answers or even suggestions offered about what we should actually do
about it.
Okay, enough flippancy. This article is not designed to offer opinion
in respect to the validity or credibility of such paranoia (if it is indeed
paranoia). The point of this article is to provoke debate about solutions
to this potential dilemma, in the hope that we can move this stalled and
stagnant area of discussion forward to another stage.
recently. This idea was to provide inter alia, some upstream supply
chain information that could potentially assist our customers. it involved
the creation of labels similar to the type that provide nutritional
information on food packaging, but for the IT products that we sell to
our customers. These would become "Supply chain safety labels" chiefly
designed for those within the government and national infrastructure
markets.
bring on-line new additions to the portfolio, we ask for, and record the
following information about the products put forward for adoption:
· Countries where the r&d and assembly occurs
· Location(s) of major financial stake holdings and subsidiaries
· Plan(s) in respect to on-going support arrangements for the
our customers from risks inherent in a global supply chain, as well as
within the rapidly developing and volatile iT industry.
this information on quotes in the form of a "Traffic Light Scheme" to
assist customers in identifying supply chain risks. We never did get
around to finalising the criteria for such a labelling scheme, but for the
point of illustration it could have read:
amber = supply chain within the naTo member nations
red = global supply chain Unassured supply Chain
we soon realised we could get ourselves into trouble undertaking such
politically sensitive discriminations without some serious governmental
backing to which we could refer. Based upon this fear we decided to
stick to plain labels only.
than the green, who would really consider paying more for the
"assured supply chain" option? are we paranoid to the degree that we
apportion a tangible risk factor, which then translates to an economic
buying decision based upon the value of a weighted risk?
the origin or assembly of technology made by our customers.
is perceived changes dependent upon your own location and associated
risk factors. For instance, IT has distinctly different supply chain
structures for software, hardware, services, and Cloud services.
G-Cloud framework prevalent within the UK public sector, effort has
been exercised to actually address supply chain assurance issues.
sensitive data, threats of compromise appear to be more direct and
immediate. To address these threats, G-Cloud introduces the concept
of an accredited "Uk safe harbour"; Uk only domains perfect for
sme's to engage in. This in turn serves a separate government agenda
regarding the wider utilisation of sme's in the public sector supply chain.
their data centre operations almost exclusively in geographic locations
that are more economically viable and therefore not within the Uk,
have held back the adoption of Cloud Services on a large scale, and
specifically within the public sector. This is especially true when
it involves departments outsourcing the more critical or sensitive
elements of their business processes to an external third party.