Rethinking Supply Chain Security

Focusing on the access control of your physical premises does not secure your supply chain


Prior to the attacks on September 11, 2001, many logistics and supply chain managers understood that we were, in fact, quite vulnerable. But only now are we beginning to truly recognize our own specific vulnerabilities-and the sheer volume of debilitating business disruptions that can come in tow.

The one area in particular that's been exposed is our interdependence on all parties in the supply chain network, including government agencies that deal with freight flows and infrastructure. We can now vividly see that the failure of one party in the supply network has a momentous impact on the rest.

For many progressive companies, this harsh reality acted as a wake up call, urging their logistics and supply chain teams to broaden the scope of their security efforts well beyond the physical to include the entire supply network, partners, information technology, intellectual property (process and product), and corporate risk management planning.

While many companies have become proactive in their approach to security, a vast majority have yet to react to the wake up call. Sadly, a conversation I had recently with a global carrier illustrates the significant vulnerabilities that exist in many firms today. The logistics executive spoke about the importance of business continuity to the firm and to their customers. But despite this recognition, he went on to say that there were no documented plans for emergency response or business continuity-instead they depend on "institutional wisdom" to guide the firm.

After our brief discussion about the new risks, he told me that he was surprised they hadn't created a focused initiative to standardize their business resilience systems. Is this the case with your organization? If so, it's time to broaden your security thinking well beyond the physical.

Traditionally, security thinking has focused on physical site protection, personnel checks, and incident investigations, with a primary concern on physical asset protection cost containment. Today, security in the most progressive companies is viewed as a central element in delivering value and can be used to create competitive advantage. I'll discuss the actions these companies have taken later in this section.

A central element to installing progressive security initiatives demands that you view the entire supply network as the full scope of concern. It's becoming trite to say that "you're only as strong as your weakest link," however, there isn't a more accurate statement in the supply chain security discussion.

When Pan Am Flight 103 went down over Lockerbie, Scotland, in 1998, it plainly exposed what can happen when there's a weak link in the supply network. Pan Am's security system and processes, in fact, did not fail in permitting the bomb onto their aircraft. It was Malta Airlines' security system that failed and permitted the bag carrying the bomb into the baggage handling system. Pan Am had depended on this extended network to fully screen for safe baggage.

Successfully securing the entire network-finding the weakest links-entails vetting upstream suppliers and downstream customers for their supply network security processes. This ought to be an ongoing process where upstream and downstream parties are planning and coordinating for secure movements and resilient systems.

This content continues onto the next page...