Your company also faces a variety of risks, both internal and external, that have a potential impact on its supply chain assurance. The ability to manage them often is interconnected, so understanding this potential interconnectedness is a key factor in assessing vendor business continuity capabilities.
Internal and external vulnerability drivers can materialize in a variety of ways. Making vertical, horizontal and diagonal connections between drivers can provide a conceptual understanding and potentially reduce unexpected outcomes as you identify how risk is uniquely embedded in your company's supply chain.
Risk can be context sensitive, as risk elements interact in different ways, depending on the situation. Understanding the potential interaction of risk factors facilitates the ability to measure business continuity capabilities and plan for offsets that can be implemented should a disruptive event occur.
As depicted in Figure 2, Typical Procurement Process, the integration of recommended business continuity metrics in the procurement process should be related to the key elements of the procurement process. Incorporating the recommended business continuity capability assessment at each phase of the procurement process can help identify vulnerabilities, develop consequence management strategies, plans and implement mitigation strategies.
Upon conclusion of assessment at each phase of the procurement process you can evaluate vendor business continuity capabilities allowing a go/no go decision based on measurable criteria. Prior to proceeding to the next stage in the procurement process, the vendor will have been vetted, and the next stage evaluation can allow you to continue to refine the vetting requirements and gather more detail on vendor continuity capabilities. Having an in-depth understanding of vendor capabilities at each phase of the procurement process can allow critical decision-making at earlier stages of procurement, thus enhancing communications between a company and its vendors regarding business continuity issues.
Embedding into the procurement process specific business continuity objectives, guidelines and assessment metrics can enhance decision-making, communications (vertical/horizontal) and resource management. In addition to the vendor continuity questionnaire, a company can develop worksheets that can be incorporated into each phase of the procurement process to further facilitate the assessment of vendor business continuity capabilities.
The benefit of having vendor continuity capabilities catalogued and indexed is threefold: First, the company can begin to assess and quantify the risk impact of an event. Second, a determination of how long the risk exposure will last before the event is mitigated and/or the exposure is rectified. Third, a determination of potential recovery costs in terms of emergency actions can be estimated.
It is also recommended that a company and its vendors negotiate periodic assessments of sub-tier vendors (vendor's suppliers) to further assure business continuity capabilities. This can be accomplished through contractual requirements executed at the initial stages of vendor engagement.
Procurement Incident Management Considerations
The second part of the procurement process relating to vendor continuity should address incident management considerations. A vendor can complete the vetting process and still experience a disruption that could affect a company's ability to meet customer requirements (i.e., Philips, Ericcson and Nokia). Having an incident management system as a component of the procurement process can allow a company to respond, recover and restore supply chain operations with less potential for massive disruption. Incident management can range from the assessment and classification of a vendor incident to implementation of response actions, such as sending personnel to vendor facilities to assist in incident mitigation processes.