By Continuity Insights Staff
Maintaining supply chain operations, especially across state and international borders, can be a major challenge for organizations. Part of what makes supply chain continuity such a challenge is the reliance on and management of vendors.
Vendor management across the supply chain is something most organizations have to deal with, yet not all know where to start.
“We like to start at the very beginning,” said ProcessUnity President Sean Cronin. “Do you know who your critical vendors are? Who’s helping you with your data center, who’s helping you with business continuity, who’s helping you back up your cloud? Once you start to get an inventory of these vendors, then you can start to ask what matters to you.”
Cronin said transparency is key to vendor relationships and should be a primary focus of any program. He said inspecting and testing vendors is critical.
“You don’t get what you expect from vendors, you get what you inspect,” Cronin said. “I think pushing vendors to have an open dialogue and be transparent is good. First and foremost is the transparency between the core organization and their third party.”
According to Cronin, these things should be discussed before any agreements are signed so both the organization and vendor recognize where they stand.
“Before contracts are signed, have that conversation and say ‘I’m going to want to do sampling’ or ‘I’m going to want to do an inspection, what is your readiness for them?’ I think the answer tells a lot,” Cronin said. “Do the inspection and do the digging in and when you do you are going to see if they have the proper programs, policies and procedures so they can really help ensure compliance.”
Most organizations are going to have to work with vendors in different countries and almost all will have to work with vendors across state lines. This can present legal challenges for both parties.
“Data protection laws across borders of countries are quite significant, Cronin said. “They are going to change across which countries we are talking about and which communities we’re talking about. There are tons of differences so one needs to ask if vendors are ready to support data protection laws across borders.”
Working internationally is even more challenging when vendors are located in countries that are unstable or potentially dangerous.
“Is that geographical location a challenging region to operate in? If it is, then we put them at a higher criticality as a vendor just due to exposure,” Cronin said. “After the region, we look at the country and then the actual company. Maybe they operate out of the Middle East. There are certainly places in the Middle East that are secure and protected, but we have to go through those checks and balances so we are at least getting to that point where now we can take a look at how the vendor operate within that grid.”
Cronin said documenting everything is incredibly important for both the organization and vendor.
“If you don’t have documentation it never happened,” Cronin said. “That’s true of organizations as they review their vendors as well as vendors as they submit information to their organization. Documentation and testing results helps an organization and vendor see that they are self-policing and looking out for each other.”
For building a program, Cronin said simplicity is key, especially in the early stages when things are just getting organized.
“Do not over-architect and have fifteen phases to a vendor management program,” Cronin said. “I like to start with simple cloud software that can help you get an inventory of your vendors assessed and understand where your risk is.”