Securing the Supply Chain

William Tenney, Group Manager of Global Security for Target Corp., has helped to develop a maturity model to craft a risk management strategy

The phrase “supply chain” calls to mind a simple chain or line of cargo carriers, going from one point to another. Supply chain security could then be pictured or envisioned as putting the correct security measures in place at various points on that chain, starting with the suppliers and ending with the customers who receive the product.

The correct picture would actually be more like a three-dimensional spider web, where each point in the web had its own 3-D web. After all, your suppliers can have suppliers. Your customers can have customers. Some of your customers can be suppliers, and some of your suppliers can also be customers.

It quickly goes beyond what can be easily envisioned. This raises the question: How can you secure something that you can hardly get your wits around?

Supply Chain Management
Given the size and complexity of a major supply chain, it should be no surprise that supply chain management is not a small subject. As of June 1, there were more than 49 million Google results for the term supply chain, a term which came into use relatively recently (in the 1980s).

The following definition is from Wikipedia:
A supply chain is the system of organizations, people, technology, activities, information and resources involved in moving a product or service from supplier to customer.
Such a definition, while seeming somewhat obvious, is still valuable because it helps to categorize the elements involved. These are all elements that have to be managed. From the management perspective, the above definition leads us to organizational management, HR, IT, operations and logistics — all corporate functions that manage particular aspects of the supply chain. A good perspective on the scope of supply chain management is provided by a short video on the home page of the Supply Chain Management Institute, at

Competing vs. Common Interests
The Wikipedia supply chain article explains, “Many of the exchanges encountered in the supply chain will therefore be between different companies that will seek to maximize their revenue within their sphere of interest, but may have little or no knowledge or interest in the remaining players in the supply chain.”
This is the problem that Supply Chain Management (SCM) seeks to address. The basic idea behind SCM is to have companies and corporations involve themselves in a supply chain by exchanging information (for example, relating to market fluctuations and production capabilities) for their mutual benefit. Instead of companies operating blindly and independently with regard to the other companies involved in the supply chain, the idea is to optimize the entire supply chain rather than to sub-optimize parts of it based on local interests.

Supply Chain Risk
Companies are highly dependent on their supply chains. According to the Global Supply Chain Council, studies show that one-third of companies that experience disruption of supply suffer loss of business, lower stock returns and damage to its brand. Procurement and sourcing executives are on the front line in the struggle to identify the specific supply-chain risks their companies face and to plan mitigation strategies.
Supply chains have a very high level of operational risk (see the sidebar, Operational Risk and Security Risk, page 22). Security risk is a part of that risk picture; thus, Supply Chain Risk Management is the context within which supply chain security is implemented.

Supply Chain Risk Management is now viewed as a critical discipline due to the business need for global sourcing strategies, increasingly complex contract manufacturing relationships, and the greater number of natural and political events that can disrupt the supply chain. Additionally, the U.S. Customs and Border Protection’s Customs-Trade Partnership Against Terrorism (C-TPAT) initiative raised the need for establishing a high degree of manageability in addressing supply chain risk.

As a result, Supply Chain Risk Management has become an increasingly important part of the operations of many manufacturers and retailers.
This is why William Tenney, Group Manager of Global Security at Target Corp., and James B. Rice, director of the MIT Integrated Supply Chain Management Program, put their heads together to develop a roadmap for implementing a sustainable supply chain risk management program. The objective was to develop a model that focuses on protecting — which means actually maintaining — the company’s economic viability.
Building on the work done by a few pioneering firms, such as Intel, Target, IBM, UPS, Nike, Maersk and APL, plus the work done at Target and the MIT Center for Transportation and Logistics, Tenney and Rice developed a risk management maturity model for supply chains that serves as such a roadmap. While it is a valuable tool for establishing C-TPAT compliance, it also applies to the full spectrum of Supply Chain Risk Management.

This content continues onto the next page...