How to Manage Supply Chain Risk

The adage “cargo at rest is cargo at risk” is just the beginning

Thanks to the advantages organizations have found in using strategies such as globalization, outsourcing, supply-base rationalization, supplier consolidation and lean inventories, risk management for external supply chain partners is vital for organizations that rely on those methods for successful extended operations. While these strategies can offer numerous benefits in efficiency and effectiveness, they also tend to make supply chains more risk prone and can increase the possibility of a disruption.

Thus, the third critical implementation component is to know, as thoroughly and completely as possible, who you are actually doing business with. Modern-day Federal government supply chain risk mitigation programs, such as the U.S. Customs Trade Partnership Against Terrorism (C-TPAT) and the Transportation Security Administration’s Certified Cargo Screening Program (CCSP) emphasize the need to fully understand and appreciate ALL the components of your supply chain — from supplier, to transporter, to those that might store your goods, to those that might ultimately sell them.

This leads to the fourth critical component, a hallmark of the Federal programs just mentioned, and that is to document how your risk assessments are conducted. In other words, the building of a system to audit the various facets of your supply chain program. Audits validate the initiatives that you are striving to achieve and ultimately add credibility to your program — particularly in the eyes of government-related regulatory agencies.

Once audits are completed a documented method of “follow-up” needs to be in place to ensure that the findings and recommendations are both shared among all interested parties and enacted as required. Much like in any quality assurance or quality control program, modern-day risk mitigation initiatives require the same type of management and process/document control to remain both valid and effective.


Build Relationships

Intelligence sharing is another attribute that cannot be overlooked. For obvious reasons, you are not alone in developing this type of risk mitigation program for a company — many have in the past and will in the future. Organizations such as the American Society of Industrial Security (ASIS), the Transported Asset Protection Association (TAPA), the Overseas Security Advisory Council (OSAC) and several others are there to help you add value to your program design without having to “re-invent the wheel.”

Supply chain risk management must always be viewed as an evolving process. Thanks in part to threats like Organized Retail Crime (ORC), the challenges faced by organizations and their supply chains today are constantly changing; therefore, risk mitigation needs to be treated as a dynamic discipline.

For example, within the pharmaceutical industry, where I currently reside, we view risk mitigation in essentially five (circular) steps: the conducting of risk assessments; the assessing and quantifying of all credible threats; the development and implementation of responses to those threats; monitoring the results of those efforts, refining our strategies and then — the most important part of all — conducting the same process all over again, perpetually.

From prior experience in both law enforcement and the military, I have learned that those who desire to disrupt your supply chain are not static entities. When one method of disruption won’t work, these nefarious individuals or groups will quickly move to another. We, as stewards of our respective supply chains, must always be prepared to defend against such efforts. And if those efforts are predictable — which they should be with a credible, validated, risk management program — then it only stands to reason that it can be preventable.


Charles Forsaith is Director of Supply Chain Security for Purdue Pharma Technologies Inc. He is also the Chairman of the Pharmaceutical Cargo Security Coalition (PCSC). He joined Purdue Pharma in 2001, after 21 years of service as both a New Hampshire municipal and State Police officer. Forsaith also directed security operations for a United States military installation.