Guiding Supply Chain Security in Aeronautic Development
To date , MITRE has gathered and shared over 650 measurable risks with over 1300 measures against them . Risks are organized into a hierarchical set of risk categories that start with supplier , supply , and service risks . Risk categories are broken down into 15 top-level risk subcategories of 7 , 4 , and 4 respectively for supplier , supply and service risks . Subcategories are then further spread into almost 230 lower level risk categories , as illustrated in Figure 3-1 .
Figure 3-1 : Hierarchical vocabulary of supplier , supply and service risks .
Each category of risk has a definition , a list of sub-categories of the specific risk area , and any measurable risks ( risk factors ) that are applicable to that category . The risk factors not only have definitions , but also have a listing of potential concrete risk measures that can be used to assess them .
Risk measures are specific conditions , expressed as yes / no questions , that can be evaluated utilizing appropriate data from relevant data sources to determine if the criteria of the condition have been met . When evaluated as true , various risk measures for a given risk factor may convey differing levels of risk qualification / quantification for the risk factor . These risk measures capture the experience and insights of subject matter experts to support practical measurement of the specific risks .
Figure 3-2 shows a screen shot from MITRE ’ s content management system for the System of Trust body of knowledge with several risk categories ( RC ), risk factors ( RF ), and risk measures ( RM ) in the Supplier Financial Stability Risk area , illustrating the relationships and details of the SoT materials .
8 August 2024