Call us Join or login
Client login Supplier login
I’d like to join a network Get started
Login or Sign up
Client login Supplier login
I’d like to join a network Get started
Author: Jamie Robertson

How to manage supply chain cyber security risk affordably

According to a Manpower survey, demand for specialist cyber workers has increased four-fold over the past year, with top experts being paid more than £10,000 a day.

In response to the cyber security issues in the industry, supply chain compliance expert Altius has launched a cyber security software package for those many businesses whose payroll doesn’t stretch to employing £10,000 per day experts.

Altius Exigo

The Altius Exigo software, with licenses available from £167 per month, is a low cost solution for addressing compliance across supplier networks. It gives organisations the option to configure their own compliance framework, either by adapting existing templates and processes or creating new ones using built-in tools.

Exigo has been successfully piloted by global creative agency Leo Burnett to improve management of information security and data privacy across its complex and large supply chain. This is enabling the  world-leading advertising and marketing services agency to reduce risk, ensure compliance and automate management reporting.

Cyber security

“The eye-watering pay packets of cyber security experts demonstrates the demand for specialist support from nervous businesses, particularly in the wake of recent attacks on organisations such as Sony and TalkTalk,” said Len Simmons, Technical Director for Altius.

Discover the all-in-one contractor management software >

He continued “It is essential that businesses check IT security and data compliance among their suppliers – ensuring that these organisations have robust policies and measures in place to prevent common security failures. Organisations may have risk well managed within their own immediate business, but failings by their suppliers could expose them to data and security breaches that have the power to destroy reputations, business partnerships and profit margins.”

Erik Hart, VP Director, Information Security and Infrastructure Solutions at The Leo Burnett Group/Arc Worldwide, said: “Altius has helped us create efficiencies in the way we assess the security and compliance of our suppliers. By utilising the Altius portal we can create automated touch points with our suppliers, as well as generating reporting, as needed, on various data points.”

The software

The Exigo software is cloud-based, so requires no hardware or software installation. It can be integrated with existing enterprise systems and has an in-built audit trail to create full visibility of supplier compliance and enable instant retrieval of records and information. It also provides automated report generation and data exportation compatible with other business formats, such as Excel.

In addition to managing information and data security compliance, the software can be configured to assess performance and compliance for many other areas of business areas, such as health and safety, environmental bribery and corruption policies, CSR, quality, and environmental and employment law.

Altius software and compliance management services are used by many leading organisations as part of their risk management strategies. Clients include Morrisons, Selfridges, Airbus, Trust Inns, Punch Taverns, Arcadia Group, Superdrug, Bellrock, B&Q and Debenhams.

Do you like the sound of Altius Exigo? You can request a software demo here.


What Harry Potter can teach us about supplier positioning and management

Just as the fictional school of Hogwarts sorts its aspiring wizards and witches into four houses in the Harry Potter fims, a supplier positioning matrix sorts suppliers into four categories and aids you and your company by minimising the cost of compliance.

Supplier positioning matrix

High risk / High value

Supppliers need to be trusted partners working closely to achieve shared objectives. A deep two-way understanding is needed, especially when dealing with assets that are direct components for your business.

High risk / Low value

Processes need to provide efficient mitigation against risks. Pertinent information needs to protect buyer is essential. This strategic security and investment in facility maintenance and tooling can negate risks associated.

Improve your contractor performance with compliance. Find out more >

Low risk / High value

Buying power can be used to achieve the best deal for customers. Buyers need enough information to get the best from the market. This tactical profit approach is synonymous with consumer purchases such as energy and cars.

Low risk / Low value

Using the simplest possible process to find and use suppliers, only basic information is needed for these tactical acquisitions. Furnitue and stationary are such examples of these kinds of purchases.

Supplier differentiation

By differentiating suppliers on the basis of level of risk and value of business you can prioritise use of compliance resources and use strategies that reflect risk and spend to minimise the cost of supply chain management. For example, it’s not necessary to audit all suppliers, which is an expensive way of achieving compliance. This method can be reserved for where the risk and contract value warrants it.

The most basis checks can be reserved for low risk/low value suppliers, such as stationery vendors, where financial health checks will probably suffice. It’s important to ensure financial solvency of all suppliers and processes such as Company Watch, which is a standard element of the Altius compliance service, make this easy. .

Smart technology and outsourcing routine processes can help make assessment simpler and reduce cost. It’s important to use your resources where they will bring benefit to you and your customers, i.e. the ‘Strategic Critical’ supplier category, where you’ve got the most to lose and the highest chance of losing it.

Free guide to managing contractors

To help businesses better manage contractors, Altius has created the free guide, Improving Contractor Performance with Compliance: A Guide for Facilities Managers. The guide can help you find a better approach to supplier management, give tips on objective decision making, and help you find the right tools for monitoring contractor compliance. Download your free guide by clicking here.

How to introduce your own supplier audit in five steps

One of the greatest challenges of supplier audits is actually introducing it into your workplace in the first place. Both you and your suppliers understand the importance of such audits to mitigate risk, ensure supply chain integrity and stay within the boundaries of the law.

To ensure your own supplier audit is adding-value to your operations and supply chain from first integration, take into consideration these five steps for better auditing practice:

The right people, the right tools

A strong platform internally is required before even contemplating going out to audit suppliers. This requires you to build a team that you can trust to audit, input data and analyse as effectively as possible.

For those firms operating on a global scale, sourcing local freelancers will save you money on travel costs for your core team, but caution is required to ensure you employ the right auditors for you.

Likewise, having the right tools available to your new team is critical to begin the auditing process. This doesn’t just include your internal supply chain software, but also the templates/questionnaires/audit forms that your team will have to complete for each supplier.

Schedule regular audits

How often you should hold audits depends entirely on the size of your supply chain. 12 months is seen as the most popular timeframe to complete audits – but sticking to your schedule and taking the time out every year to dedicate yourself to the process is hard to do.

It’s inevitable in most organisations that supplier numbers continue to grow year-on-year. This growth, coinciding with your existing and ageing database over time means you’ll be exposed to the most basic changes which could disrupt your daily activities. Supplier names, locations and lead contacts, are just three examples of this situation. To combat this, be firm with yourself and your team to ensure regular audits take place.

Best Practice Guide to Supply Chain Compliance Now Available >

Identical supplier standards

To maximise the benefits of your audit and the standards of your organisation, it is essential to audit your suppliers based on the same aspects – no matter where they are in the world. For organisations with global suppliers, this is more important for you.

As well as having a standardized approach, based on UK industry standards that lead the way in global supply chain management, you should ensure that your people and tools can achieve the same higher standard to meet your expectations.

Can a local freelancer 2,000 miles away carry out the same supply chain check as the rest of the team could? This is just one question to think about when introducing your new supplier audits.

Closed-loop process

Once the auditing process has been completed, now is the time to bring that data together to ensure that consistent results are achieved and reporting can be made to share the results with the relevant stakeholders in your organisation.

Ensuring you have a closed-loop process means that audits in the future become easier over time to complete. Verification of existing suppliers, including changing their basic contact details, can be completed more efficiently internally.

Measure audit success and report

After audits, you should be measuring and reporting the success of the latest one you’ve completed. This allows for you and your team to implement improvements and fine tune your auditing process. Questions to ask yourself at this stage include:

These measures can greatly enhance your resource planning and management in the future.

Photo credit: Bruce Guenter

Best practice guide to supply chain compliance

10 facts that will stagger all supply chain managers

When in control of a supply chain, being able to identify and mitigate risks that could be disruptive to your supply chain is likely to be high on the priority list. Or so you would think… Sometimes this doesn’t seem to be the case.

So, here are 10 facts that will definitely stagger all supply chain managers in the industry:

Share this infographic on your site:

If you would like to learn more about how we can help you mitigate supply chain risk, please get in touch today. In the meantime, why not take our supply chain health check questionnaire so that you can see just how well you know your supply chain and where there is room for improvement.

Or download our eBook below and discover how to improve your contractor’s performance…

Download Improving Contractor Performance with Compliance: A guide for Facilities Managers

Photo credit: Tanya Hart


Recent Posts