t limited to just intellectual data. It also incorporates information about employees, customer lists, any commercial plans, and all negotiations that are being considered or enacted, as well as the details of logistics.

Of course it’s not just manufacturing partners who need to be managed. The net has to be stretched to cover service suppliers too; including solicitors and accountants, as these are the people who are often privy to the most valuable, and potentially compromising, information.

The need to construct robust, scalable, easily repeatable processes

In order to manage information risk, businesses are advised to construct robust, scalable and easily repeatable processes – processes that can be used to obtain assurances from suppliers that are proportionate to the risks that could potentially be faced. This supply chain risk management, focusing on intellectual information, once defined, must then be embedded within the supply chain management software so that it becomes a natural component, and an integral part of day-to-day working.

The vulnerabilities of supply chain risk management

There are 3 vulnerabilities that need to be considered in terms of supply chain risk management. They are:

  • The lack of awareness that some partners may have with regard to the sensitive nature of information being shared
  • The fact that there may be too many contracts with various partners to enable individual assessment
  • The fact that there is a lack of visibility and a paucity of controls with regard to information that is shared within the supply chain.

Some businesses tend to focus on the first point and accordingly then assess risk on a contract by contract basis. The problem with this approach is that it does not take the second point into account and is not scalable for those businesses involved with thousands of different contracts.

The third point is the most important, and in some instances, the most challenging one for many companies. It means that supply chain managers will have to drill down further to cultivate relationships with suppliers’ suppliers; otherwise the risk escalates as the visibility disappears upstream.

Real time visibility and collaboration

The development of advanced supply chain management software, and the rapid interchange of data between internal departments and external partners, has increased the pace of change, and indeed, the complexity. It means that enabling integration with all partners within the supply chain, and focusing on real-time visibility, and partners’ collaboration capabilities, need to be the prime objectives. It’s this ability to spot, discuss and resolve disruptions as and when they occur within the network that defines how risk resistant any supply chain is. It only takes one fragment of the chain to be disrupted, and it can lead to issues that proliferate throughout the entire supply chain network.

The supply chain information risk assurance process (SCIRAP)

There is a process called SCIRAP (Supply Chain Information Risk Assurance Process). It has been developed by the ISF (The Information Security Forum). This process has been designed to help businesses to manage information risk throughout their supplier base within the supply chain environment. It focuses on identifying the information that is most at risk. In addition it provides a methodology that can be scaled up or down to manage contracts in a way that is appropriate and proportional to the amount of risk.

SCIRAP works by concentrating on information that has to be shared in the upstream. Once identified, it then suggests additional controls to lessen the risk of leaks. By integrating this technology into supply chain management software, it automates the identification and management of the risks that have been found.

For more information about managing information risk within the overall supply chain risk management function, visit the ISF website.


Should SCIRAP be integrated in all supply chain risk management software as standard? Have your say at the feedback section below

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>