BuyTrain News

January 2012

  ISM News
Personal Development
Mailing list subscription form 

Personal Safety Thought:

We place a lot of attention at our company identifying job-site hazards and discussing safety precautions with our contractors before they start work. We don't take known hazards for granted and we want to give contractors every chance to be safely successful. Try this same approach with a young person who wants to use a power tool,  riding lawnmower, or car for the first time. Answer the "can I use...?" question with something like this; "When you understand the hazards involved and can explain the safety precautions to take."  Don't be too quick to volunteer the answer. This is an internet generation. Unlike our generation, young people have plenty of access to online information about product hazards and tool safety. I know at least one parent who would expand this idea  into complete lesson, "Bring me a comprehensive PowerPoint presentation showing examples of the risks and proper safety precaution." I know, I would have been a safer child.



 Supply Chain Security

Great article December 2011, Inside Supply Management

This article discusses some of the issues and concerns businesses face relative to cyber security. It's well worth the read. Pay particular attention to the inserted text box talking about defensive strategies.

The supply chain accounts for a large percentage of operating budget and business continuity risk. Sensitive information, and weak spots in the supply chain may not be obvious to many employees and even to some senior managers.  In addition to our own employees, businesses in our supply chain, and their personnel, may also have access to information which could be sensitive. IT departments can only do so much to provide system and hardware protection. It's up to the people using the systems to know which data needs to be protected and it is up to supply chain management to make sure they understand.

Supply Management often gets asked to discuss or explain the risks in our supply chains. Those briefings traditionally focus on single source suppliers and long-lead-time materials. Natural disasters in the past few years have inspired us to expand out thinking of supply risks in terms of catastrophic loss. This article on cyber security, and a Business Week article referenced below, highlights yet another very real threat to the supply chain - data loss. Whether it's data about a bid evaluation, planned strategic acquisition, or intellectual property;  data and information store on our computers can be sensitive and critical to continued cost-effective operation of our business.

It's not just data stored on our computers or locked in engineering files. As supply chain managers, we also understand that company information is transmitted thousands of miles and through many different hands both up and down the length of our supply chains. A good friend once described a very real concern her company had about sending a proprietary drawing to a new supplier in a foreign country. Today, drawings and specifications are often transmitted electronically. Accordingly, not only must we be concerned about mishandling of the drawing at a supplier's facility, we need to additionally be concerned about security and data loss in cyberspace.  And this concern should extend to the supplier's computer systems as well as our own.

 Data, drawings, business plans, financial information, key personnel lists and email addresses are carried around on laptops, iPhones and stored on computers that belong to our employees, and to employees of our suppliers, business partners, former employees and even in some cases our supplier's suppliers. The concern includes proprietary design information, electronic invoices,  product performance data, manufacturing plans, projected shipping schedules, new sources, new materials and new methods.

If the IT department thinks the best way to protect data is to lock it behind a password and make sure only authorized personnel have access – then they have buried their heads in the sand. Of course, someone could deliberately hack into the database and steal the information. But as we all know, a lot of sensitive information is transmitted in an out of the Supply Chain organization as part of normal business processes.

O.K. - do we agree the problem is huge?  So what can we do? I think we can take several steps to be proactive.

1- Convene a discussion of Supply Chain risks with staff and senior management.  This could be an interesting educational exercise. Ask each staff members to do some research about problems that similar businesses have had with respect to cyber security and supply chain information. Then get the staff together to share findings and talk about potential risks.

2- Have regular discussion with the IT department about data security and risk of loss. Expand the discussion to include risks of loss throughout the supply chain and include all types of sensitive data. Talk about what can realistically be done to ensure key suppliers are as safe as you are.

3- Educate senior management, company employees and suppliers about the kinds of supply chain data or information which is critical or sensitive. [ In my opinion, we don't do a very good job of explaining supply chain business to the rest of the company. The more people know about why we are concerned about protecting bid information, the more they can help.]

Educating the organization about how the supply chain operates, negotiation objectives and market conditions has to start with Supply Chain Management. Sure we can write a procedure that says “bid information must remain confidential”, but what the heck is “bid information” and how broad is that definition? People need to be told why we consider the information sensitive and about the potential impact to operations and cost should the wrong information be disclosed. A person who inadvertently obtains sensitive information needs to know enough to realize the information is sensitive in the first place.

More than just a supplier and a carrier, supply chains now involve, importers, forwarded, export representatives, translators, regulators and more. Each additional touch point is a increased potential for information loss and damaging leaks and thus an opportunity for education.

4- Add Intellectual property, and data protection language to all contracts. Ensure all suppliers understand expectations about data security. Here is a sample to think about - get a lawyer to help make it bulletproof.

All data, information, drawings, plans, practices, etc.  furnished by buyer or obtained by contractor during performance of this contract which are owned by or considered sensitive by the buyer shall be held strictly confidential. This information shall be provided to contractor employees on a need-to-know basis for performance of this contract and shall not be disclosed to a 3rd party without specific written approval of the buyer. Upon conclusion this contract all sensitive data shall be returned and/or deleted form all contractor controlled data storage locations.

5. Don't wait until the cows leave to close the barn door -educate key executives about sensitive information and risks of loss. Have similar discussion with each of your supplier' key executives. Don't assume understanding and good judgment comes with the title. I’d suggest a short letter to managers signed by your CEO (and ghost written by Supply Management).

Dear executive, as a key person in our supply chain we want you to be aware of our desire to safeguard information systems, processes, data and records that we consider to be sensitive and critical to our success. We are depending on you to exercise sound judgment and help us protect this information from disclosure, release or theft (either physically or electronically). Please participate in a short teleconference with our CPO on January 1 to review  data protection concerns and plans. Contact me if you have any concerns or reasons to question the integrity of the data you receive, etc.

Unfortunately, even a proactive process and tight contract language can't always help. Take a look at this Business Week magazine article.  In this case, even a company's own bank, claimed cybercrime losses were the fault of the business.

Banks to Small Business: Online Theft? Tough Luck -

BusinessWeek www.businessweek.com  Banks are holding companies responsible when their accounts are raided by cyber crooks

Still not convinced we need to get involved? Here are some more examples supply chain risk and exposure:

  1.  Hackers have a specific type of computer system attack, called a denial of service attack. That is, they cripple a company web site, by overloading it with information - thus the company and its customer lose service until the hacker attack can be broken. What is a competitor decided to play dirty and launched a cyber attack on your supply chain. How hard would it be to disrupt production of a critical supplier?
  2. We can secure of credit card information internally with encryption and passwords. But if a key supplier, keeps our credit card information in an open spreadsheet, we are vulnerable. 
  3. We can perform a business analysis showing that even a 1-week disruption in deliveries could be devastating. What would happen if someone altered export/import paperwork so it was rejected in customs?
  4. What if a primary transportation provider releases information during a trade show that their services will be dropped year because the "secret" new product will require regulated shipping.
  5. Could raw materials costs jump if a key raw material supplier announces to its shareholders that a new exotic raw material will replace their product the following year?
  6. What if, a draftsman in a design firm hired by one of your suppliers, loses his iPad with your design data and doesn’t report the loss.
  7. Would you be concerned if, an engineer informally shares unmarked copies of new tooling designs with several potential suppliers (who might also supply your competitors)?
  8. Could emails discussing plant closing or relocation show up in a Facebook posting?
  9. Would it be a concern if names and home addresses of your accounts payable department or senior executives are made public
  10. Could a foreign competitor sends bogus emails to key suppliers changing production schedules or authorizing material substitutions.
  11. Would your bank cover the loss if electronic invoices from a suppliers are altered to change the remit-to bank account.
  12. Even easier - could a hacker just forge a few bogus emails cancelling an important shipment or changing a specification?

Bottom line. Proactive supply chain management is a big task. Articles like the two referenced above, are relevant to our profession.

A Glossary of Terms Used in the Federal Budget Process

Cool resource for aspiring government contract officers. Secret information that heretofore only accounting geeks understood about the Federal budget process. Enjoy!

I was particularly interested to read about a financial balancing tool used by congress and the president. “rescission legislation” That is, congress or the president can decide to rescind funds that were previously obligated to an agency. For example, congress could claim the moral high ground by obligating $5M in fy12 to the “Save the Gryllidae” foundation. Then 6 months later pass another bill retracting $4.8M of the funds. Of course the public never hears about the rescission.

Read about this case http://www.gao.gov/decisions/appro/322162.htm  where congress retracted $15M of funds that had been obligated in previous years, by including an obscure section in the FY12 defense appropriations act.

Think about how much it would help your household budget if you could surprise your kids by rescinding college tuition while they are on Spring break.

Personal Development

Professionals develop their own professional development programs! No one would want to use a doctor or a tax attorney who hasn't kept up with the latest advancements. If you doctor said " I don't keep up with current medicines because my manager won't pay for it," would you stop using that doctor?  Is our profession any different? Are we prima donnas who only learn what our managers require and pay for? Are we willing to let someone else will take responsibility for our professional development.  Read more....  Here is sample strategy .

My Resume... Note to Self

I recently helped a friend with a resume. She had done a good job of outlining her skills and experience. My primary contribution was to point out that she had missed a big opportunity to spin up her experience into a topic that would interest a hiring manager.  It helped that I was looking at the resume with a fresh perspective. Having a 3rd party review a resume is absolutely a good idea for many reasons. It also helps to ask the question, "Based on this resume, why should a hiring manager prefer this candidate over someone else?

When I asked that question, my friend replied, "Because my experience doing xyz is directly applicable to this important aspect of the job.." Her answer then lead to a new bullet in the resume highlighting the applicability of that "unique experience". We also added a catch phrase to her cover letter which would give hiring managers a reason to look at the resume.

example:   A buyer working in a manufacturing company that has multiple waste streams and surplus material disposal problems - might not think about a construction company having similar waste disposal issues. Thus a resume submitted for a construction-buying job, could be made much more attractive to a hiring manager by highlighting direct experience in waste disposal - even if you have no direct experience in construction.

Seeking to motivate a young person in a career direction? Here is a Catchy Career advertisement and web site

ISM News

ISM web site

The ISM web site is a huge resource of Supply Management information. In addition to al of the publication, there are many tools and resources reserved for ISM members only. Take a look at this list of 10 things every ISM member should know about the ISM web site.


You might have seen the email copied below from ISM advertising one of the upcoming conference programs.  FYI: I had the opportunity to meet and chat with Dr Rendon at a previous conference. He is an Associate Professor at the U.S. Naval Postgraduate School and is a very informative speaker. His program should be very informative.

Participation in an ISM conference is high on my list of recommendations for people to do at least once. These conferences of over 2000 Supply Chain Professionals from around the world are a great way to get a perspective on our the increasing scope of our profession.

Just to give you a flavor of what you can take away – here are my notes from a previous ISM conference. http://www.mltweb.com/tools/articles/92nd_conference.pdf

Hot Topics in Public Sector Supply Management"
to be offered at the 2012 ISM Conference

Rene Rendon, CPSM, CPSD, C.P.M., will present a session on "hot topics" in federal and Department of Defense contracting during the 97th Annual ISM International Supply Management Conference and Educational Exhibition in Baltimore, Maryland. This workshop will be sponsored by the ISM Federal Acquisition and Subcontract Management Group.

The public sector continues to increase its focus on the procurement process, with an emphasis on ensuring integrity, accountability and transparency in supply management. The purpose of Dr. Rendon's session is to discuss today's "hot topics" in public sector supply management in areas that include recent White House guidance, new federal government programs, and Department of Defense "better buying power" policies. Recent initiatives concerning "should cost" analysis, new policies regarding contract types, new rules for competition, and an increased emphasis on service contracts will be presented.

Supply management professionals who work for companies that have subcontracts or prime contracts with public sector agencies should plan to attend this session, to become knowledgeable of the new policies and regulations concerning public sector supply management. We hope you will attend this timely and informative workshop, and that you will invite your colleagues to join you.

The 97th Annual ISM International Supply Management Conference and Educational Exhibition will take place May 6-9, 2012. Early bird registration, which will save you more than $350, will end on December 31, 2011. For more information and/or to register, please go to
this link.

ISM Media Room Channel on YouTube

Software Tips

Using Outlook Tasks

I was asked about using Outlook tasks to keep track of actions associated with a project. I use Outlook to keep track of tasks, todo items and remind me about upcoming deadlines or deliverables.

If you don’t already use Outlook tasks – I highly recommend you spend a few minutes getting acquainted and start using tasks. NOTE: I included a link to a short Microsoft demo – it’s well worth watching.  Read More....



Economic Topic in January?

Preparing for our January Economic Panel Discussion, I spent a few minutes browsing the Washington State Employment Securities web site. Here are a few items I found interesting about our local area.

Washington Employment security web site

County Profiles – detailed description – are they accurate?  Benton County Profile

Wine industry certainly has increased its importance to the county in the past few years. Why is tourism not listed as a major industry?

Franklin Country Profile

State unemployment map

Make one wonder what is going on in Whitman County to keep unemployment so low. Maybe everyone retired?

Employment projections

Long term projections for Benton-Franklin shows the 4th highest job growth rate expected 2009-2014 in the occupation of…  You may be surprised….I was…. Coin, Vending, and Amusement Machine Servicers and Repairers! What the heck? Almost as surprising, top growth is expected in Forest, Conservation and Logging Workers.

O.K. this is one of those statistical quirks – top growth percentage is high because there are only a very few jobs. (if there is only one job an addition of 1 is 50% growth). Look at the employment numbers and the top growth in terms of numbers of people employed and the highest growth is expected in sales occupations.

Employment Security Web site for job seekers

WorkSource Skills Center

I rated my skills on this site and didn’t get any recommend any jobs – probably not much call for my special skills?

Provide Feedback and suggestions for future newsletters at any time. I'll try and use what I can.

I really do appreciate those of you who take the time to write and comment on this newsletter! As always, you are welcome to use my articles or presentations for educational purposes. Just as long as you are not charging for the materials and credit the source.  



Read more articles in the Purchasing Toolbox at http://www.mltweb.com/prof/tools.htm and in the BuyTrain news article archive at http://www.mltweb.com/tools/buytrain/index.htm Return to MLTweb

This newsletter was sent to people who have asked to be on my mailing list. I don’t allow anyone else access to this mailing list nor do I send spam or any of the other oddball messages we all seem to receive everyday. If you want me to drop you from the list, just ask. If you think I’m sending you the other spam – It ain’t me babe [doesn't that line sound like it should be a song?].

If this newsletter was not delivered directly to you, it means I don’t have your name on my mail list or the email address I had for you produced an error. You can sign up on line again at www.mltweb.com/mail.htm  (it's free).

MLTWEB is owned by Michael L. Taylor, C.P.M.  Mail:  
Materials prepared by Mike may be shared for supply chain education, provided that this source is credited and no fee is charged. The rights for any other use are withheld.
Copyright;  Michael L. Taylor, C.P.M.