SCAIR Secure SAAS (Software As A Service) Cloud Hosting

SCAIR (Supply Chain Analysis of Interruption Risks) is available as a Cloud Hosted  Software As A Service model.

You can expect your Supply Chain Risk Management provider to take data security seriously and we work hard to ensure that sensitive data is treated with care and respect.

We use Tier 1 Enterprise hosting, which complies with stringent security standards, as well as providing excellent service quality SLAs (Service Level Agreements) to ensure great resilience of our service to you.

Our preferred Cloud Services Enterprise hosting:

  • is committed to annual certification against the ISO/IEC 27001:2005, a broad international information security standard.
  • has been audited against the Service Organization Control (SOC) reporting framework for both SOC 1 Type 2 and SOC 2 Type 2.
  • has been audited against the Cloud Controls Matrix (CCM) established by the Cloud Security Alliance (CSA).
  • has been granted a Provisional Authorities to Operate (P-ATO) from the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB).
Risk Management Perspectives Part 3: enterprise wide information gathering and supply chain tools

The final installment to a Q&A series, generated following a prominent Risk Management publication’s request for industry expert opinion.

q. “What tools can companies use to manage their supply chains and ensure they have up-to-date information on their whole extended enterprise?”

a.”For a multi-national organisation, the risk management of thousands of suppliers is not practical unless a prioritisation method is applied. This method should not be based purely on volume of spend; a more robust approach to SCRM is needed which should include quantification of financial exposure to all critical supply points (both internal and external, and 1st tier and Xth tier suppliers).

Having built up a detailed picture of critical supply points, and taken steps to reduce key exposures, the final step is to monitor the status of those locations. In a recent KPMG report entitled ‘Enhancing supply chain networks for efficiency and innovation’ only 9% of the respondents said they could assess the impact of disruptions within a matter of hours. The 9% have a competitive advantage by being able to respond quickly to failures in their supply chain. In our data rich world, there are many information feeds ranging from natural hazard alerts to financial monitoring, which can help supply chain managers to stay on top of the status of critical supply points.”

Risk Management Perspectives Part 2: challenges and Risk Management in global supply chains

The second part of a series in which Catherine Geyman, of Intersys Risk, answers questions posed by a prominent Risk Management publication.

q.”What are the challenges to managing the risks a modern, global supply chain presents? Can you give any examples specific to your own experience?”

a.”Two of the biggest challenges for global companies with complex supply chains are i) lack of visibility of the actual manufacturing source (particularly in Tier 2, or 3 suppliers) ii) the ability to prioritise and focus on managing the most critical supply chain exposures based on value at risk; this is a particular challenge for complex multi-nationals with thousands of key suppliers.

Examples:
i) Lack of visibility of the End to End supply chain. When a fatal explosion occurred in a German manufacturing plant in 2012, the automotive industry felt secure that it had alternative sources of nylon-12, but it was unprepared for the loss of a precursor to nylon-12, cyclododecatriene (CDT) made at the same plant. The whole industry was dependent on CDT production from that plant and its impairment caused a shortage of nylon-12 which continued for months.

ii) A large pharmaceutical manufacturer sourced a particular grade of lubricant (used in tablet formulation of a wide range of its key products) from a sole source. As it was an inexpensive material, bought in relatively small quantities, it was not a management priority for Procurement. However, when the value at risk on this supplier was analysed it was realised that a major problem there would result in significant supply interruption across a range of products. In this instance, the solution was straightforward – a relatively small investment in a manageable volume of safety stock would mitigate the majority of the exposure.”

Risk Management Perspectives Part 1: are we learning from recent Supply Chain experiences?

Catherine Geyman, of Intersys Risk, was asked by a prominent Risk Management publication to give her opinion on a number of topical issues. The publication summarised and, for clarity, her full answers are shown below.

q: Have lessons been learned from the issues emanating from the Thai floods and the horsemeat scandal?

a: “Certainly the horsemeat scandal has put a greater emphasis on understanding the true source of a material. A common problem across both the Food and Life Science industries is in pinpointing where a material is actually made when so many are sourced through agents and distributors. A similar provenance problem was experienced by the pharma industry in 2008 when the heparin scandal broke and it became obvious that a number of significant western manufacturers had no idea of the origin of the starting material – pigs intestines harvested in tiny, unregulated workshops across China. That particular issue put pressure on western regulators to increase their presence overseas and since then the US Food & Drug Administration has opened more centres in overseas locations which in turn have resulted in a greater number of inspections of foreign facilities and an increase in regulatory actions preventing non complying drugs and foodstuffs from entering the US.

From an internal controls point of view, the pressure to extend auditing activities further back up the supply chain has increased and the auditor’s skill set has been redesigned in an attempt to better detect fraudulent supply chain activities. There has also been a push in the food sector to simplify the most complex supply chains and to exploit more opportunity to source locally. The Food industry is not alone in reassessing its ability to reverse some of the outsourcing activities of the last decades, the pharma industry too is also seeking more manufacturing opportunities at home, with projects such as REMEDIES co-funded by the UK government and industry partners to redesign the UK pharma supply chain.”

The cyber supply chain risk

In a digital world, cyber risks are an increasing concern for businesses – as our colleagues within the InterSys technical group are well aware. This deals with the findings of the government’s Information Security Breaches Survey 2015, which shows both the prevalence and impact of cyber breaches. There’s a lot more businesses can be doing, they note.

There are obvious implications for the supply chain, too. As research by Standard Chartered (picked up by the FT) highlighted, technology has transformed the global supply chain, bringing massive benefits. Radio-frequency identification (RFID) technology and the Internet of things, for example, have made it much easier to track and monitor orders and shipments through the supply chain. Similarly, technology facilitates much greater coordination between businesses.

“Supplier companies can be completely integrated in managing the supply chain. Instead of an ordering department sending orders to suppliers, everybody can be linked directly to inventory management systems,” the report states.

While the benefits of that are obvious, so too are the risks. Increased connectivity, if not properly handled, brings the potential for increased vulnerabilities. Moreover, the reliance on technology exacerbates the potential problems in cases where a breach does occur (one reason, possibly, why the government survey shows the average cost of security breaches soaring).

The other, and related, point is that a company cannot afford to look just at its own cyber security. As delegates heard at the Infosecurity Europe event where the Security Breaches survey was launched, businesses need to work not just on their own procedures and practices, but also with their suppliers.

Experts are urging businesses to work with suppliers to raise the level of their “cyber hygiene” – encouraging them to follow principals such as those laid out by the government’s the Cyber Essential Scheme. The view is based on a number of cases where attackers have targeted suppliers to circumvent big firms’ security.

“Try to be an intelligent customer,” Jon Townsend, head of cyber intelligence and response at the UK’s Department for Work and Pension (DWP), advised the audience. “And if you think suppliers are not meeting your information security requirements, instead of beating them up with the contract, work with them to put it right.”

That’s good advice. As a first step, though, businesses need to have visibility of the supply chain to identify where the potential vulnerabilities are, and identify who has what information. Fortunately, that’s an area where technology can help as well, with the growing market for supply chain management software.

Directing investments in a globalised market

Supply chain risks are once again close to all-time highs, according to the Chartered Institute of Procurement and Supply. The group’s Risk Index assesses risks in 132 countries across a range of categories to calculate the global supply risk score. Only five countries saw operational risks improve in the last quarter.

The index, which runs from 0 (no risk) to 100, is now at 78.7 – up from 23.7 in 1994.

The variety of factors that have driven it up, including political turmoil in Europe and economic slowdown in China, will impact each business differently. However, it is also the result of more general and longer-term trends that have more universal applicability.

As CIPS economist and Cranfield School of Management senior economist John Glen told reporters, supply chain complexity is a big factor: “Supply chains have become a lot more complex in the past 20 years. It’s not necessarily the case that there is more risk out there but that our supply chains touch them more.”

There are no “safe havens” for international supply chains, Glen added.

A lot of businesses accept this. Nevertheless, many companies decide to invest in potentially riskier geographic regions to gain access to emerging market places, where the reward is judged to outweigh the operating risks. In doing so they face challenges such as infrastructure reliability and water scarcity issues, which are becoming critical in many areas. In Latin America, for example, Brazil has suffered a historic drought coupled with a dependency on hydroelectric power, resulting in its regional risk score deteriorating in Q1 2015.

In this context, as we’ve noted, there is the potential to gain competitive advantage from more resilient supply chains. However, businesses face a number of challenges in seeking to build resilience. The first is to know in what areas of the business, skills and solutions to invest, given the complexity of the supply chains, and the fact that innovations aimed at supply chains can be a little hit and miss. Moreover, it is not always easy to address deficiencies even once this is established.

Securing skilled personnel falls firmly into this category. The growing skills gap in supply chains is increasingly acknowledged, and was a key theme in Deloitte’s most recent Supply Chain Survey. Fewer than four in ten (38%) of the executives it surveyed thought their organization had the competencies around supply chains required. Only a slightly higher proportion (43%) considered their supply chain was strong when it came to strategic thinking and problem solving.

Supply chain technology needs to address both these challenges: offering solutions that are proven and that can also deliver answers to skills shortages and the complexity of modern supply chains. For those that accept the importance of the supply chain and the need for investment, such criteria should be central to how decisions to address it are made.

 

The positive case for supply chain resilience

Courier group Fedex and researchers at Frost & Sullivan have published an interesting report looking at the importance of supply chains to competiveness for medical device, pharma and biotech manufacturers, among others.

The study opens by noting the supply chain’s importance and also reports encouraging findings from a poll and interviews with 39 high-level healthcare industry executives. These showed 78% recognised that an effective supply chain would be vital to their company’s ability to compete in the next decade.

Despite this, however, the focus of strategic growth in healthcare companies has generally been on acquisitions, restructurings and, particularly, product development.

“[H]ealthcare products companies have sought to gain competitive advantage by leveraging R&D and technology to create superior products and by capitalizing on their marketing prowess… They have often neglected to create a more comprehensive solution for their customers that would plant the seeds for nurturing a true strategic relationship,” the report states.

This is where the supply chain could play a key role, it notes. Companies need to move beyond just thinking about the supply chain in terms of efficiencies; they should also consider its ability to drive growth through developing relationships.

All this reinforces old lessons: The pressure to reduce supply chain costs has in the past threatened, and at times undermined, resilience when applied in a manner that is not proportionate to the risk exposure. Cost reduction has meant closing plants, removing redundancy from the supply chain and reducing stock. Meanwhile, the industry’s focus on mergers and acquisitions hasn’t always helped either, being a contributory factor in a number of cases of drug shortages.

The point is that the cost savings of a leaner supply chain have to be set against the risks. They also have to be set against the competitive advantage gained from a well-publicised, generous finished stock policy for critical drugs that minimizes the risk of vulnerable patients being exposed to product shortages.

This is not an easy balance to strike, but the issue won’t go away. In fact, it’s almost certain to grow. Others have noted the potential impact on pharmaceutical supply chains of medical apps and technology recently introduced by volume providers such as Apple and Google. Furthermore, the growth of the home healthcare market is expected to see the pharmaceutical logistics market increase almost 10% a year to 2019, according to one recent analysis, as companies review their supply chains.

There are no easy answers, but the questions do at least make clear the importance of supply chain resilience – not just in terms of risk mitigation, but also as a potential driver for growth.

Supply Chain Visibility Moves up the Management Agenda

There are an increasing list of reasons for Senior Management Teams to understand the risks inherent all tiers of their supply chains.

Intersys was invited to speak at a leading re-insurer’s conference on Contingent Business Interruption Insurance (earnings protection against failure of 3rd party dependencies to the layman). The attached paper examines the themes presented; the challenges of End to End Supply Chain Risk Management from the perspective of the manufacturing company.

Regulators Push Drug Manufacturers to Proactively Manage Supply Vulnerabilities

The last three years have seen an unprecedented rise in drug shortages in both Europe and America. The number of shortages in the US has been growing steadily from 70 in 2006, peaking at 276 in 2011 . However this is not limited to the US, it is a global pandemic; in 2011 a Belgian pharmacy journal listed 21 countries that were experiencing supply shortfalls .

Action is being taken by regulators in both Europe and America to minimise any future impacts on patients. In October 2011, the US Food and Drug Administration (FDA) issued a review of their approach to Medical Product Shortages and last month the European Medicines Authority (EMA) followed suit by issuing a reflection paper, discussing the scale and origins of the problem and detailing their plans to manage the situation in the future.

Whilst the root causes of each individual product shortage will differ, many had their origins in problems at the manufacturing facilities (accounting for 43% of cases investigated by the FDA in 2011) . The frequency of these ‘manufacturing problems’ has been strongly influenced by industry wide trends, most notably:

• Generic players struggling with manufacturability of complex products whilst trying to keep their cost base to a minimum (in particular injectables such as propofol, chemotherapy agents and nutrition products)
• Regulators taking more punitive action to combat systemic quality systems failings and manufacturers who are sensitive to this more stringent regulatory environment, taking their own pre-emptive actions (voluntary plant shut downs, precautionary recalls).
• Consolidation of the outsourced supply base resulting in single incidents further up the supply chain impacting multiple downstream companies (e.g. mould contaminated intravenous antibiotics sourced from Claris triggered a recall for 5 different companies in the US)
• Progressive outsourcing to less well regulated countries with less regulatory oversight (“Today, about 70% of all APIs consumed in Europe are imported from China and India, where their factories are rarely inspected for compliance with EU standards by EU authorities” European Fine Chemicals Group)

These factors have combined to create an industry wide crisis, which has forced Regulators to redefine their own rules, including:

• Fast tracking the approval of alternative new therapies (e.g. in the US, Shire’s drug for the treatment of Gaucher disease was fast tracked in the wake of contamination at a Genzyme facility)
• Allowing imports of drugs not specifically licensed for a country (e.g. in the last month, as the result of a shortage of the Novartis rabies vaccine Rabipur, an agreement between the MHRA and Department of Health has allowed Sanofi Pasteur MSD to import the unlicensed Verorabvaccine).
• Where product scarcity already exists, recalls or production shut downs will not necessarily be enforced, even when substandard products are known to be in the market place

In the US, the FDA is coming under increasing pressure from Congress to directly intervene less and collaborate more with manufacturers to resolve manufacturing deficiencies.

In Europe, the EMA has reflected on its own role in recent shortages and issued an action plan to improve inter-regulator collaboration, early warning systems, and more importantly from a manufacturer’s perspective, putting the responsibility for supply chain resilience firmly in the hands of the Manufacturing Authorisation Holders themselves.

Actions outline the need for better and more proactive risk management of production processes supported by evidence of identified weakness and corresponding contingency plans. Industry is invited to propose solutions by Q2 2013 and implementation planned for Q1 2014.

Are the vulnerabilities in your production processes (both internal and external) fully understood, prioritised and appropriately mitigated? A quantative approach to supply chain risk management highlights the most exposed links in your supply chain and allows you to evaluate the potential cost to your business of doing nothing to mitigate that loss.

The Hardening Attitudes of Reinsurers to Unspecified Suppliers

Contingent Business Interruption Risk Coverage

Natural disasters across the Globe in 2011 (the Japan Tsunami in March last year, and the Thailand Floods from July to December) have had a far-reaching and lasting impact on businesses small and large world-wide, particularly computer companies for whom Japan and Thailand-based component manufacturers and exporters serve as vital links in their supply chains.

The negative effect of these disasters (on business) has also created a hardening in the attitude of reinsurers who now seek much more detailed information on clients’ suppliers, before agreeing to provide catastrophe insurance cover. The insurance market is now insisting upon greater transparency.

The approach of Europe’s biggest and perhaps best-known reinsurers to catastrophe cover, Munich Re and Swiss Re are being reported in the financial press as hardening. In addition to raising prices for catastrophe insurance cover, reinsurers are setting an 18-month deadline on risks being quantified in detail by clients.

How it works…
A large manufacturing company will have any number of direct or indirect suppliers which represent a critical exposure to the business. Until now, insurance could be bought for all such suppliers without declaring each by individual location.

However, where a group of suppliers supplying a specific industry sector cluster in a certain geographic region, the impact of a natural catastrophe in that area can seriously damage the profitability of the sector. Where re-insurers have a large book of nat cat business in such a sector, the accumulated impact on their balance sheet can be significant. The pain is particularly acute where the suppliers have not been named (prior to the event) and re-insurers have large, unquantified accumulations.

How SCAIR can help take the pressure off
If you are concerned about the effect this hardening of attitude from reinsurers could have on your business, the discipline promoted by SCAIR is your best option when it comes to softening that impact..

The SCAIR tool (see product details here) can lead your company to identify and understand your supply chain exposures in greater detail, thus enabling you to “tick re-insurers’ boxes”, to continue to buy the insurance coverage that you currently enjoy, in the most cost-effective way.

The big advantage of SCAIR (over other supply chain tools) is that it enables you to identify exposures and to quantify them for a range of different scenarios from physical damage, such as fire, earthquake and flood to non-physical damage, such as supplier insolvency and regulatory shutdown – quickly, effectively and affordably.