The Department of Defense (DoD) has been out in front of the private sector in recent years in prioritizing supply chain risk initiatives (including but not limited to the spares/service parts supply chain and the critical metals stockpile). But some of its suppliers are not necessarily placing the same level of emphasis on risk visibility and traceability as others, especially in the technology space. Which explains a recent new supply chain rule outlined in an FCW article titled “Supply Chain Rules Could Blindside Vendors.”
The piece suggests that “a newly implemented Defense Department rule aimed at protecting the IT technology supply chain could wind up cutting contractors out of the federal procurement process without their knowledge … An interim rule for the Defense Federal Acquisition Regulation Supplement published in the Federal Register on Nov. 18, 2013, states that all vendors that sell IT products or services must comply with DOD's supply-chain risk requirements.”
The article further explains that agencies and departments are placing a bigger emphasis on protecting “technology and equipment from possible spying, cyberattack and tampering by implementing supply-chain risk management systems. The effort is a response to the increase in cyber incursions and concerns about the integrity of IT and other gear that is manufactured overseas.” One expert is quoted in the article as suggesting that if the Department of Defense “determines that a company does not have adequate supply-chain protections in place, it ‘will have the same effect as a permanent debarment of the company across the entire federal government.”
It’s been our experience that supply risk controls inside many professional services and technology firms often remain lax with a general focus on such areas as supplier financial health checks and an initial (or at best annual) validation of certain criteria – the equivalent of “know your customer” in banking. Oftentimes the weakest area centers on controls tied to temporary staffing, contractor, consultant, and general service provider access to information and facilities. Many of these weak spots could be addressed by better integrations and deployments of vendor management system (VMS) tools by providers such as FieldGlass, IQNavigator, and Beeline, which track and integrate service provider information and facility access with specific programs, projects, or statements of work (SOWs).
While services procurement is only one area of supply risk within IT services, it’s often a goldmine of opportunity for those looking to reduce exposure – and drive towards DoD compliance.