U.S. Supply Chain Disruptions Task Force: 7 Steps to Improve Supplier Risk Management

On June 8, 2021, U.S. President Biden announced the Supply Chain Disruptions Task Force to Address Short-Term Supply Chain Discontinuities. The Task Force was announced alongside results from the President’s 100-day review of critical supply chains in the wake of widespread shortages, such as for semiconductors, as a result of the COVID-19 pandemic. The Task Force will identify and combat trade practices that undermine U.S. supply chains, onshore essential medicines production, and identify U.S. sites where critical minerals such as those for batteries can be produced.

7 Steps to Simplify Suppler Due Diligence

The findings from the 100-day review will likely result in manufacturers, transportation companies, construction firms, and pharmaceutical companies offboarding old offshore suppliers and onboarding new domestic ones as production of critical materials shifts back to the U.S. To simplify and accelerate the inevitable due diligence process and ensure that suppliers are securely offboarded, organizations should consider these 7 steps for supply chain risk management:

1. Implement a comprehensive supply chain partner pre-screening program

Ensure that procurement and sourcing teams have access to insights pertaining to all new supply chain partner security, operational, data privacy, and financial practices. Pre-contract due diligence should consider existing cybersecurity and privacy assessment results, reputational information, breach history, legal actions, sanctions and other intelligence to inform sourcing decisions – alongside any inherent risk data.

2. Include multiple internal teams when onboarding new suppliers

Typically, the procurement team is responsible for managing the supplier relationship lifecycle, but multiple departments that interact with suppliers (e.g., production teams) may have insights to contribute or specific requirements for supplier assessments. That’s why it’s important to knock down the siloes that sometimes separate teams and open onboarding tasks to any party that interacts with the supplier. A simple intake form can accelerate the process.

3. Assess supply chain partners regularly – especially for business resilience and SLA performance

Antiquated spreadsheet-based risk assessment processes aren’t going to cut it anymore – especially if you are assessing a new supplier critical to the products you deliver and can’t afford the risk that comes with manual work. Instead, leverage an automated solution that hosts vendor assessment questionnaires, automatically raises risks if results don’t line up with expected risk tolerance levels, and offers specific remediation recommendations to close potential vulnerabilities. Regularly assessing suppliers on their SLA performance, business continuity, incident response and disaster recovery plans provides insight into how resilient they will be in the face of a disruption (e.g., another pandemic) and can better inform contract renewal discussions. An outsourced model will enable you to offload complex supplier assessments to risk management professionals so you can focus on risk remediation instead.

4. Fill gaps between assessments with continuous cyber, business and financial monitoring

Regular – usually annual – assessments are essential to documenting third-party supplier controls, policies and processes, but they are static in nature. Adding dynamic, real-time third-party monitoring across the following sources will help to catch potentially adverse supplier events before they impact your business.

• Cyber Intelligence: Criminal forums, onion pages, dark web special access forums threat feeds, paste sites for leaked credentials, security communities, code repositories, and vulnerability databases.
• Supplier Reputation: Public and private sources of reputational information, including regulatory and legal actions, M&A activity, sanctions, adverse media, politically exposed persons, and conflicts of interest.
• Financials and Investments: Financial performance, turnover, profit and loss, and shareholder funds transparency.

The challenge that many organizations face here is that it typically requires multiple tools to obtain these insights. When they do get this intelligence, it’s usually not aligned with the results of regular risk assessments – making validation a challenge. Look for solutions that unify periodic assessment results with continuous monitoring to make risk identification and mitigation faster and more complete.