Category Archives: Procurement Damnation

Environmental Sustentation 18: Natural Disasters

Natural Disasters are on the rise. The rapid rise to be exact. As per a 2011 publication from THINK Executive, the number of disasters between the 1970s and 1990s occurring worldwide tripled. But as if this was not bad enough, it is predicted that both natural and man-made disasters will increase five times in the next fifty years. Ouch!

Something bad is going to happen. And it’s going to seriously disrupt your supply chain. Are you ready?

Probably not. But regardless of the natural disaster, these tried-and-true techniques can help you survive the next earthquake, hurricane, tsunami, volcanic eruption, or ice storm.

1. Dual Source from remote regions.

That way if a crop or factory in a region is destroyed, you can switch to the alternate source.

2. Maintain visibility down to raw materials for key products.

This way if something happens that affects a supplier’s supplier, you will have early warning and can make plans to switch sources, or help a supplier find an alternate source of supply.

3. Continually investigate alternate designs that require less of raw materials in limited supply.

The less you are dependent upon that one rare earth supplier in China or petroleum based products, the better you will be.

4. Invest in your own renewable energy source.

Should the main grid be overloaded and go down or be destroyed, having your own renewable energy source that your own engineers can maintain can help.

We know you’ve heard this a hundred times, but there’s a reason for that. These techniques are among the few that can be used to prepare for, and deal with, any natural disaster that considerably disrupts part of your supply chain.

Technological Sustentation 92: Data Loss

As we said before, this is the information age and data is the life blood of the company and the supply chain that powers it. The financial chain is powered by data. Encrypted bits over secure channels control the flow of currency. The physical flow of goods is dictated by data. The people controlling the goods and finances communicate through data packets. And losing any of this data is a serious damnation. Not just because data is lost but because, as per our technological damnation post on data loss,

  • lost intellectual property data is a loss of competitive advantage,
  • intrusions that result in lost or stolen data are hard to trace, and
  • even if the intrusions are traced, loss is hard to recover.

Moreover, even if an organization wants to prevent data loss, it requires

  • very powerful, expensive, digital vaults and
  • loads of security training, awareness, review, and enforcement.

So what can an organization do?

First of all, figure out what data is needed, and, of that data, what data needs to be protected. Not all data is critical, and not all is even needed, and the amount of data that needs to be encrypted is typically much less than the entire kit & caboodle. While many organizations do not protect enough data, especially considering the amount of data that should be protected under privacy laws, those that take data protection seriously protect too much. They take a military approach and everything is protected until reviewed and released.

The only data elements that should be protected are

  • personal data
  • (raw) financial data (even if the company is public)
  • true trade secrets (proprietary designs, upcoming marketing plans, etc.)

Bids for commodities or lanes are not trade secret, or all that private. Most carriers give the same bids out over and over again, and some even on public platforms like FreightOS. Purchases might seem trade secret, but the reality is that if the components are imported, the import data is public. Sales can be figured out from public records too. Sales and marketing plans become public the minute they are implemented. Designs become public the minute they are patented. Even though encryption can theoretically be applied to all data, the reality is that once data leaves the secure server, there’s no way to keep it secure. So what do you do?

1. Identify the subset of data that truly has to be secure.

All employee and personal data. Raw financials. Designs under creation. But not public bids, designs that have been patented, or processed financials for public release.

2. Identify the systems necessary to process that data.

And find web-based systems that allow for all parties that need access to the data to access it through the system over the ‘Net. Make sure the data never has to leave the system for the parties that need it to do their jobs and then make sure that only senior administrators or officers of the company can actually export that data. Make sure the systems support distributed real-time failover to backup instances so that they are always available.

3. Make sure all access to data that needs to be secure is logged.

There should be complete audit trails, replicated to external back-ups accessible only by bonded administrators and senior directors of the company.

4. Make sure all of the data is backed up externally using the highest level of encryption available.

It’s not just the audit logs that need to be stored off site, it is the critical data as well. While one site might be taken offline, and even compromised, the chances of multiple geographically remote sites being taken offline or destroyed simultaneously are slim to none.

5. Make sure all exported data is watermarked.

Using embedded and hidden watermark algorithms. It’s easy to embed watermarks in most document formats, and while it’s also possible for hackers to remove them from non-image files, it’s not easy and if no one knows the watermark is there …

While even the strongest encryption can be theoretically hacked, and any exports stolen, if the right infrastructure is set up, the risk of data theft is small and the risk of complete data loss almost zero. But one has to carefully plan and set up the right infrastructure, or just like a middle aged man, the organization may find it’s hair today, gone tomorrow.

Environmental Sustentation 22: Natural EMPs

In our post on environmental damnation 22, natural EMPs, we noted that EMPs, short for electromagnetic pulses, which are short, typically intense, bursts of electromagnetic energy that are generally disruptive, if not damaging, to electrical and electronic equipment, are a huge overlooked supply chain damnation because today’s information driven supply chains run on communication systems that control the chains, as well as the finances that pay for them. A single well-placed burst can take out an entire data centre, and if your organization is not setup in a distributed infrastructure with distributed off-site backups, your entire operation will come to a screeching halt — indefinitely!

No one thinks about this because people believe that the only real concern is EMP weapons, but these are only possessed by a few military operations that are unlikely to ever use them as they could destroy their equipment at the same time, but this is not true. Natural EMPs, which cannot be predicted and cannot be stopped, can do just as much damage and are much more likely to fry your equipment and bring down your supply chain than a rogue attack by a terrorist group that happened to get their hands on an EMP.

As per our damnation post, whether you realize it or not, there are a number of natural events that cause natural EMPs including, but not limited to:

  • lightning,
  • solar flares, and
  • earthquakes and volcanoes.

There is typically warning of the potential of each of these events, as well as the area and the likelihood, but the warning could be brief and the ability to prevent nonexistent, so any warning is likely to be too late.

So what can an organization do to protect against this damnation?

First of all, it can make sure that critical equipment is shielded, and located in shielded rooms. Low power EMPs will then not be much of a threat to that equipment.

Second of all, it can install equipment to divert as much of the pulse as possible. For example, a well placed lightening rod can divert lightening, and any EMP that might accompany it.

Thirdly, it can make sure it has a distributed infrastructure with real-time failover and distributed, real-time incremental back-up. Then, an EMP that takes out part of the IT operation in one locale will not take down the entire information (and financial) chain.

It’s not much, but it is enough. And at the same time, the organization also protects against fire, flood, and the FBI (raid) destroying a critical data centre.

Regulatory Sustentation 36: Labelling

As per our damnation post, while the the subject of labelling sounds harmless enough, it can still pose a nightmare for your supply chain. Products that are not properly labelled can be held up or seized at the border, seized for violation of state or federal labelling regulations from your warehouses or shelves, or result in massive fines and trade embargoes until the problem is corrected.

And it’s not as easy to adhere to labelling requirements as one might think. For example, in food and beverage, many jurisdictions require not only that all products contain nutritional information but also indicate whether or not the products are derived from GMO (Genetically Modified Organisms). In the tobacco industry, despite continuous threats of lawsuits from the tobacco companies, countries are starting to impose plain packaging laws and third parties dictate what packaging can and can not contain. In electronics, some countries are considering imposing laws that force a company to indicate the expected lifespan of the product being produced and how long it will be supported (as this is very important to a consumer spending hundreds, or thousands, on a new electronic device with the belief that the manufacturer is going to support the hardware and software for at least a few years). And different countries require different units, warnings, languages, etc.

This is not necessarily a bad thing, because consumers deserve to know what they are buying, but if multiple jurisdictions require different labelling requirements, it can be difficult to produce a label that satisfies all of the jurisdictions that operate under the same language. And if the company needs to produce a multi-lingual label that satisfies multiple jurisdictions in multiple countries, it can be a nightmare.

As per our damnation post, there are steps a company can take, namely:

  • the implementation of a Global Trade Management (GTM) solution,
  • careful review of each proposed label for full compliance before it is seen to the packaging supplier, and
  • monitoring for changes in labelling requirements so that the company does not get caught off-guard

but if a company is really ahead of the game, it will also:

    • monitor for proposed changes in labelling requirements and make sure it is in compliance before they happen if approval is likely and
    • monitor for key issues and complaints by buyers and find ways to proactively address issues before lawmakers tackle them and take a leadership position, which will improve the brand.

And, of course, make your labels as easy to understand as possible. If the product is packaged in 1L, don’t put nutrition counts for 278 ml against suggested daily values that aren’t even indicated on the package. NO one can quickly do that math in their head!

Organizational Sustentation 53: Engineering

Engineering designs the products that represent a product-based company’s life-blood, as they generate the cash necessary for operations. No company exists without revenue (NO Sale, NO Store), and revenue only comes from the sale of products or services. And those have to be designed by someone, and that someone is typically an engineer. And while Engineers are the top talent in the company, as well as the best educated talent, they can also be stubborn rigid perfectionists.

As per our damnation post, each engineer has a process, a design, a set of approved raw materials, and that is the process, the design, and the set of approved raw materials. Trying to convince them that there is another process, alternate design, or other raw material that could be useable is like trying to force molasses to flow up a glacier, as this would mean that they would have to accept that there are better processes, designs, and raw materials, and that they exist today (despite the engineer’s expensive research and experience).

And even if they are willing to accept there are better processes, design, and approved raw materials — they are perfectionists. The cost model might say that 98% reliability is good enough because, in practice, only 1% of units will break down before the warranty period expires and the cost of flat out replacement will have little impact on profit margin, but Engineering will say otherwise. They will insist on the supplier with 99% reliability even with a 30% cost increase because a good engineer makes the best product they can make, cost be damned.

So how do you deal with this damnation so Procurement can achieve some sustentation? Education.

The first thing you need to educate is that reliability is not the number one concern, safety is. If a laptop, music player, TV, etc. stops working, it doesn’t harm anyone. The buyer might be annoyed, but if you immediately rush out a brand new replacement, the buyer won’t be annoyed for long. As long as the product doesn’t short out and electrocute the user, there’s no issue with a little less reliability.

The second thing you need to educate them is that sustainability trumps supplier longevity. A company has to plan for the future, not rest on past laurels, especially if those past laurels are suppliers that have never been questioned. While every supplier was likely a great choice for one reason or another at the time the supplier was selected, the supplier might not be such a great choice today. All suppliers have to be reviewed at one point in time, and if there are more sustainable suppliers, they have to be investigated.

The third thing you need to do is educate them that you can help them identify suppliers that could have better processes, designs, or raw material formulations and save them a lot of time searching for new alternatives, as you will be scouring the market on their behalf and only bringing them suppliers that might truly have a better, or different, option. As the gate-keeper, you will save them a lot of time.

Engineers are your best allies – they are educated, rational, and want to do the right thing for the organization, like you. So show them how you can help, and be willing to listen (and learn) from them, and you will be able to overcome this organizational damnation.