Organizations are actively implementing strategies to ensure business continuity during this pandemic. However, these businesses are experiencing supply chain issues because suppliers are facing fulfillment challenges during these unprecedented times. Many of the supplies necessary to conduct critical operations across the nation are manufactured in areas that are considered COVID-19 hot spots, both overseas and here in the United States. Facilities have been shut down and manufacturers’ employees have the personally affected by illness or quarantine restrictions. There are important steps to consider when analyzing your supply chain and the dependency your organization has on third-party providers.
- Understand your organization’s role in the supply chain and identify the upstream and downstream supply channels that are outside of the organization’s operations, but are critical to the products and services your organization provides to customers.
- Identify the organization’s suppliers or third parties that support your organizations critical operations across all business areas.
- Implement a strong, third-party risk management program that includes due diligence, assessment of risks, and monitoring. Understanding existing and new third-party relationships and the risks they pose will affect your company’s decisions.
- Due diligence should include an assessment of your providers’ continuity plans. Validating that your vendors have plans for continuing to deliver in a variety of scenarios is important to ensuring your ability to continue service to your customers.
- Work with your critical suppliers or third parties to identify their critical suppliers or third-parties. This is also known as fourth-party suppliers or subcontractors. These fourth parties also become part of the organization’s critical supply chain and should be included in your third-party risk management program.
- Identify and assess gaps from the above steps and develop a plan to mitigate them. Do suppliers present single point of failure risks which require you to identify additional suppliers? Do those additional suppliers rely on the same subcontractors? Are the risks great enough to prevent you from selecting that supplier?
In addition to having a sound third-party risk management program, providers must ultimately be included in your Business Continuity planning as well. Analyzing the dependency and risks of your supply chain in continuing critical operations during a business interruption can help you avoid financial, reputational, operational, legal, and regulatory impacts to the organization.