Often those unfamiliar with building a comprehensive Business Continuity Program will not be aware that just downloading and filling in a template from the internet to check a task box is not the appropriate solution for protecting your business. Using the 12 components for Business Continuity Planning and maturing over time through exercising and continuous improvement practices will increase the chances of recovery in times of crisis.
The 12 components of a Business Continuity Management Program framework include creating a strategy for a program that involves engaged sponsorship from executive management, and the board of directors. The early phases of the program where a Risk Assessment and Business Impact Analysis (BIA) are conducted establish a baseline of business requirements from which the other components of the program activities are built and aligned. The 12 components of Business Continuity are the foundation of any best practices and establish the framework of your program:
- Governance (Processes & Charter)
- Risk Assessments
- Business Impact Analysis
- Business Continuity Planning
- Disaster Recovery Planning (IT)
- Crisis Management with a Succession Plan
- Emergency Management-Life Safety
- Testing/Exercising Plans
- Training and Awareness
- Continuous Improvement
Building a program that protects the supply chain for a company requires all of this and more.
“Most companies know supply chain vulnerability poses a threat to their operations, yet few perform analysis or plan strategies to minimize risk to the bottom line.
Businesses can protect against disruptions by adding supply chain redundancy and strengthening your logistics operations.
- Perform a supply chain vulnerability audit.Start with your customers and the products they purchase and work back to raw materials suppliers.
- Do rigorous "what-if" analysis.Identify situations that could disrupt operations and develop contingencies to overcome these scenarios. Ask questions such as "What if we lose this supplier?" to create a strategic supply chain design that is optimally hardened against disruptions and serves as a cornerstone for a comprehensive business continuity plan.
Implement a strategic supply chain plan that mitigates the impact of disruptions. The trend toward lean inventory means many contemporary supply chains are "taut" or "brittle," and therefore vulnerable to disruptions. Reconsider inventory positioning, sourcing, and transportation options to create a more flexible supply chain.
- Compare the cost of stockpiling inventory against the risk of losing sales and customers, and creating a negative impact on bottom-line profitability. Too much inventory at the wrong location adds to bottom-line costs. Determine optimal inventory policies and levels to sustain your company.
- Make sure you have multiple transportation plans in place.Ruptured transportation means products and parts face delays in getting to customers. You can continue shipping products to customers—if you have alternative transport plans.
- Update plans regularly.Factors such as new government regulations or suppliers can cause fluctuations in your company's vulnerability levels. It's vital to put in place consistent programs for updating your supply chain's resilience by reevaluating its design and instituting a corporate culture of security.
- Create a balance between supply chain network efficiency and operations resilience.Take a holistic view of your supply chain to determine optimal network designs that ensure products are manufactured in the right location at the right time and will ship to the right customers.
- Put alternative raw materials and manufacturing sourcing plans in place.Strategic planning ensures companies have alternative parts and supply sources, along with balanced inventory levels.
- Develop mitigating strategies from the C-level.CFOs and others involved in corporate risk analysis and reporting need to take a realistic view of business risk from unimaginable real-world events, which have a very real probability of occurring.
- Design long-term strategies as well as responses to short-term disruptions. These include critical location, customer, capacity, raw materials, and crisis response analysis.
You can take steps to limit the impact of supply chain disruption, such as warehousing inventory and using multiple suppliers when possible. Purchasing specialty insurance policies, including contingent business interruption (CBI) insurance and supply chain insurance can also limit your exposure to loss. These types of insurance reimburse your business for lost profits and related costs caused by disruptions in your supply chain even if your company itself has not suffered any damage.
Keep in mind that it can take two years or more for a company to recover from a supply chain failure. Significant supply chain disruptions can reduce revenue, cut into market share, threaten production and distribution, inflate costs and ultimately affect a company’s bottom line. Whether you run a global corporation or a small business, you need the proper insurance coverage to protect against supply chain failure.
The Limits of Contingent Business Interruption (CBI) Insurance
CBI insurance can provide an important line of defense against losses caused by disruptions at the locations of your suppliers or downstream customers. This type of insurance is limited because it only provides coverage if the businesses you depend on are disrupted by physical property damage—for instance, if a supplier’s factory is damaged by fire and ceases operations. CBI does not protect for all perils; nor does it protect a business when roads are closed and employees cannot get to work or when products cannot be distributed or other suppliers are affected.
Your CBI insurer may require your business to identify specific supplier and customer locations to be covered by the policy. If you change suppliers, fail to update your policy and then a disruption occurs, you will not be covered by the policy.
Broader Supply Chain Insurance
Supply chain insurance provides far broader coverage than CBI insurance for business interruption caused by disruptions to your supply chain. In addition to covering disruptions caused by property damage to your suppliers’ or downstream customers’ businesses, supply chain insurance can cover losses caused by a wide range of events, including:
- Natural disasters.
- Industrial accidents.
- Labor issues (strikes, shortages, etc.).
- Production process problems.
- Political upheaval, war, civil strife.
- Riots or other disruptive civic action.
- Closure of roads, bridges, or other transportation infrastructure.
- Public health emergencies; e.g., pandemics requiring quarantine.
- Regulatory action.
- Financial issues; e.g., solvency, cash flow problems.
Suppliers in less politically stable nations or in places with more vulnerable infrastructure may be more prone to disruption.
Companies often have multiple tiers of suppliers, yet often only cover the first tier. As a result, more insurers are moving towards offering multi-tier coverage—where the whole supply chain is insured. Check whether your insurer offers this type of coverage.
Mitigating Supply Chain Risk
Insurance is a critical component of managing supply chain risk, but it should not be your first line of defense. Your business can also limit its exposure to supply chain risk by taking the following actions:
- Assess your supply chain and identify risks and weaknesses.
- Balance supply chain logistics (e.g., just-in-time delivery) with risk management.
- Identify backup suppliers and vendors.
- Establish contingency plans and include supply chain disruption in your business continuity plan.
By taking these steps, business owners can make informed decisions about mitigation planning, risk transfer, and levels of self-insurance. Your supply chain insurer may provide services to help you assess and limit your risks. Your insurance carrier can also be a valuable resource in helping your business identify risks and secure adequate insurance coverage.”
Cyber Security and Supply Chain Interruption
“Transportation and supply chain cybersecurity rank among the top concerns of shippers, according to a 2016 survey by Wills Towers Watson. Considering the rapid advancements in technology over the years and the shipper's growing reliance upon web-based systems, the findings may not come as a shock.
With online threats becoming increasingly present and criminal activity more brazen (ie., Yahoo's massive data breaches), shippers need to be proactive and aware of the potential dangers that exist on the web.
According to the 2017 Wombat State of The Phish Report, 76% of the study's respondents reported being the victim of a phishing attack in 2016. Phishing, which can take the form of an email, text message, or phone call, is a fraudulent attempt to obtain personal information from a victim. In many instances, the cybercriminal attempts to trick the victim into believing that a communication is coming from a reputable source. Their tactics can include using a company's logo or a similar looking email address.
Many email service providers, such as Google and Microsoft, have systems in place to help weed out potential threats. Still, some communications may still manage to bypass security controls.
Be wary if you receive requests via electronic communication that asks for personal information, such as social security numbers and account login information. If you receive a questionable email from a service provider, reach out directly to them to verify it was actually sent by them.”
With everything to consider in creating a viable Business Continuity Program which in Supply Chain recovery planning consider these 5 key principles:
- Adding Business Continuity Management (BCM) in your supply chain is a risk mitigation measure. You still need to consider supply chain failure in your own BCP and what you would do about it and how you would recover. Understand and recognize that at some point things will go wrong, however, good the adoption of Business Continuity Management practices in your supply chain.
- BCM needs to be part of the procurement strategy. The engagement with the supply chain requires a positive relationship and the usual issues of purchasing power and negotiating leverage apply with BCM. Procurement needs to make sure that the appropriate business continuity conversations have happened, if not carried out directly. Sourcing councils, for example, should ask if supplier BCPs have been evaluated.
- Focus on key suppliers first. Key suppliers are typically defined by how difficult they would be to replace should their product or service not be available to you over a time-period that would cause significant operational performance problems. These key suppliers may well be those with the largest spend but smaller niche suppliers may emerge from considering your business continuity requirements.
- It’s important to consider the whole supply chain to identify single points of failure, whether among the suppliers, subcontractors, logistic operations or warehousing, if applicable.
- Work with suppliers to develop their business continuity capability. This is particularly important when dealing with off-shore service providers and for improving communication between parties should an incident occur.
Using some of these approaches will help though hiring a skilled professional with extensive knowledge in setting up Business Continuity Programs will guarantee the best solution for mitigating risk and providing the right strategies for recovery.
Barbara Davi, MBCP, MBCI, PMP