Supply chains are facing a constant barrage of threats, from cyber events to counterfeit goods, and the ongoing impact of the global pandemic inhibiting access to the products that keep operations running.
To manage these risks, a holistic approach should be taken. At GDIT, we look at the tools, technologies, training and protocols that need to be in place to ensure our stakeholders/supplier base are best positioned to minimize, find and mitigate risk. We constantly evolve our approach to stay one step ahead, and then use those lessons learned on program to benefit our federal agency customers.
Customer zero: First consumer of SCRM approach
We think of ourselves as “customer zero,” meaning that we’re the first consumer of our own Supply Chain Risk Management (SCRM) approach. This allows us to see what works well and to drive innovation and quality enhancements for our customers.
As a result, we’ve put into place things like a rapid risk rating metric, a scorecard for assessing a monitoring for concerns, and a supply chain risk assessment (SCRA) that continuously monitors our supplier base. others.
The recent Executive Order on cybersecurity calls for new criteria to evaluate the security practices of software developers and suppliers, and for the development of new tools to demonstrate conformance with secure practices. This is the kind of constant improvement and knowledge sharing that we work to deliver every day. Our team monitors for opportunities for improvement and ensures our readiness to act on them. We have established appropriate corporate governance and recognize that, in our organization, everyone has a role to play.
Ready to respond to risk events
If a cybersecurity event occurred in which data was inappropriately accessed and becomes vulnerable a response across the organization, from technologists, compliance, legal and operations, is required. The channels to bring those subject matter experts together and the protocols for addressing issues must be in place well before an event.
We know we can’t win SCRM from behind a desk. Therefore, the engagement across teams is so critical. GDIT stood up a centralized, dedicated team to improve our SCRM effort, along with a centralized platform through which teams from across the business could raise issues and assess and address their impact.
As part of this work, my team identified more than 60 risk items – from cybersecurity to legal to compliance to operations – and heat-mapped and prioritized each item. We have plans to address the risk, and today, continually evolve both the plans and the list itself as new potential issues emerge.
Another area we monitor is supplier relationships. Supplier assessments occur every 90-days – not just at the beginning of a new period of performance. This has created an environment where risk management is top of mind and where plans exist to address risk in all its forms.
For us, the quiet noise is success. When we do our jobs well and there are no issues, we’ve won. We can take our approach to our customers and their programs, and they can trust us to perform.
Subscribe to our newsletter. Get thought leadership delivered once a month.