Avoid supply chain disasters by asking your IT supplier the following questions
09/14/2021
This guest post comes from Ian Nethercot, MCIPS supply chain director, Probrand.
If the last year has taught us anything, it’s that supply chain disasters happen. While some scenarios can be anticipated and planned for, others can be impossible to predict. To mitigate a crisis, procurement professionals can put processes in place, ensure their teams are adhering to standards and so on — but it’s meaningless unless your supplier network is also doing the same.
This is particularly important when carrying out due diligence on the IT providers supplying critical equipment, systems and data protection, which are all vital to the day-to-day running of the business. You only have to look at Kaseya’s ransomware attack to see how an incident can trickle down the supply chain. In this scenario, attackers hacked into a weak spot in the company’s cloud-based IT management solution, which was delivering software updates and security patches to some 1,500 SMEs who suddenly found themselves affected.
While cybercrime is inevitable, you can still take action to ensure your network is as strong as possible. By getting to know your IT suppliers better and asking them the right questions, you can also ensure the service they provide is robust too.
How can suppliers provide assurances about lower-tier suppliers?
The Kaseya attack highlights how one organization’s crisis could affect a broader network of companies. This is why due diligence shouldn’t just focus on first-tier suppliers, but extend further down the supply network.
When onboarding a new supplier, buying departments should have a standard questionnaire that ensures compliance with social and environmental standards, such as the UK Modern Slavery Act and The Equality Act.
But how do you know if your supply partner’s suppliers are also adhering?
It’s hugely important that procurement teams question their first-tier supplier about their ongoing strategy for managing the wider supply network. What indicators do they plan to measure performance by, and how will they communicate that on an ongoing basis? When looking at anything compliance-related, your IT supplier will also need to consider how standards and legislation differ regionally, nationally and internationally.
Failure to have these checks in place could result in legal proceedings that will inhibit operations. Not only can this have a significant commercial impact but it may endanger your reputation, as we’ve seen with the likes of Apple and Dell, and lead to a loss of customers.
Can your supplier protect you against short-term shocks?
The IT market is in a constant state of flux, making it incredibly difficult for buyers to achieve consistent value on purchases. On a “normal” day, buyers can spend hours manually sourcing and comparing products and prices, only to discover the deal is no longer available due to insufficient stock levels.
Fluctuating lead times and limited stock has escalated in the last 18 months. A combination of ongoing delays from the pandemic, the aftermath of Brexit and the unpredictable Suez Canal blockage caused one of the worst crises of the last decade. Even when stock has been transported, we’ve seen scenarios where port delays have meant goods are waiting to be unpacked and are unable to reach the customer.
This lack of availability has meant many buyers are still paying obscenely inflated prices just to equip staff working from home.
While some flexibility is needed in these strange times, there are ways procurement professionals can look to minimize disruption. This includes asking IT suppliers if they are able to hold stock in order to limit the impact of any supply chain shocks. For example, do they have their own bonded warehouse and logistics network? Would this allow you to overprovision now, and collect stock later?
Do they have contingency plans?
One key learning that buyers can take from the Covid pandemic is the need to spread risk. For example, many found that where their IT supplier relied on a single factory for a certain part or component, it didn’t leave many options when that factory closed.
To avoid a nasty shock, you should look at implementing a risk management scorecard. This will identify any suppliers that are high-risk and provide an understanding of when you would or wouldn’t be willing to rely on them. You can also use this process to ask your IT supplier to demonstrate that they have proven backup options in the supply chain. For example, could production switch to an alternative factory if necessary?
By asking these questions up front, procurement professionals should feel confident that they have done everything they can to get closer to their IT supplier, they understand their exposure to risk and they are protecting their organization from future disasters.