How to Ensure Product Security in Collaboration with External Vendors & Partners

Art Koch’s Profit Chain® Tips
Authority Magazine Interview: Ensuring Product Security
Volume 5 | Number 11 | September 2024

I was interviewed by David Leichner for Authority Magazine. We covered how to ensure product security in collaboration with external vendors and partners.  The interview is included below and can be read online.

==================

How to Ensure Product Security in Collaboration with External Vendors & Partners 

In an increasingly interconnected world, maintaining the security of products while working with external partners and vendors presents a crucial challenge. How do product security managers ensure this vital aspect of supply chain management? What best practices, technologies, and strategies do they employ to guarantee the safety of products throughout their lifecycle, especially when these goods may pass through multiple external entities? As a part of this series, we had the pleasure of interviewing Art Koch.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Is there a particular story that inspired you to pursue a career in this field? We’d love to hear it.

I grew up in Flint, MI, and watched the auto industry’s demise. I watched friends and family lose their jobs and have difficulty finding similar positions because they only knew GM. I decided not to become obsolete and purposely changed jobs and industries throughout my career. Additionally, to the best of my ability, I felt the need to help others build more productive manufacturing facilities.

Can you share the most interesting story that happened to you since you began this fascinating career?

The number of people from around the world that have become friends. I could never in my wildest dreams imagine that I would be helping transform businesses, working with such incredible people, and traveling the world.

Are you working on any exciting new projects now? How do you think that will help people?

I just finished a book: The Supply Chain — Unlocking the Sustainable Profit Chain.
I look forward to helping CEOs, CFOs, COOs, and the next generation of supply chain professionals improve and design sustainable profit supply chains.

Ok, thank you. Let’s now move on to our main topic. Can you share a few reasons why it is so critical to ensure product security in collaboration with external vendors in today’s environment?

It’s always been important. For the past 20 to 30 years, governments and businesses have become complacent, exploited cheap labor, currency imbalances, and subsidized raw materials within developing countries, and did not wholly consider the long-term impact of these decisions. Some nations don’t share the same values as the US, including corporate intellectual property rights. Geo-political tensions have escalated in the past several years, and the coin has flipped. Now, our government and companies understand who the better trading partners are, which aligns with our values and respect for international laws. The issue is that the energy and cost of unraveling vast supply chains will drain scarce corporate resources. Additionally, it’s essential to protect your company’s IP. And, we must remember our role in national security.

How do emerging technologies like AI and machine learning augment the collaborative efforts between organizations and external vendors in securing the supply chain, and could you share a case where leveraging technology markedly enhanced product security?

AI and machine learning can be game changers for the integrity of supply chain data.

For example, the current process of maintaining data such as lead times, pricing, and delivery dates is often managed by cumbersome and costly EDI exchanges or with Excel spreadsheets via e-mail. A supply chain team member is frequently part of the process. By having people in the middle of the process, updating data isn’t always their top priority — the delays in maintaining data impact variability within the supply chain. The variability is costly.

The data needs to be updated accurately and in a timely manner to eliminate variability. The rub is that to achieve this, the process needs to be automated. For it to be automated, supply chain team members must trust the results, let go, and not insert themselves into the process.

Organizations that don’t achieve automation will not unlock the full potential of AI and machine learning.

How do you identify and mitigate risks to product security when working with external vendors and partners in the supply chain, and could you share an instance where a proactive approach averted a significant security breach?

There are many different methodologies, and there is never one straightforward flow charted process that fits every scenario.

First, there needs to be a mindset and behavior to trust no one. Yet, simultaneously, we must trust each other to build partnerships. The critical element is never to forget corporate espionage is very real and pervasive.

Second, never share information, technical details, and drawings of your IP — anything that may be considered a secret sauce and competitive advantage! Supplier and supplier partners should only manufacture subcomponents and leave the final critical machining and assembly to in-house operations where IP can be contained.

Third, never forget that non-disclosure agreements (NDAs) are great until they aren’t. There’s a saying: You are the master of what you keep to yourself and a prisoner of what you say. This is how I feel about NDAs.

I recommend thorough supplier vetting. Years ago, when I was head of the supply chain at a significant manufacturer, a supplier was aggressively courting us and quoting a competitive pricing strategy, which was almost too good to be true. Before signing a long-term agreement, we hired a supplier surveillance expert. With their help, we learned the supplier had made an internal strategic decision to enter our market, gain product knowledge and cost structure, and go after our customers. It’s always necessary to ask questions and look behind the curtains.

What are some strategies and frameworks you employ in third-party vendor management to uphold product security? If possible, highlight a partnership that stands as a benchmark in industry practices.

Start with implementing supplier scorecards. Rate suppliers, publish the data, work with suppliers, and determine which ones want to improve — the Contenders vs. the Pretenders.

Do your due diligence on the contenders. Understand not only their financials and competitors. Also, determine if they hold the same values and belief system as your organization. When this is done, select one or two suppliers to partner with that make your company more competitive and a better supplier to your customers.

Then start small. Include suppliers in design reviews, have a visiting supplier desk, and include them in operations visual daily management meetings.

I regularly see an opportunity to leverage suppliers as part of a postponement strategy. There needs to be more emphasis on developing supplier partnerships by implementing a product postponement strategy to compress lead times and improve customer service and inventory velocity — thus, profitability and corporate valuation.

Finally, be sure the supplier never has access to your IP.

As Industry 4.0 and smart factories gain traction, how are strategies and approaches evolving to foster product security within the supply chain?

I didn’t know we had moved past Industry 2.0! Hahaha.

In all seriousness, the companies in the best position to leverage the latest technologies must be sure their foundation and fundamentals are rock solid. Without foundational elements in place — such as inventory and data accuracy, coupled with the solid application of enterprise resource planning systems — supply chain professionals will be playing catch with fully taking advantage of the capabilities of IoT, AI, or Big Data, let alone containing the security that IoT brings to your doorstep.

I was at a client’s facility a few years ago. The client wasn’t small, with billions in revenue — meaning they had the resources to do almost anything. A hacker used a back door in the supply chain to take down their entire system. This highlights the importance of getting the foundation and fundamentals in place to ensure there’s time and energy to take advantage of the newest technologies safely.

What are your “5 Best Practices for Ensuring Product Security in Collaboration with External Vendors and Partners?”

1. Vet suppliers before collaboration. Be sure they have excellent moral character and the same values as your organization. The earlier example of our supplier with a strategic plan to use us to learn trade secrets and market knowledge and then enter our market and steal customers highlights the critical nature of knowing everything about potential supplier partners.

2. Don’t expect your organization to build partnerships with many suppliers. Cull out a few contenders to collaborate with. It’s much less complex to ensure your company’s IP isn’t leaked with a few suppliers versus many. I once tried to establish partnerships with more than 10 supplies simultaneously, but the results were a train wreck. There wasn’t any sort of process. Some suppliers were confused about why they’d been asked to meetings; other’s scorecards were so low they should have never been included, and others became frustrated and dropped out of the program. Additionally, supplier chain leadership needed to detail the benefits of supplier partnership to their team. Several buyers couldn’t explain the benefits to the suppliers they managed, which led to more confusion. We achieved our result of integrating suppliers into our material replenishment planning once we pulled back the initiative to two suppliers.

3. Don’t collaborate with suppliers that are competition. Samsung Electronics’ glass screens are an excellent example of this and the following bullet points. In the smartphone wars for market and technical dominance, there was one go-to supplier, Samsung, for glass screens. As the battle for market dominance heated up, so did the tensions between the supplier and the customer, Apple Inc. This resulted in multinational litigation, lasting years and costing both companies valuable resources and billions of dollars. I don’t know about you, but the attorneys are the only people who win in legal battles.

4. Don’t use suppliers who sell the product. When possible, don’t collaborate with a supplier that uses the material you’re procuring for a product they sell to consumers. Your orders will never take priority when capacity becomes tight.

5. Work with suppliers that make your company more competitive. Seek suppliers with IP or a technology you don’t have or the resources to develop. At the turn of the 1900s, companies like Ford were horizontally integrated. Ford owned everything from rubber plantations to steel mills. This allowed Ford to control its supply chain. However, Ford and others couldn’t keep pace with the speed and cost of improving synthetic rubber, steel production, and other technologies. This led to a mindset shift from horizontal to vertical integration. With vertical integration, several suppliers compete in terms of cost, speed to market, and constantly improving technology. Adopting a vertical integration mindset can also allow your company to take advantage of the latest technological advancements without substantial capital investments.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂

Don’t let executive leadership marginalize the supply chain. The supply chain team deserves the same respect as finance, engineering, and other professions within your business. Demand professionalism from other supply chain professionals. And invest in your team! Find the hidden geniuses and organizational castaways that will help create an organization others aspire to join.

Originally published July 18, 2024 on Medium