Whether the merits of the rating criteria end up proving to be fair indicators of risk (or not), I find the concept that this article presents of rating suppliers based on supply chain practices to be fascinating indeed. According to the story, "the government could rate software manufacturers according to their supply chain practices when considering which applications to buy." Yet "the intention behind the ratings isn't to create a blacklist of vendors deemed too risky for federal acquisition, but to identity supply sources that require additional diligence steps." One of the specific criteria in the Fed's rating structure in this case would be the location of actual software development/R&D activity. If you're out of the US, you're out of luck, at least in terms of getting a top rating.
Regardless of actual ranking criteria in a particular case, the concept of incorporating supply chain risk (either in the public or private sector domain) into a broader rating that will help drive and set sourcing and supplier development strategies is an idea whose time has come -- and should stay. But I'd go further than simply creating such a program and rating structure; I'd make it an integral part the supplier selection and eventual negotiation process. For example, suppliers that score too far outside an accepted deviation will automatically be disqualified from bidding (even if their past delivery performance was acceptable). But before formal disqualification, they would be given a chance to change practices (e.g., R&D center location in the above case) if a prior relationship existed.
I personally believe that instituting a supply risk ranking system that becomes an integral part of supplier selection, sourcing strategy and collaborative negotiation (e.g., letting suppliers submit alternative options that could impact their risk rating, based on previously communicated criteria) is an idea whose time has come. Yet the challenge in such a model is that supply risk management and supplier performance management today remains largely, except in exceptional cases, un-integrated with spend analysis, sourcing, contract management and requisitioned purchasing solutions. Perhaps we should pause and think about the dangers in prioritizing routine process and workflow over general information access and risk/supplier visibility when it comes to introducing criteria that should matter as much as any other when it comes to making the best total cost decisions.