Supply chain risk management is not a new concept; but in recent times the issue has come to the fore, primarily driven by cyber security, but also regulatory compliance. Like for many other types of risk (e.g. financial, operational), it’s important for organisations to build in resilience against supply chain risk too, given its the potential to disrupt business operation.
At Ascertus, supply chain risk management is a Board agenda item. As a supplier, we are mindful that we need to take adequate measures to minimise and mitigate risk for our clients. Equally, we work closely with our partners to ensure that they too have processes in place to manage their own risks.
Here are some key focus areas at Ascertus:
• Policies – Routinely, we are asked by our clients to fill in lengthy questionnaires to illustrate how we deal with risk factors – everything from Anti Money Laundering through to GDPR, corporate social responsibility and cyber security. We have our own set of policies on such issues of course, but we also undertake similar questionnaires with our partners and suppliers on an annual basis to ensure that they too have satisfactory policies and processes in place.
• Water-tight reseller agreements – Our partners take supply chain risk seriously and are well equipped in their technology and processes to ensure that their products pose minimal threat to client businesses. Our partners are duty bound to inform us of any issues in a timely manner. The recent patch for a security vulnerability by one of our partners was a case in point. We were sent a detailed set of instructions and guidelines so that we could quickly deploy the patch for our customers with on-premises solutions. For our clients on the Cloud Platform, no action was required on our part as the partner undertook the critical patch in the cloud. In fact, many customers only knew of the issue as they were informed by us. This is a great example of our proactive approach to managing security and indeed supply chain risk management.
• Training – With regulations and technology evolving at such rapid speeds, it’s imperative that all our staff are aware of new developments taking place. All our employees are mandated to undergo annual training, including on regulations such as Anti-Slavery, Anti Money Laundering, GDPR as well as a variety of cyber security areas.
As a technology vendor, we take responsibility for the technologies and products that form part of our portfolio. We have our own stringent procedures and policies to minimise our risk to customers, but at the same time, we demand the same exacting risk mitigating standards from our partners. Due to the nature of cyber security today, no one organisation can independently mitigate either security or regulatory compliance risk today. It’s important that organisations collectively adopt best practices to minimise and mitigate operational risk to business.
If you would like more in-depth information on our policies and procedures, please get in touch via email@example.com.