Supply chain risk management (SCRM) is the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of IT products and service supply chain.

Supply chain risks may include insertions of counterfeits, unauthorized production, tampering, theft insertion of malicious software and hardware, as well as poor manufacturing and development practices in the supply chain.

These may lead to loss of sensitive information or cause unsafe situations that could compromise an organization’s mission, personnel or reputation.

The Supply Chain Risk Management Life Cycle

Risk Identification

The only way to address risk is to make sure you’re identifying it in the first place. The first phase of the risk management lifecycle is to establish a risk profile and then enact active monitoring to keep it up to date.

Risk Assessment

Understand what impact a risk event could have on your business. Be aware of those partners who have a significant impact on sales, margins or profit.

Risk Mitigation

Define both preventive action plans and reactive action plans. These are what provide the basis for addressing risk using appropriate measures to secure supply and protect brand.

Types of Supply Chain Risk Management

Cyber Risk

The possibility that your business is harmed by your suppliers’ use of technology.

Financial Risk

The possibility that suppliers will encounter a business scenario that threatens their financial health.

Reputational Risk

The possibility that a supplier will engage in activity that negatively affects your brand perception.

Natural Disaster Risk

The possibility that your supply chain is disrupted by a hurricane, earthquake or other natural hazard.

Man-Made Risk

Man-made risk is the possibility that your supply chain is disrupted by events like fires or explosions.

While there are many SCRM sources of best practices, the NIST makes many publications freely available.