Why You Need a Resilience Operations Center – The Case for Operational Resilience (Part 2)

April 16, 2021
Jennifer Bisceglie

In the first post in this series, we talked about the death of Black Swan events—how the challenges of the past year necessitated a new approach to supply chain preparedness. Being caught off guard by unlikely events isn’t an option anymore.

The downside to this new environment is that supply chain shocks are more common and more costly than ever. The upside is that technologies and new business frameworks exist that are helping organizations map, monitor, and model their global relationships to improve outcomes and uncover opportunity.

A Paradigm Shift in Supply Chain Continuity and Security

Organizations have been using Security Operations Centers (SOC) for decades. They have been instrumental for tracking information on internal and external supply chain threats and helping teams manage responses.

But the variety and speed of those threats have changed, with financial, cyber, regulatory, geopolitical, operations, and environmental/social/governance (ESG) risks happening in every tier of an enterprise’s supply chain, continuously. The internal roles have changed, too, and include risk managers, cyber security analysts, procurement teams, IT, and other groups. They all require high quality real-time data and close coordination.

The Resilience Operations Center (ROC) meets these needs and more. It represents a new approach to modern supply chain security and continuity, delivered through an enterprise-wide framework that ensures supply chain risk management (SCRM) objectives are tied to organizational goals. It brings previously siloed groups together to form agile and informed teams that are empowered to use data intelligently and to react quickly to changing circumstances. We’ve seen it work in a variety of industries, and our customers are using ROCs to dramatically change business outcomes for the better.

The Roots of Supply Chain Vulnerability

The world has seen unprecedented business process and supply chain disruption. While many companies have suffered, some have survived and even thrived in this new environment. Several organizations were able to reposition the supply chain quickly and efficiently and meet or exceed their customer’s needs. To understand what sets them apart, we need to first review some history.

If you’ve studied supply chains in recent years, you’ve likely focused on Just-In-Time (JIT) or lean manufacturing. This approach prioritizes reducing excess inventory — only ordering components when needed and keeping spare parts to a minimum to reduce storage costs.

Globalization has also impacted modern production methods. Many global organizations pull components from far-off sources. Parts are made in different factories, then shipped to central locations for assembly. For service companies, software can be written anywhere in the world and then merged into the final product. This is often done to leverage existing resources and partnerships, or to avoid taxes and regulations.

The result of these factors and approaches was a perceived increase in efficiency and cost savings. However, those benefits could only be realized in an environment of limited and easily controlled disruptions. Deep and detailed planning seems unnecessary when things are going well. But the death of the Black Swan has changed the playing field. More events are coming, and you have to prepare for them. “Not knowing” is no longer an excuse.

Traditional Risk Management Is Outdated

Organizations typically leverage operational risk management (ORM) teams and perform disruption planning. However, the scope of much of this planning is limited to traditional events with limited global impact. For instance, an organization may plan for well-known seasonal storms that could impact their shipping. But the possibility that a national border would close for a year due to a world-wide pandemic, or that trading block statuses could suddenly change and upend international shipping laws just weren’t considered. Not to mention a prolonged accidental blockage of the Suez Canal by a wayward container ship.

Compounding the problem, most supply chain risk management (SCRM) approaches rely on point-in-time supplier risk assessments made up of ever-expanding questionnaires, surveys and the like. These manual processes are meant to assure internal teams and business partners that the risks they are taking—from sourcing raw materials in the supply chain to outsourcing core business functions—were acceptable. In reality, they waste time, treat all suppliers equally, consume precious resources, and provide limited insight into risks.

Many organizations have learned through experience just how dependent they are on the actions and vulnerability of other parties, from the first tier to the Nth tier. Events large and small across multiple risk factors happen without much notice, and the deeper they are in your supply chain, the less warning you often have.

Organizations need pro-active, continuous visibility and engagement across multiple risk factors. They need to act quickly and in coordination with suppliers to identify, understand, and respond to events. And they need to anticipate emerging risks — eliminating or mitigating them before they impact business operations, assets, or clients. This is the definition of Operational Resilience—and what standing up a ROC enables you to achieve.

The ROC: Deep Planning and Full Visibility = Supply Chain Preparedness

Organizations in every industry—from manufacturing and logistics, to services providers and digital businesses—are looking for a way to map, monitor, and model their supply chains. As we’ve seen, most solutions currently in place are too limited in scope, not agile enough, and do not align with or help meet wider enterprise objectives.

A ROC solves these problems by creating an enterprise-wide framework that:

  • Acts as a single, centralized resource and coordination point within your organization and with your extended supply chain.
  • Provides a real-time view into your organization supply chain risk and a means for monitoring and taking immediate proactive action to ensure ongoing operational resilience.
  • Identifies key stakeholders and functions and helps mobilize them for risk event-planning, scenario analysis, and probability forecasting.
  • Helps you pro-actively leverage resources to quickly detect, respond to, and recover from incidents when they occur.
  • Provides a consistent measurement and reporting framework for senior management, board of directors, and other stakeholders.
  • Monitors existing and emerging risks and speeds corrective actions.
  • Embeds lessons learned from previous incidents into organizational DNA, making you more resilient to future events and incidents.
  • Serves as a catalyst for leveraging your supplier relationships, building trust across your entire supply chain, and empowering suppliers to work together to manage risk while creating mutual value.
  • Optimizes SCRM and reduces supplier duplication, minimizing the risk of a data breach and reducing administrative costs.
  • Enables intelligence functions and information sources to share and analyze data continuously at an organizational level.
  • Shares SCRM program insights with organization stakeholders to speed response times and minimize disruption and shorten recovery time.

The ROC framework can drive these outcomes because it’s based on three simple but vital principles: connecting SCRM and organizational goals, breaking down silos, and modernizing threat detection and mitigation. Plus, it provides the insight and agility needed to capitalize on never-before-seen opportunities.

Keep your eye on this space next week for parts 3 & 4 of our series on operational resilience AND stay tuned for more information on the ROC!

View next

Ensure Operational Resilience

Request Contact

Build operational resiliency into your extended supply chain:

  • 889 compliance – ensure market access
  • Data sharing with 3rd parties and beyond – protect reputation
  • Concentration risk – ensure business continuity
  • Cyber breaches – assess potential exposure
  • Unethical labor – avoid reputational harm
  • On-boarding and monitoring suppliers – save time and money