Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

DRJ Blogs

John A. DiMaria, Certified Six Sigma Black Belt; HISP ISO/Certification Product Manager; BSI America Inc John DiMaria is the ISO Product Manager for BSI Group America Inc and Co-Chair of the CSA OCF and CTP Working Groups He has 28 years of successful experience in Management System Development, including Information Systems, and Quality Assurance. John is responsible for overseeing, product roll-out, and client/sales education. He is a product spokesperson for BSI Group America, Inc. regarding all product standards covering Risk, Quality, Sustainability and Regulatory Compliance. John has been featured in many publications concerning various topics regarding information security, sustainability and business continuity such as Computer World, Quality Magazine, Continuity Insights, ABA Banking Journal, CPM Magazine, and Disaster Recovery Journal, contributor to the American Bar Association Cybersecurity Guidebook and featured on the cover of PENTEST Magazine

Apr 16

Improving Transparency of the Supply Chain

Posted by: John DiMaria in DRJ Blogs

Tagged in: Untagged 

John DiMaria

After tsunamis, protests, hurricanes and wildfires, it would be expected that very few management teams would be unaware of their company’s vulnerability to disruptions like civil unrest and extreme weather.

Unfortunately a survey released by the APQC (American Productivity & Quality Center) last year revealed that may not be the case and past their Tier 1 suppliers, they have very little visibility. It’s a matter of transparency (or lack thereof). Let’s take a closer look at the data and figure out why and how ISO 22301 can increase transparency and help increase awareness leading to better decision making and preparedness. (APQC, 2013)

The overwhelming majority of respondents reported that their organization’s leaders were concerned to extremely concerned about:

  • High-impact natural disasters
  • Extreme Weather
  • Political Turmoil

When considering a list of obstacles that can undermine management of supply chain disruption risks, 65.6% of organization’s stated they have good management buy-in, yet 47.4% indicated they lack the resources needed to assess risks at supplier sites and an eye opening 64.8% indicated they have poor visibility into risk factors among Tier 2 and Tier 3 suppliers.

So with all this management buy-in, why would poor visibly into risks related to Tier 2 and 3 suppliers be a problem? Resources loom large. It takes a considerable amount of people and money to monitor the supply chain correctly. When asked “How does your organization assess potential threats to its supply chain resiliency” over 80% indicated they either rely on informal procedures such as site inspections, conversations with suppliers' managers, etc. or on the judgments of their procurement and operating professionals.  35% spent only $50,000 or less per year on assessing supply chain risk and supplier risk with 22% spending nothing. Yet 74% of the respondents reported that in the past five years, their organization added suppliers that are physically distant from their facilities and 63% reported that they have key supply chain partners in areas of the world known for high-impact natural disasters, extreme weather, or political turmoil. No wonder that 77% said their organization experienced at least one unexpected supply chain disruption in the last 24 months. (APQC, 2013)

Governments and regulators recognize the role of business continuity in mitigating the effects that incidents have on society. It is critical that organizations gain assurance that key suppliers associated with your organization have appropriate business continuity plans in place. Businesses recognize their dependence on each other and you need assurance that your key suppliers and partners can continue to provide key products and services, even when disruptions occur.

ISO 22301 is an internationally recognized benchmark of good practice in BCM and therefore several countries from around the world have chosen to use ISO 22301 as a screening process to ensure their supply base has a formal business continuity management systems in place that is being continuously assessed, updated, and improved. While there is no “silver bullet” that will ever provide 100% confidence that your business will never be disrupted, your suppliers being ISO 22301 certified is a great way to show due diligence and provides that transparency that increases the trust among business partners with a consistent language and process that can be continually monitored allowing you to sleep better each night. 



APQC. (2013, April). Managing the Risk of Supply Chain Disruption.

 Notice: The views expressed in this blog are those of the author and should not be interpreted to have been endorsed or otherwise represent those of BSI Group, or any other of its employees, officers, directors or anyone otherwise affiliated with BSI Group.