About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline

1 Best Practices in Supply Chain Risk Management for the U.S. Government [1] (2016)

handle is hein.usfed/bpscrm0001 and id is 1 raw text is: Best Practices in Supply Chain Risk Management for the U.S. Government

Supply Chain Risk Management (SCRM)
Supply Chain Risk Management (SCRM) is the process of identifying, assessing, and neutralizing
risks associated with the global and distributed nature of product and service supply chains.
The globalization of the U.S. economy presents unique and complex challenges when applying SCRM
methodologies to safeguard the U.S. Government (USG) supply chain from emerging threats and
vulnerabilities. The presence and influence of foreign governments, poor manufacturing and/or
development practices, counterfeit products, tampering, theft, malicious software, etc., are examples of
supply chain risks that must be mitigated. Federal agencies, government contractors, suppliers, and
integrators use varied and non-standardized practices, making it difficult to consistently evaluate,
measure, and neutralize threats to the USG supply chain.
Federal agencies should develop a SCRM strategy that accounts for known and emerging threats,
vulnerabilities, and organizational impacts. Federal agency supply chains are as unique as the
individual agencies they support. No one SCRM strategy can be universally applied across the federal
government, but federal agencies should follow the established National Institute of Standards and
Technology SCRM standards as a foundation of their own strategy. SCRM will require USG agencies
to establish a coordinated team approach to assess supply chain risk and actions necessary to mitigate
the risk to an acceptable level. The backbone of the team should consist of a diverse group of
professional disciplines with expertise in supply chain risk management, security, procurement,
contract and administrative law, audit and finance, and facilities management. SCRM should leverage
a variety of resources, including open source commercial products, to build a risk assessment baseline
that includes a potential vendor's legal history, financial solvency, tax history, and corporate
relationships. Initial research should be combined with a detailed risk assessment focused on
counterintelligence threats. The guide below provides detailed risk assessment questions to review
during the SCRM process.
Recommendations for Developing a Supply Chain Risk Assessment
An effective risk assessment begins with that agency's understanding of its supply chain and its
vulnerabilities. Risk assessments are mechanisms to research, identify, and assess the security,
integrity, quality, and resilience of the procured products and services.
Providers of Products and Services
Identify the location of a service provider. If in a foreign country, identify potential relationships
between the foreign government and the provider (suppliers, vendors, etc.). Identify the foreign
country's laws or policies which enable it to request sensitive business information from the provider.
Request the names, addresses, and role of foreign individuals associated with, or who have access to
the provider.
 Where is the provider headquartered, and where are their manufacturing and service facilities
located (i.e., United States or a foreign country)?
 Does the provider have relationship with a foreign government?
o To what extent is the provider foreign government-owned?

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Already a HeinOnline Subscriber?

profiles profiles most