Chances are, by now, you have gotten one of those dreaded letters from your bank, your alma mater, your favorite magazine, or some other outlet that states their systems have been hacked and your personal information is vulnerable. The problem is bigger than you might have suspected. This week, another perceptive reader of APICS Operations Management Now directed me toward an article, this one on CSO Online. CSO reports that hackers increasingly are accessing valuable information through supply chains.
CSO cites “Securing the Supply Chain,” a report released last week by the Information Security Forum (ISF). “Supply chains are inherently insecure, and organizations create unintended information risk when sharing information with their suppliers,” says Michael de Crespigny, ISF’s chief executive officer. “There is a ‘black hole’ of undefined supply chain information risk in many organizations__they understand and manage this risk internally, but have difficulty identifying and managing this risk across their hundreds or thousands of suppliers.”
Key findings from the ISF report include the following:
- Supply chains are difficult to secure; the risk is challenging to identify, hard to quantify, and costly to address__the last of which can be disruptive to supplier relations.
- Some businesses have too many contracts to assess risk individually, leaving risk unaddressed. They need a way to identify all suppliers that pose information risk, and then prioritize which suppliers to focus on.
- When suppliers share information with their own suppliers, risk is extended further up the supply chain, creating information risk that is often unseen and unmanaged.
- Supply chain information risk management should be embedded within procurement and vendor management processes.
More information about the ISF report and the organization’s Supply Chain Information Risk Assurance Process, is available at securityforum.org. I found some very helpful information in the report’s executive summary, which is available free with website registration.
Risk: the complete picture
Information technology security is just one aspect of risk that supply chain and operations management professionals need to consider. According to the APICS Operations Management Body of Knowledge (OMBOK) Framework, there are also coordination risks__or those associated with the day-to-day management of the supply chain__and disruption risks__which are caused by natural or man-made disasters such as earthquakes, hurricanes, and terrorism.
Recognizing the increasing importance of risk management to the profession, APICS now offers dedicated education, including a risk seminar and risk management sessions at APICS 2013, and a risk management certificate. The certificate shows employers and future employers that you can lead risk management activities or participate in the development of global risk mitigation strategy. More information about APICS risk education and APICS 2013 is available at apics.org.