On June 8, 2021, U.S. President Biden announced the Supply Chain Disruptions Task Force to Address Short-Term Supply Chain Discontinuities. The Task Force was announced alongside results from the President’s 100-day review of critical supply chains in the wake of widespread shortages, such as for semiconductors, as a result of the COVID-19 pandemic. The Task Force will identify and combat trade practices that undermine U.S. supply chains, onshore essential medicines production, and identify U.S. sites where critical minerals such as those for batteries can be produced.
The findings from the 100-day review will likely result in manufacturers, transportation companies, construction firms, and pharmaceutical companies offboarding old offshore suppliers and onboarding new domestic ones as production of critical materials shifts back to the U.S. To simplify and accelerate the inevitable due diligence process and ensure that suppliers are securely offboarded, organizations should consider these 7 steps for supply chain risk management:
Ensure that procurement and sourcing teams have access to insights pertaining to all new supply chain partner security, operational, data privacy, and financial practices. Pre-contract due diligence should consider existing cybersecurity and privacy assessment results, reputational information, breach history, legal actions, sanctions and other intelligence to inform sourcing decisions – alongside any inherent risk data.
Typically, the procurement team is responsible for managing the supplier relationship lifecycle, but multiple departments that interact with suppliers (e.g., production teams) may have insights to contribute or specific requirements for supplier assessments. That’s why it’s important to knock down the siloes that sometimes separate teams and open onboarding tasks to any party that interacts with the supplier. A simple intake form can accelerate the process.
Antiquated spreadsheet-based risk assessment processes aren’t going to cut it anymore – especially if you are assessing a new supplier critical to the products you deliver and can’t afford the risk that comes with manual work. Instead, leverage an automated solution that hosts vendor assessment questionnaires, automatically raises risks if results don’t line up with expected risk tolerance levels, and offers specific remediation recommendations to close potential vulnerabilities. Regularly assessing suppliers on their SLA performance, business continuity, incident response and disaster recovery plans provides insight into how resilient they will be in the face of a disruption (e.g., another pandemic) and can better inform contract renewal discussions. An outsourced model will enable you to offload complex supplier assessments to risk management professionals so you can focus on risk remediation instead.
Regular – usually annual – assessments are essential to documenting third-party supplier controls, policies and processes, but they are static in nature. Adding dynamic, real-time third-party monitoring across the following sources will help to catch potentially adverse supplier events before they impact your business.
The challenge that many organizations face here is that it typically requires multiple tools to obtain these insights. When they do get this intelligence, it’s usually not aligned with the results of regular risk assessments – making validation a challenge. Look for solutions that unify periodic assessment results with continuous monitoring to make risk identification and mitigation faster and more complete.
Supplier Risk Monitoring Service
Gain continuous insights into potential supplier performance problems before they impact your business.
Sometimes a supplier is so critical to the success of your company that standard risk assessments won’t suffice. For these truly critical suppliers, extend your risk analysis to include a review of assessment responses and documentation against established control testing protocols to validate supplier-indicated controls. Validation can be performed by third-party experts or auditors and is recommended for suppliers whose failure is not an option.
Your suppliers rely on their own suppliers to deliver goods and services to you and other customers. And you need to respond quickly when an adverse event crops up in your extended supply chain. That’s why it’s important to identify and visualize relationships between your organization and third, fourth and Nth parties to discover dependencies and risks and avoid disruptions.
A recent study showed that 60% of companies do not actively assess supplier risks during offboarding. Risk doesn’t end when the business relationship ends; organizations must ensure that their supply chain partners follow data destruction parameters, eliminate access to their networks, and terminate financial agreements. Integrating offboarding and termination workflows with regular risk assessments ensures that vendor management teams have an end-to-end view of supplier relationships and can track risks to closure.
Your organizations can be exposed to a tremendous amount of risk as it onboards and offboards critical suppliers. Having a prescriptive process in place that automates the required tasks ensures that important risks aren’t missed, while adding confidence and repeatability to your third-party risk management program. Get started assessing your own internal processes for third-party risk management with our free maturity assessment or contact us for a strategy session.
Follow these 7 steps for more secure and efficient offboarding when third-party relationships are terminated.
10/17/2024
Third-Party Risk Management (TPRM) has advanced from being an annual checklist exercise to a critical daily...
10/07/2024
Effectively manage third-party cybersecurity incidents with a well-defined incident response plan.
09/24/2024