Supply chain management

Supply chain management (SCM) refers to the handling of the production flow of a good or service. This starts fromwith the raw components and runs all the way to the deliveringdelivery of a final product to a consumer. andIt createsincludes the creation of a network of suppliers, or links in the supply chain, that movesmove the product from raw product suppliers to organizations dealing with the users. SCM attempts to control or link the production, shipment, and distribution of a product. With a managed supply chain, an organization can cut excess costs while delivering products to a consumer faster. This can also enable tighter controls of internal inventories, internal production, distribution, sales, and the inventories of company vendors. SCM is based on the idea that every product that comes to market results from the efforts of various organizations that comprise a supply chain.

• Be connected with traditional ERP and B2B integration tools offering access to unstructured data from social media, structured data from the Internet of Things (IoT), and more traditional data sets
• Improve an organizationsorganization's awareness around cyber attackscyberattacks as the supply chain needs to be hardened against these types of intrusions whichthat can cause enterprise wideenterprise-wide concern
• As more SCM platforms adopt artificial intelligence systems, the supply chain's control tower is modernized by collating, coordinating, and conducting decisions and actions across the chain while the SCM platform can be increasingly automated and self-learning
• Modernize the supply chain's control tower by collating, coordinating, and conducting decisions and actions across the chain, while the SCM platform can be increasingly automated and self-learning—especially as more SCM platforms adopt artificial intelligence systems
• WithDevelop the ability to scale with data in real time, with increasing analytics capabilities, the ability to scale with data in real-timewhich offers better insights across an organization

The goal of supply chain management is to improve supply chain performance. With supply chain information, manufacturers can make and ship only as many products as can be sold, and reduce inefficiencies. This can in turn help both the manufacturers and retailers reduce excess inventory and decrease the overall costs of production, shipments, insurance, and storing products whichthat cannot be sold. There are six components to SCM: planning, sourcing, making, delivering, returning, and enabling.

Enterprises need to plan and manage all resources required to meet customer demand for a given product or service. This includes designing a supply chain and; determining which metrics to use in order to ensure the supply chain is efficient, effective, and delivers value to customers while meeting enterprise goals; and to ensureensuring the supply chain maintains those values.

An enterprise needs to choose suppliers to provide the goods and services necessary to create a product, and once those suppliers are under contract, a supply chain manager is expected to use a variety of processes to monitor and manage supplier relationships. Processes key to this management includesinclude ordering, receiving, managing inventory, and authorizing supplier payments.

Suppliers need a responsive and flexible network to accept defective, excess, or unwanted products. If the product is defective, it often requires reworking or has to be scrapped entirely. If the product is unwanted or excess, then it can be returned to a warehouse for sale,. allAll of whichthis can be achieved faster and with better results with SCM.

AnyA supply chain and the level of success of its management iscan be measured in a variety of ways. These metrics can help SCM focus on important activities and improve processes. While someSome metrics, often considered critical metrics, work to support regulatory compliance, safety, or contractual obligations. Further, more metrics are required to monitor and improve efficiency, improve service, and produce greater profits. Supply chains rely on these metrics, of which there are hundreds whichthat can be covered, calculated, and measuresmeasured. The ones considered important often dependsdepend on the interests of the business and the specific industry. Common metrics though include:

• The cash to cashcash-to-cash cycle time, or the number of days between paying for raw materials and getting paid for the final product

Supply chain management can affect manufacturing companies in a variety of ways, including the availability of inputs needed for production processes, costs, and profitability of manufactured items, company infrastructure, and ways in which companies interact with their suppliers and customers. Understanding the ways that supply chain management affects manufacturers from both a daily operational perspective and a strategic viewpoint is important for all managers and entrepreneurs in the industry. This can work towards ensuring that raw materials consistently arrive at a production facility on time, while. notNot having a managed supply chain, or a poorly managed onone, can result in the unreliable delivery of inputs and bring production to a halt. This can also leave a company unable to fulfill time-sensitive orders.

The extended supply chain includes all companies that contribute to a given product, including the suppliers to a supplier and the customers of a given customer. When companies encounter supply chain problems, the initial action is to ask a supplier about the situation,; but if the organization monitors the extended supply chain, it allows them to have the option of reaching back through the primary supplier to the company that supplies components to the primary supplier. This can allow a business to flexibly respond to supplier issues while offering a complete issue of a problem beyond the primary supplier.

Globalization has had an effect on supply chains. One of the major reasons companies created supply chains was to take advantage of lower wages in other countries. The costs of shipping raw materials and finished products could be easily off-setoffset with the lower wages in the other countries. However, with increased manufacturing in those countries where salary arbitrage washas been practiced, the wages have also seen an increase and reduced the advantages previously seen. As well, with improved processes and the increasing use of robotics, plants can be operated with fewer people, which has led local firms to become strong competitors in virtually every industry. The advantage of the global supply chain has been the ability to scatter patents and manufacturing sites around the globe. This allows companies to report profits in countries with low corporate taxes. However, many of these arrangements have been challenged.

Legislation and regulation both play a large role in the management of a supply chain. In the last few years, the United States and the European Union, amongstamong others, have created new reporting requirements for large companies that manufacture or handle physical products. These reporting requirements can apply, even if the company engages a third party to manage its supply chain. Complying with these regulations requires SCM systems. Some key legislations and regulations include:

• Dodd-Frank, which requires companies covered by the SEC's Exchange Act and whichthat either manufacture or have "actual influence" over a manufacturing process to report if their product contains gold, tin, tantalum, tungsten, or other "conflict minerals." Conflict minerals are considered any minerals mined in the Democratic Republic of Congo or other war zones where the profits of mining and supplying these minerals is used for continued fighting.

As blockchain technology and smart contracts have seen more widespread adoption in various industries, the technology has also made an impact on supply chain management as well. With a smart contract automating the "if this happens, then do that otherwise do something else" part of a traditional contract, the technology allows enterprises to sign a normal contract that includes a pointer to computer code encapsulated in blockchain, which both parties agree to abide by. This offers a predictable way for a contract and the parties of a contract to behave, and the computer code of smart contract does not suffer from the linguistic nuances of human languages. This allows smart contracts to reduce the amount of time and cost of contract enforcement by defining contract terms so precisely they can be enforced by computer rules. Thus eliminating the lawyers, notaries, and middlemen who facilitate the creation, storage, and administration of legal documents. It also offers a chance to have contract terms standardized and precise in order to render them in computer code, reducing error caused by human interpretation, and minimizing opportunities to sue.

In supply chain management, a bottleneck or constraint in a supply chain refers to the resource whichthat requires the most time in operation of a supply chain being unavailable for a certain level of demand. This can be caused by an increase of inventory before the insufficiency of the specific portion of the supply chain is discovered. Often, with the inconsistent fluctuations of supply chains, bottlenecks do not always occur. However, when they do occur, a bottleneck determines the overall throughput of the supply chain. If the capacity of a bottleneck in a supply chain improves, the throughput will increase. And a bottleneck will reduce the operation time of an entire supply chain, often rendering an enterprisesenterprise's chance of increasing theirits throughput to zero, especiallyzero—especially when an organization is unable to recognize the bottlenecks in theirits supply chain.

A lack of planning clarity and an inability to anticipate or uncover possible breakdowns in the supply chain can cause bottlenecks. An enterprise often needs to ensure any plan works with their respective reality and the plans of others up and down the value chain. For example, if a company is planning a production run in a job shop based on materials expected to be in a buffer stock at the same time that another team is, unbeknownst to the first team, planning to go lean and eliminate that buffer stock, the company faces a catastrophic production run whichthat can at best waste capacity, and at worst waste raw materials while inventory planners restock to necessary levels. This can be avoided by ensuring that every touchpoint has integration into such planning.

Poor technology integration can be a cause of bottlenecks, even as it is used to solve planning silos. For example, if a company has three suppliers for a raw material necessary for a production program, and some IT infrastructure is shared with one of the suppliers, offering the organization a better window ininto their supply in real time, can help an organization better plan production. Meanwhile, if similar IT infrastructure is not shared with the organization, that leaves the organization unaware of where the supplier is in regards to supplying the raw material expected, and creates uncertainty around the overall production program. Meaning organizations that do not properly integrate with their suppliers have more opportunities for bottlenecks to develop, and they find lead times for orders to increase without notice, while machines couldcan sit idle while waiting for parts, ultimately reducing overall efficiency.

Similar to the lack of technology integration often leading to planning silos, the poor integration can also create poor or low visibility, which can increase the development of bottlenecks. Without the possibility of insights gained from visibility, an enterprise may be unable to figure out what is going on with a given bottleneck. And, given the complex natures of supply chains, discovering the cause of any recurring disruptions can be as complicated as the supply chain itself. Discovering those causes can often require insight into touchpoints on a value chain, a live view of an organizationsorganization's inventory, visibility into logistics operations, and bills of materials for production, among other business or industry dependent points. And without this visibility, more bottlenecks can grow and further deteriorate profits.

Cyber attacksCyberattacks on supply chains have been a growing concern for supply chain management. This is especially as the chain reaction triggered by an attack on a single supplier can compromise a network. Especially when those attacks are intended to be part of a later attack on a final target, (often customers or consumers), and may take months to succeed, and often can go undetected for those months.

Similar to Advanced Persistence Threat (ATP) attacks, supply chain attacks are usually targeted, complex, and can be costly, with attackers planning them in advance. All of which offer a look into the degree of sophistication of the adversaries and the persistence in seeking to succeed. And this often means that an organization is still vulnerable to an attack, even when their defenses are good. Attackers often find new potential highways to infiltrate organizations by targeting suppliers. And, with the potential of impacting entire supply chains, including numerous customers and customer types, the attacks have become more common. In about 66 percent of reported attacks, the cyber attackscyberattacks focus on supplierssupplier code and third-party code. This means that, while greater integration is important to supply chain management and the increased profitability, butit also offers a new avenue for attack. This can make it increasingly important that a company verifies third-party code and software before using or integrating them into their systems.

Companies often have a minimum of two levels of suppliers. These are either Tier One or Tier Two suppliers. Large companies often do well to asses exposure risks to Tier One suppliers, but often the risks associated with Tier Two suppliers goesgo unassessed or under-assessed, leading to a front-end loaded risk review process, and increasing the chance of a cyber attackcyberattack risk. Additional factors that increase supply chain risks include:

• The growing volume and severity of cyber attackscyberattacks originate from individuals, organizations, and government agencies
• Increasing sophistication of cyber attackscyberattacks, some of which work on behalf of foreign governments
• Increasing boldness of cyber attackerscyberattackers, due to inability to identify and prosecute

While the risk of cyber attackscyberattacks on a supply chain cannot be eliminated, there are chances to mitigate them, either through the education of suppliers or by conducting stringent and frequent audits of suppliers at all levels. This can be increasingly important as companies continue to outsource internal and customer-facing processes to third-party providers. Specific steps to help mitigate risk of cyber attackscyberattacks to a supply chain can include:

• Assure that software patches from relevant software providers isare installed and maintained
• Verify that suppliers' policies regarding systems access for active and terminated employees isare addressed and reviewed frequently

Supply chain management (SCM) refers to the handling of the production flow of a good or service. This starts from the raw components to the delivering of a final product to a consumer and creates a network of suppliers, or links in the supply chain, that moves the product from raw product suppliers to organizations dealing with the users. SCM attempts to control or link the production, shipment, and distribution of a product. With a managed supply chain, an organization can cut excess costs while delivering products to a consumer faster. This can also enable tighter controls of internal inventories, internal production, distribution, sales, and the inventories of company vendors. SCM is based on the idea that every product that comes to market results from the efforts of various organizations that comprise a supply chain.

The supply chain is often the obvious face of a business for customers and consumers. The better a company can manage that supply chain, the better it can protect its business reputation and long-term stability. Effective supply chain management can help organizations:

• Be connected with traditional ERP and B2B integration tools offering access to unstructured data from social media, structured data from the Internet of Things (IoT) and more traditional data sets
• Improve collaboration with suppliers and use cloud-based networks to enable multi-enterprise collaboration and engagement
• Improve an organizations awareness around cyber attacks as the supply chain needs to be hardened against these types of intrusions which can cause enterprise wide concern
• As more SCM platforms adopt artificial intelligence systems, the supply chain's control tower is modernized by collating, coordinating, and conducting decisions and actions across the chain while the SCM platform can be increasingly automated and self-learning
• With the increasing analytics capabilities, the ability to scale with data in real-time offers better insights across an organization

The goal of supply chain management is to improve supply chain performance. With supply chain information, manufacturers can make and ship only as many products as can be sold, and reduce inefficiencies. This can in turn help both the manufacturers and retailers reduce excess inventory and decrease the overall costs of production, shipments, insurance, and storing products which cannot be sold. There are six components to SCM: planning, sourcing, making, delivering, returning, and enabling.

Enterprises need to plan and manage all resources required to meet customer demand for a given product or service. This includes designing a supply chain and determining which metrics to use in order to ensure the supply chain is efficient, effective, and delivers value to customers while meeting enterprise goals; and to ensure the supply chain maintains those values.

An enterprise needs to choose suppliers to provide the goods and services necessary to create a product, and once those suppliers are under contract, a supply chain manager is expected to use a variety of processes to monitor and manage supplier relationships. Processes key to this management includes ordering, receiving, managing inventory, and authorizing supplier payments.

Supply chain managers coordinate the activities required to accept raw materials, manufacture products, test for quality, package for shipping, and schedule for delivery. Most enterprises measure quality, production output, and worker productivity to ensure enterprises create products that meet quality standards.

Suppliers need a responsive and flexible network to accept defective, excess, or unwanted products. If the product is defective, it often requires reworking or has to be scrapped entirely. If the product is unwanted or excess, then it can be returned to a warehouse for sale, all of which can be achieved faster and with better results with SCM.

In order to operate efficiently, a supply chain requires support processes in order to monitor information throughout the supply chain and assure compliance with regulations. These enabling processes include finance, HR, IT, facilities, portfolio management, product design, sales, and quality assurance.

Any supply chain and the level of success of its management is measured in a variety of ways. These metrics can help SCM focus on important activities and improve processes. While some metrics, often considered critical metrics, work to support regulatory compliance, safety, or contractual obligations. Further, more metrics are required to monitor and improve efficiency, improve service, and produce greater profits. Supply chains rely on these metrics, of which there are hundreds which can be covered, calculated, and measures. The ones considered important often depends on the interests of the business and the specific industry. Common metrics though include:

• The percentage of orders that are error free
• The cash to cash cycle time or the number of days between paying for raw materials and getting paid for the final product
• Order cycle time
• The percentage of orders that are delivered as ordered on the first shipment

Supply chain management can affect manufacturing companies in a variety of ways, including the availability of inputs needed for production processes, costs, and profitability of manufactured items, company infrastructure, and ways in which companies interact with their suppliers and customers. Understanding the ways that supply chain management affects manufacturers from both a daily operational perspective and a strategic viewpoint is important for all managers and entrepreneurs in the industry. This can work towards ensuring that raw materials consistently arrive at a production facility on time, while not having a managed supply chain or a poorly managed on can result in the unreliable delivery of inputs and bring production to a halt. This can also leave a company unable to fulfill time-sensitive orders.

If the supply chain breaks down before inputs arrive, a manufacturer can be forced to procure materials from alternative sources on short notice, which can result in higher prices and lower profitability. Lowering the costs of distribution is also a major function of supply chain management. With cost-efficient supply chains, manufacturers can reduce overhead and direct sales costs at the same time. Manufacturers can also use routing and navigation systems and strict handling procedures to further lower supply chain costs and increase profitability.

Supply chain management has increased in importance as the supply chains of manufacturers and retailers have become more tightly linked. In many industries, the sale of a product at a retailer triggers a replenishment order to a manufacturer. In turn, if this manufacturer possesses a well-tuned, just-in-time supply chain, or a well-managed supply chain, they can be capable of automatically stocking those retail shelves as the product is sold. With increased collaboration, additional data from supply chain partners allows companies to use advanced analytics and related tools to improve results. Some of the improvements can include identifying problems before they occur, dynamically optimizing price, and improving the allocation of available inventory.

The extended supply chain includes all companies that contribute to a given product, including the suppliers to a supplier and the customers of a given customer. When companies encounter supply chain problems, the initial action is to ask a supplier about the situation, but if the organization monitors the extended supply chain, it allows them to have the option of reaching back through the primary supplier to the company that supplies components to the primary supplier. This can allow a business to flexibly respond to supplier issues while offering a complete issue of a problem beyond the primary supplier.

Globalization has had an effect on supply chains. One of the major reasons companies created supply chains was to take advantage of lower wages in other countries. The costs of shipping raw materials and finished products could be easily off-set with the lower wages in the other countries. However, with increased manufacturing in those countries where salary arbitrage was practiced, the wages have also seen an increase and reduced the advantages previously seen. As well, with improved processes and the increasing use of robotics, plants can be operated with fewer people, which has led local firms to become strong competitors in virtually every industry. The advantage of the global supply chain has been the ability to scatter patents and manufacturing sites around the globe. This allows companies to report profits in countries with low corporate taxes. However, many of these arrangements have been challenged.

Legislation and regulation both play a large role in the management of a supply chain. In the last few years, the United States and the European Union, amongst others, have created new reporting requirements for large companies that manufacture or handle physical products. These reporting requirements can apply even if the company engages a third party to manage its supply chain. Complying with these regulations requires SCM systems. Some key legislations and regulations include:

• Dodd-Frank which requires companies covered by the SEC's Exchange Act and which either manufacture or have "actual influence" over a manufacturing process to report if their product contains gold, tin, tantalum, tungsten, or other "conflict minerals." Conflict minerals are considered any minerals mined in the Democratic Republic of Congo or other war zones where the profits of mining and supplying these minerals is used for continued fighting.
• California's Safer Consumer Products Regulation is part of the state's Green Chemistry Law and covers products that contain any "Chemical of Concern." Any manufacturer, importer, assembler, and retailer must notify the Department of Toxic Substance Control of any products manufactured with these chemicals and how to limit exposure to those chemicals.
• California's Transparency in Supply Chains Act seeks to eliminate human trafficking and requires retailers and manufacturers operating in California and selling more than $100 million to have statements on their website describing what efforts the company is taking to remove slavery and human trafficking from their direct supply chain.
• The United Kingdom's Modern Slavery Act contains a Transparency in Supply Chain provision which also attempts to remove slavery from the supply chain. This provision requires any company with sales exceeding £36 million to have a description on their website of their efforts to ensure slaves are not part of their supply chain.
• The EU's Regulation on Registration Evaluation, Authorization, and Restriction of Chemical (REACH) covers any chemicals in paint, clothing, electronic products, furniture, and other products which might be dangerous. And any companies producing or selling products in the EU with restricted chemicals need to show the European Chemicals Agency that the product is safe for the consumer.
• Washington State's Children's Safe Product Act requires manufacturers of children's products to disclose if the packaging or product contains formaldehyde, benzene, or any other chemicals of concern to children.

Similar regulations have emerged or are anticipated in Denmark, China, South Africa, Malaysia, and other countries, and all of these emerging regulations are focused on keeping products safe, reducing human trafficking, or prohibiting profits from being used to continue fighting in conflict zones. Unfortunately, enforcement processes are not coordinated and data is not often shared among different governments. As well, reporting requirements change as conflict zones and conflict materials change and are added to existing lists.

As blockchain technology and smart contracts have seen more widespread adoption in various industries, the technology has also made an impact on supply chain management as well. With a smart contract automating the "if this happens then do that otherwise do something else" part of a traditional contract, the technology allows enterprises to sign a normal contract that includes a pointer to computer code encapsulated in blockchain, which both parties agree to abide by. This offers a predictable way for a contract and the parties of a contract to behave, and the computer code of smart contract does not suffer from the linguistic nuances of human languages. This allows smart contracts to reduce the amount of time and cost of contract enforcement by defining contract terms so precisely they can be enforced by computer rules. Thus eliminating the lawyers, notaries, and middlemen who facilitate the creation, storage, and administration of legal documents. It also offers a chance to have contract terms standardized and precise in order to render them in computer code, reducing error caused by human interpretation, and minimizing opportunities to sue.

In supply chain management, a bottleneck or constraint in a supply chain refers to the resource which requires the most time in operation of a supply chain being unavailable for a certain level of demand. This can be caused by an increase of inventory before the insufficiency of the specific portion of the supply chain is discovered. Often, with the inconsistent fluctuations of supply chains, bottlenecks do not always occur. However, when they do occur, a bottleneck determines the overall throughput of the supply chain. If the capacity of a bottleneck in a supply chain improves, the throughput will increase. And a bottleneck will reduce the operation time of an entire supply chain, often rendering an enterprises chance of increasing their throughput to zero, especially when an organization is unable to recognize the bottlenecks in their supply chain.

Common causes of these bottlenecks include single-sourcing of suppliers, planning silos in an organization, poor integration of technology, low visibility, and a lack of planning.

When a manufacturer encounters supply chain delays, bottlenecks, rather than one-time disruptions, are often the root cause. And the key to dealing with these bottlenecks is to understand their root cause. For example, in the midst of considerable supply chain turbulence, numerous manufacturers and others along a supply chain can realize that single-sourcing, or relying heavily on a single supplier, increases the risk of bottlenecks. Especially if that sole supplier is for a particular part or raw material and is in a country that experiences conflict or is locked down. This can slow or halt production as the part or material is no longer on hand, and requires the downstream company to find new businesses to source from. Ideally these other sources are found previous to a bottleneck occurring.

A lack of planning clarity and an inability to anticipate or uncover possible breakdowns in the supply chain can cause bottlenecks. An enterprise often needs to ensure any plan works with their respective reality and the plans of others up and down the value chain. For example, if a company is planning a production run in a job shop based on materials expected to be in a buffer stock at the same time that another team is, unbeknownst to the first team, planning to go lean and eliminate that buffer stock, the company faces a catastrophic production run which can at best waste capacity and at worst waste raw materials while inventory planners restock to necessary levels. This can be avoided by ensuring that every touchpoint has integration into such planning.

Poor technology integration can be a cause of bottlenecks even as it is used to solve planning silos. For example, if a company has three suppliers for a raw material necessary for a production program, and some IT infrastructure is shared with one of the suppliers, offering the organization a better window in their supply in real time, can help an organization better plan production. Meanwhile, if similar IT infrastructure is not shared with the organization, that leaves the organization unaware of where the supplier is in regards to supplying the raw material expected, and creates uncertainty around the overall production program. Meaning organizations that do not properly integrate with their suppliers have more opportunities for bottlenecks to develop and find lead times for orders increase without notice, while machines could sit idle while waiting for parts, ultimately reducing overall efficiency.

Similar to the lack of technology integration often leading to planning silos, the poor integration can also create poor or low visibility, which can increase the development of bottlenecks. Without the possibility of insights gained from visibility, an enterprise may be unable to figure out what is going on with a given bottleneck. And, given the complex natures of supply chains, discovering the cause of any recurring disruptions can be as complicated as the supply chain itself. Discovering those causes can often require insight into touchpoints on a value chain, a live view of an organizations inventory, visibility into logistics operations, and bills of materials for production, among other business or industry dependent points. And without this visibility, more bottlenecks can grow and further deteriorate profits.

Cyber attacks on supply chains have been a growing concern for supply chain management. This is especially as the chain reaction triggered by an attack on a single supplier can compromise a network. Especially when those attacks are intended to be part of a later attack on a final target, often customers or consumers, and may take months to succeed, and often can go undetected for those months.

Similar to Advanced Persistence Threat (ATP) attacks, supply chain attacks are usually targeted, complex, and can be costly, with attackers planning them in advance. All of which offer a look into the degree of sophistication of the adversaries and the persistence in seeking to succeed. And this often means that an organization is still vulnerable to an attack even when their defenses are good. Attackers often find new potential highways to infiltrate organizations by targeting suppliers. And, with the potential of impacting entire supply chains, including numerous customers and customer types, the attacks have become more common. In about 66 percent of reported attacks, the cyber attacks focus on suppliers code and third-party code. This means that, while greater integration is important to supply chain management and the increased profitability, but also offers a new avenue for attack. This can make it increasingly important that a company verifies third-party code and software before using or integrating them into their systems.

Companies often have a minimum of two levels of suppliers. These are either Tier One or Tier Two suppliers. Large companies often do well to asses exposure risks to Tier One suppliers, but often the risks associated with Tier Two suppliers goes unassessed or under-assessed, leading to a front-end loaded risk review process, and increasing the chance of a cyber attack risk. Additional factors that increase supply chain risks include:

• The growing volume and severity of cyber attacks originate from individuals, organizations, and government agencies
• Complacency and inability of both a purchasing company and the suppliers in monitoring and assessing real-time cyber risk
• Increasing sophistication of cyber attacks, some of which work on behalf of foreign governments
• Increasing boldness of cyber attackers due to inability to identify and prosecute
• Change in a company's level of risk tolerance

While the risk of cyber attacks on a supply chain cannot be eliminated, there are chances to mitigate them, either through the education of suppliers or conducting stringent and frequent audits of suppliers at all levels. This can be increasingly important as companies continue to outsource internal and customer-facing processes to third-party providers. Specific steps to help mitigate risk of cyber attacks to a supply chain can include:

• Know what suppliers have what data
• Know where the data is physically stored
• Know the number and identities of system administrators at a supplier and manage systems that contain data
• Encrypt data when transmitting
• Assure that software patches from relevant software providers is installed and maintained
• Verify that suppliers policies regarding systems access for active and terminated employees is addressed and reviewed frequently
• Verify supplier wireless network security procedures and monitoring capabilities
• Back up all critical data
• Assure that suppliers are maintaining all firewalls and anti-virus software to latest releases
• Review access and permissions to critical files
• Document and test disaster recovery and risk communications plans