Supplier Risk Management Strategy Explained

Narrator: Pandemics, geopolitical unrest, natural disasters, data breaches, and more have increasingly threatened global supply chains in recent years. Narrator: Supplier risk management, or SRM, is the practice of identifying, analyzing, and addressing risks, failures, and disruptions that can affect your suppliers in order to protect your organization’s ability to deliver products and services. Narrator: In this video, You’ll learn the nine key steps to implementing a successful SRM program. Narrator: Step one, form a cross departmental SRM team. Narrator: Participants can include representatives from procurement and sourcing, risk management, security and IT, legal and compliance and data privacy teams. Narrator: Product management and manufacturing should also be engaged in order to understand the potential risks across the value chain. Narrator: Step two, select a risk management framework. Narrator: Give your SRM program a foundation of best practices by selecting a riskmanagement framework to base your assessments on. Narrator: Depending on the industry, many organizations align to either NIST or ISO frameworks and follow the appropriate guidelines. Narrator: Step three, account for risk in supplier selection processes. Narrator: When evaluating new suppliers, be sure that your RFP, RFI, and other RFX processes include Information gathering on business, financial and reputational risk from various sources, including business news, adverse media coverage, data breach lists, financial records, sanctions lists, global enforcement lists, and court filings, state-owned enterprise lists, and politically exposed persons lists. Narrator: Risk profiling services can help to automate this process when selecting new suppliers. ers. Narrator: Having a sound contract life cycle management process in place can help to establish and enforce supplier risk measures. Narrator: Step four, centralized visibility over supplier profiles. Narrator: As you onboard suppliers, build a centralized database that includes comprehensive supplier profiles and role-based access to company contacts, demographics, forthparty connections, and risk intelligence. Narrator: Step five, categorize t your suppliers based on their inherent risk, which is a supplier’s risk before accounting for any specific controls required by your organization. Narrator: Inherent risk scoring can combine inputs from internal questionnaires and external risk data gathered during the sourcing phase to determine the likelihood of an occurrence and its impact on your organization. Narrator: The outcome will be a prioritized list of suppliers and risks to further investigate. Narrator: Step six, conduct period risk assessments to ensure compliance. Narrator: Once your suppliers are profiled, categorized, and tiered, you can easily determine the frequency and scope of future risk assessments for each category of supplier. Narrator: For instance, you may choose to conduct regular assessments of critical suppliers to gain updated information about internal security controls, business continuity, and disaster recovery plans. Narrator: Step seven, continuously monitor for new supplier risks. Narrator: New supplier risks are constantly emerging, so it’s important to continuously monitor your critical suppliers for new business, financial, reputational, and cyber risks. Narrator: Intelligence gathered can be used to adjust supplier risk scores and trigger responses such as sourcing new suppliers, altering shipping routes, or requiring further assessments. Narrator: Step eight, ensure adherence to SLA and performance requirements. Narrator: Customer Optimize your assessment and monitoring to evaluate supplier performance against SLAs’s and other contract requirements. Narrator: Establish key performance indicators and assign thresholds and owners for each KPI. Narrator: An automated platform can trigger alerts when KPIs are missed or when key risk indicators are exceeded. Narrator: Step nine, protect against risks when supplier contracts end. Narrator: Security risks can be heightened after a contract ends as Offboarding is often overlooked in supplier risk management. Narrator: When terminating supplier relationships, it’s critical to conduct offboarding assessments to confirm that contract terms are met, deliveries are made, access is revoked, assets are returned, and sensitive data is destroyed. Narrator: Implementing these supplier risk management best practices will help protect your organization’s supply chain and enable you to maintain continuity in the event of an incident. Narrator: Request a demo to see if prevalent solutions and services may be a fit for your organization and visit our website for more SRM resources.