Unconditional Procurement with Cybersecurity

Daryl Hammett is COO and General Manager at ConnXus, a supplier management software company. Daryl completed the Certified Third Party Risk Management Professional (C3PRMP) program through SIG University. He shares how he is implementing the best practices he learned in the program to mitigate cybersecurity risk at ConnXus.

In the global supply chain landscape, cybersecurity threats are increasing exponentially. Fortune 500 companies’ sensitive information is leaked because hackers target their vendors and business partners, and organizations that might not be as secure as their corporate buyers. Every supplier and business partner can become an added risk. Working with global companies big and small, one of the most significant opportunities that I’ve observed is managing multi-tier suppliers and mitigating risk. We can support all our suppliers through secured technology and the principle of “unconditional procurement.”

What does “unconditional procurement” mean? By “unconditional,” I mean an open approach to procurement. Buyers often work with a variety of suppliers and treat them differently. These suppliers can range in scale and scope, from businesses with regional or international capabilities to those recognized as diverse or non-diverse. During the sourcing process, many organizations have requirements that vary depending on the type of supplier they require. Buyers should have a high-level overview and understanding of every supplier, no matter the size. They should always evaluate suppliers in the same manner to understand their company, no matter what they deliver to the door. Suppliers should not be subject to different conditions.

To promote a universal approach to procurement, the method should be merged with any supplier diversity and sustainability initiatives. Key stakeholders from different departments should come together under the larger umbrella of strategic sourcing and be incentivized under the same performance metrics. Suppliers can be one of the most significant unmitigated risks that threaten your supply chain, so the first step to doing complete procurement work for your team is to make sure your suppliers are working on a secure platform. Businesses and supply chains have gone digital, and cybersecurity should be a vital component of your daily operations.

>> Learn more about third-party risk management and the opportunities for procurement

For example, at ConnXus, we commit to delivering secure software and protecting our client data. We comply with EU & US Privacy Shield standards, GDPR, and have recently implemented SOC (System and Organizational Controls) 2 Type 2 protocols. Our information is encrypted and protected by a 24/7 security network. By applying this new security, we’ve ironed out our financial reporting, standardized our operation for organizational and regulatory oversight, and also created an exhaustive plan for vendor risk management. We’ve seen immediate positive effects within our organization, our RFP/RFI response rate, and our current client feedback. We’ve baked in disaster recovery response processes to protect our business continuity in case anything happens (such as one of our suppliers getting hacked). For many businesses hacking is not a matter of if, but a matter of when.

What does your organization’s cybersecurity look like? Do your suppliers have the same security standards and values? Are you confident that your vendors (big and small) are secure and compliant? How deliberate and intentional is your organization’s sourcing process?

Bring your category managers, CPOs and IT department together to improve your overall procurement governance process. Let them communicate with suppliers and bridge gaps within their supply chains. Reviewing suppliers, getting their feedback and asking for theirs in return improves your onboarding process, payment, engagement, RFP/RFQ and requisitioning procedures. The impact of including a broad base of suppliers and promoting participation also determines long-term sustainability and risk in your supply chain. Within your procurement teams, are you deliberately and intentionally holding your stakeholders accountable for maintaining feedback on your suppliers?

Think about incorporating a feedback loop within supplier relationship management and make sure everyone is held to the same standards. This feedback loop will drive supplier engagement and bring in new ideas that provide more value creation within your supply chain. I believe if buyers were more intentional about specific procurement, suppliers and employees could work together to promote new ideas that drive down cost, increase innovation/speed to market, and create more impact as a whole.

The Certified Third Party Risk Management Professional Program is an 10-week video-based program designed for the time-constrained professional. In the program, students focus on best and emerging practices to identify, assess, manage and control third-party risk throughout the lifecycle of relationships, and learn how to align risk fundamentals and frameworks with risk culture to develop the essential tools and controls for effective governance. Download the course catalog to get more information on enrollment and join your colleagues in the virtual classroom!