Supply Chain Risk Management


Your supply chain is only as good as its weakest link. As the Defense Security Service (DSS) transition continues with risk based requirements and initiatives well beyond traditional areas of responsibility, it is critical for prime contractors to secure their own assets and information but also insure their supplier partners are doing the same. Extensive audit and evaluation efforts by DSS currently underway include both physical, as well as information system security controls. Implementing an effective Supply Chain Risk Management (SCRM) strategy internally and in the selection process for your suppliers is now more imperative than ever.


Supply Chain Risk Management (SCRM) is the systematic process of identifying vulnerabilities and threats throughout the supply chain and developing mitigation strategies to combat those threats. In a risk based approach the scope of a SCRM strategy is uniquely scaled to each organization, there is no ‘one size fits all’ blueprint. Whether your focus is grounded in NISPOM or NIST, the DoD and DSS specifically has recognized the unprecedented rate of foreign intelligence and other adversaries’ attacks on the cleared industry. In response to this, DSS requires contractors to be actively aware of threats, vulnerabilities, and any impact of purchasing decisions for products and services. Exposure for non-compliance can have significant financial and reputational impacts.


With increased foreign ownership in the defense aerospace industry, FOCI mitigation concerns are more important than before. Ownership structures of security services suppliers around the globe are constantly changing. Private equity held companies have any number of foreign interests in their ownership groups that are neither clearly disclosed, nor properly mitigated. Subcontracting with a proven partner ensures that a purchasing decision is well-vetted and highly respected in DOD circles.


There is and will always be a direct correlation between economic investment and the quality of services received. Evaluating a supply chain decision through a risk management framework may reduce the likelihood of additional unforeseen costs in the future. Transparency and open engagement with your supplier regarding risk management and threat mitigation will further bolster compliance efforts for a comprehensive solution.


SCIS has been repeatedly recognized as a leader in industrial security services. To learn more about how SCIS can greatly reduce the risk in your security supply chain click here.