APICS is the premier professional association for supply chain management.

Supply Chains Present IT Risks

by APICS CEO Abe Eshkenazi CSCP, CPA, CAE |   2013 | 0 | 0

Chances are, by now, you have gotten one of those dreaded letters from your bank, your alma mater, your favorite magazine, or some other outlet that states their systems have been hacked and your personal information is vulnerable. The problem is bigger than you might have suspected. This week, another perceptive reader of APICS Operations Management Now directed me toward an article, this one on CSO Online. CSO reports that hackers increasingly are accessing valuable information through supply chains.

CSO cites “Securing the Supply Chain,” a report released last week by the Information Security Forum (ISF). “Supply chains are inherently insecure, and organizations create unintended information risk when sharing information with their suppliers,” says Michael de Crespigny, ISF’s chief executive officer. “There is a ‘black hole’ of undefined supply chain information risk in many organizations__they understand and manage this risk internally, but have difficulty identifying and managing this risk across their hundreds or thousands of suppliers.”

Key findings from the ISF report include the following:

  • Supply chains are difficult to secure; the risk is challenging to identify, hard to quantify, and costly to address__the last of which can be disruptive to supplier relations.
  • Some businesses have too many contracts to assess risk individually, leaving risk unaddressed. They need a way to identify all suppliers that pose information risk, and then prioritize which suppliers to focus on.
  • When suppliers share information with their own suppliers, risk is extended further up the supply chain, creating information risk that is often unseen and unmanaged.
  • Supply chain information risk management should be embedded within procurement and vendor management processes.

More information about the ISF report and the organization’s Supply Chain Information Risk Assurance Process, is available at securityforum.org. I found some very helpful information in the report’s executive summary, which is available free with website registration.

Risk: the complete picture

Information technology security is just one aspect of risk that supply chain and operations management professionals need to consider. According to the APICS Operations Management Body of Knowledge (OMBOK) Framework, there are also coordination risks__or those associated with the day-to-day management of the supply chain__and disruption risks__which are caused by natural or man-made disasters such as earthquakes, hurricanes, and terrorism.

Recognizing the increasing importance of risk management to the profession, APICS now offers dedicated education, including a risk seminar and risk management sessions at APICS 2013, and a risk management certificate. The certificate shows employers and future employers that you can lead risk management activities or participate in the development of global risk mitigation strategy. More information about APICS risk education and APICS 2013 is available at apics.org.

Questions for discussion

In other news

Related APICS education

  • The Origins of Complexity
    By J. Brian Atwater, CPIM, and Paul Pittman, PhD, CFPIM, CSCP, Jonah
    September/October 2012, APICS magazine

Not an APICS member? Join today.

All comments will be published pending approval. Read the APICS Comment Policy.


  1. Joe Witkowski April 19, 2013, 04:12 PM


    Thankfully I only had to recover $250 on this but colleagues are recovering 10x that...I had to subit affadavits to recover it. Not pretty, this may irreparably damage a household brand and family business in St. Louis.  They are not saying anything about nature of the compromise, which surprises me given their community focus. I know their chief legal counsel (inhouse) wel but have not spoken ot her.  BIG BIG PROBLEM!  Thanks

  2. Abdul Razzaq April 23, 2013, 01:02 AM

    Dear All,

    Good Day...........

    thats fantastic job for all CSCP Team............


    Abdul Razzaq


  1. RadEditor - HTML WYSIWYG Editor. MS Word-like content editing experience thanks to a rich set of formatting tools, dropdowns, dialogs, system modules and built-in spell-check.
    RadEditor's components - toolbar, content area, modes and modules
    Toolbar's wrapper 
    Content area wrapper
    RadEditor's bottom area: Design, Html and Preview modes, Statistics module and resize handle.
    It contains RadEditor's Modes/views (HTML, Design and Preview), Statistics and Resizer
    Editor Mode buttonsStatistics moduleEditor resizer
    RadEditor's Modules - special tools used to provide extra information such as Tag Inspector, Real Time HTML Viewer, Tag Properties and other.