Risk Category |
Definition |
Service Integrity |
Risks related to the service being delivered unaltered . |
Service Quality |
Risks related to the service being delivered as specified . |
Service Reliability |
Risks related to the service being delivered consistently . |
Service Security |
Risks related to the service being delivered as expected in the face of malicious action . |
Table 6-4 . Supply chain security top-level risk categories for services .
Together with the elaborating sub-categories one level down , Figure 6-1 below illustrates the top of the SoT BoK .
External Influences
Foreign relationships
Financial Stability
Questionable debt management
Organizational Stature
Corporate ownership reputation
Supplier Risks
Susceptibility Quality Culture Maliciousness
Customers
Company has a low CMMI rating
Organizational Security
Foreign Intelligence Concerns regarding
Service ( FIS ) facility access influence
Hygiene Malicious Taint Counterfeit
Product quality
Supply Risks
Facilities integrity
Copycat manufacturing
Integrity of Service Delivered
Service infrastructure pedigree
Service Risks
Quality of Service Delivered
Service infrastructure pedigree
Reliability of Service Delivered
Service infrastructure pedigree
Security of Service Delivered
Service infrastructure pedigree
Operational location concerns |
Questionable financial stewardship |
Diversity and inclusion |
Industry sector |
Internal company QC , SCRM policy & practice |
Fraud and corruption |
Concerns regarding software access
Product resilience Functional integrity Mislabeling
|
Service Infrastructure provenance |
Service infrastructure provenance |
Service infrastructure provenance |
Service infrastructure provenance |
Foreign registration / incorporation |
Questionable future outlook |
Geographic concentration |
Location |
Subcontractor supply chain health / risk
Legal / law issues
|
Concerns regarding hardware access |
Product security |
Geopolitical integrity |
Packaging integrity |
Service specific integrity |
Service specific quality |
Service specific reliability |
Service specific security |
Geopolitical instability |
Questionable profitability |
Mergers & acquisitions frequency |
Personnel Sanction list status Cyber threat activity |
Logistics / transportation integrity |
Technical authenticity |
|
Key Management Vulnerability of
Personnel ( KMP ) and financial stability to Natural disasters non-person entity relationships foreign influence
|
Technical susceptibility |
Data security status |
Maintenance integrity |
Unsanctioned manufacturing |
Vulnerability of National corruption financial stability to market factors |
Operational volatility |
Type / level / frequency of security training |
Manufacturing process integrity |
National governance
Vulnerability to takeover
Sustainability Vulnerabilities Packaging integrity
Organization ownership and control
Politically Exposed Persons ( PEPs ) in corporate leadership
Political vulnerability
Reputational integrity
Supply chain integrity
Transparency of organization control
Figure 6-1 . Top-Level set of supply chain security risks in the SoT BoK .
Beyond these top-level risk categories , the SoT BoK expands down to the specific risk factors that compose these concern categories . The organization of the taxonomy goes from the common to the specific . For example , the concern for counterfeits is common while the ways of identifying whether counterfeits are in your supply chain are specific to the type of supply item .
Detecting counterfeit micro-electronics would have different risk measures than , for example , counterfeit software , handbags , or sushi , yet for those specific businesses that focus on each of these types of products , the need to identify and address their industry ’ s counterfeit items is critical to their businesses viability . The fuller scope of the SoT BoK includes more than 2,200 possible supply chain risks from suppliers , supplies , or services within the 14 top-level risk categories .
52 July 2022