Personal Safety Thought:
We place a lot of attention at our company identifying job-site hazards and discussing safety precautions with our contractors before they start work. We don't take known hazards for granted and we want to give contractors every chance to be safely successful. Try this same approach with a young person who wants to use a power tool, riding lawnmower, or car for the first time. Answer the "can I use...?" question with something like this; "When you understand the hazards involved and can explain the safety precautions to take." Don't be too quick to volunteer the answer. This is an internet generation. Unlike our generation, young people have plenty of access to online information about product hazards and tool safety. I know at least one parent who would expand this idea into complete lesson, "Bring me a comprehensive PowerPoint presentation showing examples of the risks and proper safety precaution." I know, I would have been a safer child.
Supply Chain Security
Great article December 2011, Inside Supply Management
This article discusses some of the issues and concerns businesses face relative to cyber security. It's well worth the read. Pay particular attention to the inserted text box talking about defensive strategies.
The supply chain accounts for a large percentage of operating budget and business continuity risk. Sensitive information, and weak spots in the supply chain may not be obvious to many employees and even to some senior managers. In addition to our own employees, businesses in our supply chain, and their personnel, may also have access to information which could be sensitive. IT departments can only do so much to provide system and hardware protection. It's up to the people using the systems to know which data needs to be protected and it is up to supply chain management to make sure they understand.
Supply Management often gets asked to discuss or explain the risks in our supply chains. Those briefings traditionally focus on single source suppliers and long-lead-time materials. Natural disasters in the past few years have inspired us to expand out thinking of supply risks in terms of catastrophic loss. This article on cyber security, and a Business Week article referenced below, highlights yet another very real threat to the supply chain - data loss. Whether it's data about a bid evaluation, planned strategic acquisition, or intellectual property; data and information store on our computers can be sensitive and critical to continued cost-effective operation of our business.
It's not just data stored on our computers or locked in engineering files. As supply chain managers, we also understand that company information is transmitted thousands of miles and through many different hands both up and down the length of our supply chains. A good friend once described a very real concern her company had about sending a proprietary drawing to a new supplier in a foreign country. Today, drawings and specifications are often transmitted electronically. Accordingly, not only must we be concerned about mishandling of the drawing at a supplier's facility, we need to additionally be concerned about security and data loss in cyberspace. And this concern should extend to the supplier's computer systems as well as our own.
Data, drawings, business plans, financial information, key personnel lists and email addresses are carried around on laptops, iPhones and stored on computers that belong to our employees, and to employees of our suppliers, business partners, former employees and even in some cases our supplier's suppliers. The concern includes proprietary design information, electronic invoices, product performance data, manufacturing plans, projected shipping schedules, new sources, new materials and new methods.
If the IT department thinks the best way to protect data is to lock it behind a password and make sure only authorized personnel have access – then they have buried their heads in the sand. Of course, someone could deliberately hack into the database and steal the information. But as we all know, a lot of sensitive information is transmitted in an out of the Supply Chain organization as part of normal business processes.
O.K. - do we agree the problem is huge? So what can we do? I think we can take several steps to be proactive.
1- Convene a discussion of Supply Chain risks with staff and senior management. This could be an interesting educational exercise. Ask each staff members to do some research about problems that similar businesses have had with respect to cyber security and supply chain information. Then get the staff together to share findings and talk about potential risks.
2- Have regular discussion with the IT department about data security and risk of loss. Expand the discussion to include risks of loss throughout the supply chain and include all types of sensitive data. Talk about what can realistically be done to ensure key suppliers are as safe as you are.
3- Educate senior management, company employees and suppliers about the kinds of supply chain data or information which is critical or sensitive. [ In my opinion, we don't do a very good job of explaining supply chain business to the rest of the company. The more people know about why we are concerned about protecting bid information, the more they can help.]
Educating the organization about how the supply chain operates, negotiation objectives and market conditions has to start with Supply Chain Management. Sure we can write a procedure that says “bid information must remain confidential”, but what the heck is “bid information” and how broad is that definition? People need to be told why we consider the information sensitive and about the potential impact to operations and cost should the wrong information be disclosed. A person who inadvertently obtains sensitive information needs to know enough to realize the information is sensitive in the first place.
More than just a supplier and a carrier, supply chains now involve, importers, forwarded, export representatives, translators, regulators and more. Each additional touch point is a increased potential for information loss and damaging leaks and thus an opportunity for education.
4- Add Intellectual property, and data protection language to all
contracts. Ensure all suppliers understand expectations about data
security. Here is a sample to think about - get a lawyer to help make it
All data, information, drawings, plans, practices, etc. furnished by buyer or obtained by contractor during performance of this contract which are owned by or considered sensitive by the buyer shall be held strictly confidential. This information shall be provided to contractor employees on a need-to-know basis for performance of this contract and shall not be disclosed to a 3rd party without specific written approval of the buyer. Upon conclusion this contract all sensitive data shall be returned and/or deleted form all contractor controlled data storage locations.
5. Don't wait until the cows leave to close the barn door -educate key executives about sensitive information and risks of loss. Have similar discussion with each of your supplier' key executives. Don't assume understanding and good judgment comes with the title. I’d suggest a short letter to managers signed by your CEO (and ghost written by Supply Management).
Unfortunately, even a proactive process and tight contract language can't always help. Take a look at this Business Week magazine article. In this case, even a company's own bank, claimed cybercrime losses were the fault of the business.
Still not convinced we need to get involved? Here are some more examples supply chain risk and exposure:
Bottom line. Proactive supply chain management is a big task. Articles like the two referenced above, are relevant to our profession.
A Glossary of Terms Used in the Federal Budget Process
Cool resource for aspiring government contract officers. Secret
information that heretofore only accounting geeks understood about the Federal
I was particularly interested to read about a financial balancing tool used by congress and the president. “rescission legislation” That is, congress or the president can decide to rescind funds that were previously obligated to an agency. For example, congress could claim the moral high ground by obligating $5M in fy12 to the “Save the Gryllidae” foundation. Then 6 months later pass another bill retracting $4.8M of the funds. Of course the public never hears about the rescission.
Read about this case http://www.gao.gov/decisions/appro/322162.htm where congress retracted $15M of funds that had been obligated in previous years, by including an obscure section in the FY12 defense appropriations act.
Think about how much it would help your household budget if you could surprise your kids by rescinding college tuition while they are on Spring break.
Professionals develop their own professional development programs! No one would want to use a doctor or a tax attorney who hasn't kept up with the latest advancements. If you doctor said " I don't keep up with current medicines because my manager won't pay for it," would you stop using that doctor? Is our profession any different? Are we prima donnas who only learn what our managers require and pay for? Are we willing to let someone else will take responsibility for our professional development. Read more.... Here is sample strategy .
My Resume... Note to Self
I recently helped a friend with a resume. She had done a good job of outlining her skills and experience. My primary contribution was to point out that she had missed a big opportunity to spin up her experience into a topic that would interest a hiring manager. It helped that I was looking at the resume with a fresh perspective. Having a 3rd party review a resume is absolutely a good idea for many reasons. It also helps to ask the question, "Based on this resume, why should a hiring manager prefer this candidate over someone else?
When I asked that question, my friend replied, "Because my experience doing xyz is directly applicable to this important aspect of the job.." Her answer then lead to a new bullet in the resume highlighting the applicability of that "unique experience". We also added a catch phrase to her cover letter which would give hiring managers a reason to look at the resume.
example: A buyer working in a manufacturing company that has multiple waste streams and surplus material disposal problems - might not think about a construction company having similar waste disposal issues. Thus a resume submitted for a construction-buying job, could be made much more attractive to a hiring manager by highlighting direct experience in waste disposal - even if you have no direct experience in construction.
Seeking to motivate a young person in a career direction? Here is a Catchy Career advertisement and web site
ISM web site
The ISM web site is a huge resource of Supply Management information. In addition to al of the publication, there are many tools and resources reserved for ISM members only. Take a look at this list of 10 things every ISM member should know about the ISM web site.
You might have seen the email copied below from ISM advertising one of the upcoming conference programs. FYI: I had the opportunity to meet and chat with Dr Rendon at a previous conference. He is an Associate Professor at the U.S. Naval Postgraduate School and is a very informative speaker. His program should be very informative.
Participation in an ISM conference is high on my list of recommendations for people to do at least once. These conferences of over 2000 Supply Chain Professionals from around the world are a great way to get a perspective on our the increasing scope of our profession.
Just to give you a flavor of what you can take away – here are my notes from a previous ISM conference. http://www.mltweb.com/tools/articles/92nd_conference.pdf
Hot Topics in Public Sector Supply
|MLTWEB is owned by Michael L. Taylor, C.P.M. Mail:|
|Materials prepared by Mike may be shared for supply chain education, provided that this source is credited and no fee is charged. The rights for any other use are withheld.|
|Copyright; Michael L. Taylor, C.P.M.|