News Landing Page

APICS News

Supply Chains Present IT Risks

By APICS CEO Abe Eshkenazi CSCP, CPA, CAE | 0 | 0 | April 19, 2013

Chances are, by now, you have gotten one of those dreaded letters from your bank, your alma mater, your favorite magazine, or some other outlet that states their systems have been hacked and your personal information is vulnerable. The problem is bigger than you might have suspected. This week, another perceptive reader of APICS Operations Management Now directed me toward an article, this one on CSO Online. CSO reports that hackers increasingly are accessing valuable information through supply chains.

CSO cites “Securing the Supply Chain,” a report released last week by the Information Security Forum (ISF). “Supply chains are inherently insecure, and organizations create unintended information risk when sharing information with their suppliers,” says Michael de Crespigny, ISF’s chief executive officer. “There is a ‘black hole’ of undefined supply chain information risk in many organizations__they understand and manage this risk internally, but have difficulty identifying and managing this risk across their hundreds or thousands of suppliers.”

Key findings from the ISF report include the following:

  • Supply chains are difficult to secure; the risk is challenging to identify, hard to quantify, and costly to address__the last of which can be disruptive to supplier relations.
  • Some businesses have too many contracts to assess risk individually, leaving risk unaddressed. They need a way to identify all suppliers that pose information risk, and then prioritize which suppliers to focus on.
  • When suppliers share information with their own suppliers, risk is extended further up the supply chain, creating information risk that is often unseen and unmanaged.
  • Supply chain information risk management should be embedded within procurement and vendor management processes.

More information about the ISF report and the organization’s Supply Chain Information Risk Assurance Process, is available at securityforum.org. I found some very helpful information in the report’s executive summary, which is available free with website registration.

Risk: the complete picture

Information technology security is just one aspect of risk that supply chain and operations management professionals need to consider. According to the APICS Operations Management Body of Knowledge (OMBOK) Framework, there are also coordination risks__or those associated with the day-to-day management of the supply chain__and disruption risks__which are caused by natural or man-made disasters such as earthquakes, hurricanes, and terrorism.

Recognizing the increasing importance of risk management to the profession, APICS now offers dedicated education, including a risk seminar and risk management sessions at APICS 2013, and a risk management certificate. The certificate shows employers and future employers that you can lead risk management activities or participate in the development of global risk mitigation strategy. More information about APICS risk education and APICS 2013 is available at apics.org.

Questions for discussion

In other news

Related APICS education

  • The Origins of Complexity
    By J. Brian Atwater, CPIM, and Paul Pittman, PhD, CFPIM, CSCP, Jonah
    September/October 2012, APICS magazine

Not an APICS member? Join today.

2 Comments

  1. 1 Abdul Razzaq 23 Apr

    Dear All,


    Good Day...........


    thats fantastic job for all CSCP Team............


    B.Rgds,

    Abdul Razzaq

  2. 2 Joe Witkowski 19 Apr

    http://northcounty.fox2now.com/news/news/158141-24-million-credit-debit-cards-hacked-schnucks-markets

    Thankfully I only had to recover $250 on this but colleagues are recovering 10x that...I had to subit affadavits to recover it. Not pretty, this may irreparably damage a household brand and family business in St. Louis.  They are not saying anything about nature of the compromise, which surprises me given their community focus. I know their chief legal counsel (inhouse) wel but have not spoken ot her.  BIG BIG PROBLEM!  Thanks

Comment

  1.