Six Steps to Secure Global Supply Chains

Leveraging a risk management process to build an agile supply network and make a positive impact on the bottom line

Supply chains are the lifeblood of retailers, distributors and manufacturers, yet threats abound all over the world. With globalization making supply chains longer and more complex, the risks keep increasing.

Terrorism has been the major focus (and cost) of supply chain security since 9/11, even though those threats to supply chains are remote. There are more immediate and disruptive threats more likely to impact supply chains — for instance, Hurricane Katrina, the toy recalls, the Minneapolis bridge collapse. In fact, a recent beef recall forced a nationally known meat company out of business.

Properly securing supply chains goes beyond mitigating risk; it also makes them more flexible and efficient. A 2006 study by Stanford University, the National Association of Manufacturers and IBM found that improvements in supply chain security led to:

  • 38 percent reduction in theft, loss, or pilferage
  • 12 percent increase in reported on-time delivery
  • 14 percent reduction in excess inventory
  • 49 percent reduction in cargo delays
  • 29 percent reduction in transit times

That's why companies should change the traditional thinking of supply chain security as a necessary evil and instead think of it in terms of the bottom line. While natural and man-made disasters cannot be eliminated, companies can plan for them and mitigate the risk.

The keys to securing global supply chains are visibility to products at suppliers, in-transit and throughout the distribution network, as well as the ability to immediately take action when disruptions occur. Here are six steps companies can take to secure their global supply chains:

Step 1. Identify the Threat — A company must first understand which threats it is most susceptible to, the likelihood of these disruptions affecting the supply chain and the potential impact to its business. There certainly is no lack of threats — terrorist attacks, natural disasters, pandemics, and recalls, as well as theft, counterfeiting and organized crime, just to name a few.

A company should first consider those threats most likely to occur in its supply network and those that would have the greatest impact on its business. An oil company with major refineries along the Gulf Coast would be most concerned with hurricanes and terrorist attacks. A food company would fear product contamination. A pharmaceutical company's main concern would be counterfeiting. Theft might be the biggest problem for retailers.

In order to prioritize potential threats, a matrix should be set up that has the likelihood of occurrence along one axis and severity of impact along the other. A company should start working with those threats scoring highest on both axes and work its way down. This process likely overlaps corporate risk assessment efforts, so leverage this information to ensure supply chain and corporate goals are aligned.

Step 2. Create a Disruption Map — Once key threats are identified and prioritized, it is important to evaluate where they most likely could occur. A "disruption map" overlays these threat locations onto the global supply and distribution network to see where a company is most vulnerable, highlighting the areas of greatest impact. Threats do not typically affect supply networks evenly, so steps taken to secure the supply chain will vary based on the threat and location.

The flip side to this analysis is to identify opportunities. If a company manufactures or sells products in high demand before or after a natural disaster, a surge strategy quickly stocks high-demand items in stores and nearby distribution centers, generating additional revenue as well as great PR. Planning alternate distribution routes is critical here.

Step 3. Design Security and Recovery Plans — Mitigating risk reduces the opportunity for threats to impact the supply chain, while carefully planning responses to threats a company cannot control minimizes the impact and aids quick recovery.

To prevent threats from significantly harming a business, companies must think in terms of redundancy. When examining the disruption map, companies should look for alternate ways to source, ship and distribute products so no link in the chain becomes a chokepoint — and a major liability — during a disruption.

Creating this redundancy does not necessarily mean added cost. In many cases, multiple suppliers, carriers and distribution centers are already part of the supply chain. Plan alternatives and get agreement from all parties ahead of time to be flexible and handle surges in volume. Adding additional suppliers or carriers may also spur competition, leading to lower prices, innovation and improved service.

Disruptions can affect the supply chain no matter how well a company plans because so many things are beyond its control. Recovery plans can get networks back to normal quickly and efficiently. They should define alternate supply sources, rerouting of supply and distribution lines, and movement of people, equipment and supplies into affected areas. Where disruption events can be forecast (i.e., hurricanes or blizzards), pre-staging equipment and supplies speeds their deployment into impacted areas.

Security and recovery plans should be written out in detail and agreed upon by all parties involved, both internally and externally. If a company doesn't do this, the chances of reacting effectively in a crisis are minimal.

Step 4. Leverage Technology — Technology is critical to securing global supply chains, providing visibility to products and assets across extended networks so companies can immediately take action.

The technology making this possible is the same technology making supply chains more agile and efficient. A number of different, yet integrated technologies are discussed in the accompanying story (see sidebar), showing how they can secure and improve supply chain operations. They include network-wide visibility, asset management, transportation and global trade management, demand forecasting, quality assurance and recall, and workforce management applications. By more effectively leveraging existing technology, operations become more agile, efficient and resilient, and better able to quickly recover from disruptions.

Step 5. Test, Test, Test — Periodically testing security and recovery plans is the only way to know whether they will actually work when a real disruption occurs. Many companies hold emergency response drills that simulate disasters and test the procedures for evacuating injured and other personnel, but few simulate the impact on supply chains.

A thorough testing program simulates disruptions and defines benchmarks for recovery processes. Separate test plans should be developed for each disruption scenario. It is important to accurately simulate each disruption's impact on inventory, physical plant, people and external parties.

There are two stages to testing. First, conduct well-communicated, controlled tests to walk the organization and third parties through the process. This identifies gaps in the plan and gets everyone comfortable with reacting to each scenario. Then conduct surprise tests to see how the plan — and people — hold up under pressure. Without surprise tests, a company doesn't know how well it will react when a real event occurs.

Depending on the extent of the test, a company may want to let customers know ahead of time just in case the test results create temporary glitches in delivery. Many customers will accept this small risk if they understand it means a company will be better able to serve them during a disruption. Others will not and the test plan will need to work around them.

Step 6. Reevaluate Risks — Supply chains are never static, and neither are the threats. It's critical to reevaluate potential disruption scenarios and supply chain operations regularly to ensure security and recovery plans reflect and support operations as they and the environment change over time.

During this reevaluation, a company may want to move down the list of potential disruptions to begin addressing the next tier of threats not covered earlier. Over subsequent loops through this six-step process, a company can leverage previous work to build ever-broader coverage of potential threats, further reducing risks. This creates further supply chain efficiencies, turning these efforts into a de facto continuous improvement program.

These six steps mitigate as much as possible the risks these threats pose to a supply chain. They also make the supply chain more agile and efficient, turning security from a necessary evil to a source of greater efficiencies positively affecting the bottom line.

About the Author: Jim Le Tart is director of marketing for RedPrairie, a provider of consumer-driven E2e solutions, synchronizing people and product throughout, from the retail shelf back to manufacturing. He can be contacted at [email protected], or learn more at