Risk mitigation helps most professionals become more resilient and responsive – a strategic advantage over the competition.

When it comes to third-party vendors, there is no one-stop solution to mitigating risks. However, some key elements could play a vital role in managing risks more effectively. Take, for example, Target and Lowes. Both are reeling from data breaches due to a lack of third-party security protocols. These breaches did immeasurable damage yet could have been avoided by integrating two important risk mitigating tactics — a comprehensive Service-Level Agreement (SLA) and SRM (supplier relationship management) Program.

According to TechTarget.com, SLAs are negotiable instruments that reflect the company’s appetite or tolerance for risk; its size and complexity, geographic distribution, type of information managed, as well as the ability to effectively monitor the third-party management program. In the case of Sony’s PlayStation Network producing one of the worst data breaches of the 21^st century in April 2011, a thorough SLA could have included a third-party data breach violation penalty which could have offset the millions lost while the site was down for a month. To most completely address risk in an SLA, one should consider the following: security and privacy of information, safety and risk analysis, compliance obligation scope, enforcement structure, internal audit accessibility and disclosure requirements, and corrupt practices management.

Since trust in suppliers alone cannot prevent scandal or potential risk, an in-depth SLA is a critical component to risk mitigation along with an all-encompassing supplier relationship management program. Through monitoring a supplier’s operations, a company has the potential to be confronted with compliance issues early on before a widespread scandal can occur. In this sort of relationship, although a supplier may not be a direct component of a company, an organization would be held accountable as though a third-party association was a direct employee in certain industries. It is crucial to have control mechanisms in place to prevent an outside party from causing widespread scandal and damaging brand reputation.

Through establishing a common set of procedures for interacting with suppliers, an SRM program opens communications and enhances the way companies work together. With this enhanced visibility into supplier operations, there is less threat of an incident causing lost sales or hardship. The company would institute structure to their roles that one would continually monitor and assumingly accident-proof.

Whichever risk mitigation method, it is essential to prepare for any disturbance to business, whether through proper SLA preparation or an in-depth SRM program. The consequences of negligence can be ground-breaking and are worth the investment in many industry leaders’ opinions.

Heather Grossmuller is a Marketing Manager at Source One Management Services, LLC, a Philadelphia Business Journal “People on the Move” Recognition Recipient, an advisory board representative of La Salle University’s Association of Women MBAs, and an all-around marketing enthusiast. As Marketing Manager, she oversees Source One’s internal/external communications efforts ranging from social media management to recruitment.

The Next Level Purchasing Association is grateful for this guest post from Heather Grossmuller from Source One Management Services.

• Businessweek
• Tech Target

Become a member of one of the world’s largest procurement associations today.

Recommended Reading

• Appetite for Taking Risk in Your Supply Chain
• Death of Supply Chain Management in 4D The 4 Daggers
• Supply Chain Lessons from Chipotle
• How Much Global Supplier Auditing Is Enough?
• Supply Risk
• Supply Risk and Sustainability Management
• Risk Checklist

Visit NLPA Learning, the new home to all of our certifications and online courses. NLPA Learning also includes learning resources, including live and on-demand webinars, publications and reports, articles, templates, white papers, and much more