In the previous blogs in this series on best practice in BC planning, I looked at identifying and mitigating the risks to your corporate environment, scenario planning and creating incident plans. The next step in your BC planning should be to consider your supply chain resilience.
In our ever more interconnected world, where we rely not only on third-party suppliers of materials and utilities, but also cloud-hosted data storage, outsourced IT help desks and many other outsourced services, our supply chains are becoming ever longer and more remotely spread. This trend brings with it many business benefits, such as access to highly trained professionals on demand. But it also leads to increasing risks of dependency on these stretched supply chains.
The BCI Supply Chain Resilience Report 2016 contains some interesting facts. 70% of respondents to their survey had experienced at least one supply chain disruption in the last 12 months. 41% of disruptions occurred at the Tier 1 level and, in spite of this, 66% of respondents did not have full visibility of their supply chains. 68% of companies affected by a disruption event suffered from loss of productivity, 37% lost revenue, 40% received customer complaints and, worst of all, 38% sustained damage to their brand reputation.
So how, you may ask, can you mitigate or reduce the threat of these supply chain risks? The first step is to make sure that you have full visibility of your entire supply chain. This will include not only your own direct suppliers, but also the key suppliers that they are themselves dependent upon. If your data is held in cloud storage in Milton Keynes, then you will be just as dependent on the local power company as your own suppliers are, unless you or they have secondary back-up somewhere else.
Once you have full visibility of your supply chain, conduct your own assessment of the impact that a business disruption event at your supplier could have on your operations along with the likelihood that such an event could occur. Ask to see your suppliers own risk register to help you with this. If they don’t have one, then take this as a big warning sign about doing business with them.
The next step is to extend the standards of your own BC planning to your supply chain. When you select a supplier, make sure that their BC planning is up to at least the same standard as your own, with recovery time KPIs that support yours, before you are prepared to purchase from them. If you are not satisfied with their level of BC planning, either don’t do business with them, insist that they raise their standards, or consider a secondary supplier that you can turn to quickly and easily to in the event that your first supplier fails you.
Finally, you should include your entire supply chain within your own incident communications network, so that you can talk to each other when you most need to. These communications channels need to be completely independent of your normal supply chain, to avoid being brought down at the same time. This means choosing a cloud-hosted communications supplier that is not reliant on the same data centres as your own day-to-day network.
Supply chain resilience is growing as an operational issue and as a business risk, but there are BC planning and management tools out there that can help you to reduce this risk.
This blog is the fourth in a series looking at different aspects of best practice in BC planning.