NIST Key Practice 5: Collaborate Closely with Suppliers
April 23rd, 2021 •Jackie Risley• Reading Time: 3minutes
For some organizations, managing suppliers has historically been fairly transactional. Have they provided documentation needed for onboarding? Do they fulfill their contractual obligations? Should we renew this contract? However, the National Institute of Standards and Technology (NIST) notes that “[i]ncreasingly, organizations are treating their suppliers as members of their ecosystem and closely collaborating in a variety of ways.”
In its recently published Key Practices in Cyber Supply Chain Risk Management report, NIST advises that best-practice organizations “Closely Collaborate with Key Suppliers” within their cyber supply chain risk management (C-SCRM) programs. This blog is part of a series, which explores how technology investments can support successful implementation of NIST’s Key Practices.
Shifting Supplier Relationships
The global pandemic drove home the risks associated with reliance on suppliers and the interconnectedness of the global supply chain. As organizations recognized that the resilience of their suppliers was critical to their own, many organizations shifted to a more collaborative approach.
In regulated industries, those deemed essential services needed to ensure that their critical suppliers could continue operations. But even in non-essential businesses, buyers began to take a more collaborative approach to risk, such as renegotiating payment terms in order to help a critical supplier maintain operations.
How the Technology Can Support This
The frequent visits, more formal meetings, and frequent communication recommended by NIST to build strong collaborative relationships take time and resources. Unfortunately, those are in short supply in many C-SCRM programs. While technology is often viewed as a barrier to more personal interactions, it has the potential to empower supplier collaboration when it includes:
Intelligent automation to reduce time spent on low-value tasks. Too many programs rely on manual processes to manage activities across the supplier lifecycle. Capabilities such as workflow and AI/machine learning can free up employees to focus on supplier collaboration.
Robust reporting to understand which suppliers should be prioritized, track activities and status, and provide visibility to senior management. In a survey, a mere 20% of respondents indicated that they could quickly and confidently report on the most basic data point: what third parties they have. That suggests that most organizations are spending far too much time chasing down data, rather than building supplier relationships.
The ability to conduct business impact assessments (BIAs) that proactively identify challenges facing suppliers during adverse events (e.g. weather, biohazards, etc.). BIAs provide an opportunity to partner with suppliers to anticipate or prevent disruptions and keep them from affecting the business relationship (e.g. renegotiating contractual delivery dates).
Automated remediation processes that facilitate an interactive, non-punitive approach to addressing any issues and corrective actions. This ensure that clear expectations are communicated and fulfilled while creating a robust audit trail.
Opportunities for mentoring and training suppliers, as recommended by NIST, so that they can understand and continue to improve best practices. These can include embedded guidance within the product, integration with learning management (LMS systems) to provide training, and education resources through peer interactions/round tables and industry events.
Easily accessible communication channels between the buyer and the supplier to complement formal interactions. These can include features such as threaded comments as part of the assessment process and a feature-rich supplier portal to manage communications in addition to methods such as email.
The NIST guidance include a total of 8 Key Practices, which are explored in this blog series. The complete list includes:
Include Key Suppliers in Resilience and Improvement Activities
Assess and Monitor Throughout the Supplier Relationship
Plan for the Full Life Cycle
Jackie Risley
Head of Product Marketing at Varis
Jackie serves as the Head of Product Marketing at Varis. Previously she spent 3 years serving as Senior Director of Product Marketing for Aravo partnering with customers and prospects to architect their TPRM solution to build value and mature their program. Jackie has held marketing leadership position at Nomis Solutions, Upland Software, ABBYY USA and Hyland Software.
Head of Product Marketing at Varis
Jackie serves as the Head of Product Marketing at Varis. Previously she spent 3 years serving as Senior Director of Product Marketing for Aravo partnering with customers and prospects to architect their TPRM solution to build value and mature their program. Jackie has held marketing leadership position at Nomis Solutions, Upland Software, ABBYY USA and Hyland Software.