What Service Providers Need to Know About Supply Chain Risk Management

Many service providers tune out talk about supply chain risk management since they think the issue only affects manufacturers and retailers. In fact, service providers are also vulnerable to vendor disruptions and should respond accordingly.

 

The Global Supply Chain Crunch

Over the past year, problems with the global supply chain have been a regular feature of the news. In March 2021, the container ship Ever Given blocked the Suez Canal for six days, obstructing a major shipping route and sending tremors through the global supply network. More recently, problems associated with the Covid-19 pandemic have caused shipping delays, port backups, and goods shortages.  

The most vivid symbol of this issue is the shipping container, usually pictured in tall stacks on a ship cooling its heels outside a port or at a container yard where it is sitting in limbo. 

These images illustrate a reality: the system for moving physical goods and commodities around the world is experiencing problems. However, they have also fueled complacency in a sector of the business world that operates at a distance from the physical world of manufacturing products and retailing them to consumers. 

 

“Not My Problem”

The companies that make up the service sector, the largest sector of the economy, have so far demonstrated a consistent attitude toward the “supply chain crunch”: “Not my problem.” 

Most service providers seem to think that because they do not buy, make, or sell large amounts of physical goods, the supply chain crunch does not concern them. However, service providers can also be impacted by disruptions in their network of third-party vendors. 

 

Significant Vulnerabilities

All service providers have third-party vendors. Some of those third-party vendors sell them physical goods (e.g., computers, vehicles, hand sanitizer) and some sell them services (e.g., technology, payroll, tax, security). To the extent that the service provider depends on the products or services provided by a third-party vendor to carry out its mission-critical activities, it inherits the vendor’s risk. 

Service companies are often more vulnerable to vendor disruption than they think. 

Once they start to investigate the matter, many service providers discover they have significant vendor vulnerabilities. 

In recent months, the computer chip shortage and rising vehicle prices, in particular, have had an impact on many service providers. 

 

Three Basic Steps

None of this is to say that the sky is falling. However, it is recommended that service providers take the following basic steps to secure their supply chains: 

  1. Identify their critical vendors. Determine which vendors they truly depend on to carry out their mission-critical operations. The business impact analysis (BIA) is helpful here since it identifies which business processes are most critically time sensitive. Focus on the goods and services needed to perform the highest-priority business processes. 
  1. Assess their critical vendors’ threats and resilience. Examine the threats facing their critical vendors (supply issues, cyberattacks, extreme weather, etc.) and their capacity to deal with them. This usually involves requesting information from the vendor about their business continuity management (BCM) program. 
  1. Implement mitigation strategies. The available strategies include, among others, requesting improvements in the vendor’s BCM program, devising workarounds, adding an alternate provider of the good or service, switching to a provider with greater resilience, and diversifying geographically. 

Following these steps can take a service provider from a position of wishful thinking about their supply chain to one of definite knowledge and true resiliency.  

 

Achieving Supply Chain Resiliency

Service providers often assume that the supply chain crunch is one problem they do not have to worry about. This is wishful thinking. To the extent they depend on goods or services from third-party vendors to carry out their mission-critical operations, service providers are potentially vulnerable to disruptions in their supply chains.  

To achieve true third-party resiliency, service providers should identify their critical vendors, assess their threats and resilience, and implement appropriate mitigation strategies.

 

Further Reading

For more information on supply chain risk management and other hot topics in BC and IT disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS: 

About
Richard Long
Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.
get-through-a-ransomware-attackdata protection