Security, Compliance & Loss Prevention Part 7.pptx

Security,
Compliance
& Loss
Prevention

Important Dates
▶ Midterm 3/7/2024
▶ Assignment 3/13/2024
▶ Final 3/18/2024
This Photo by Unknown Author is licensed under CC BY-SA-NC

Terminal Learning
Objectives
▶ Understanding Supply Chain Safety
Management: Define the concept of
Supply Chain Safety Management and
its significance in modern business
operations.
▶ Conceptual Framework of Supply Chain
Safety: Explain the fundamental
principles and elements that constitute
the conceptual framework of supply
chain safety
▶ Identifying Targets of Supply Chain
Safety Management: Identify the
various aspects and stages within a
supply chain that require safety
management interventions.
▶ Components of Supply Chain Safety
Management: Explore the essential
components, such as risk assessment,
contingency planning, communication
strategies, and continuous
improvement, that contribute to an
effective supply chain safety
management system.

Conceptual
Framework of Supply
Chain Safety
▶ Companies today rely heavily
on collaborations and
outsourcing, leading to the
involvement of numerous
contract manufacturers.
▶ Outsourcing, especially in areas
like information technology,
production, and logistics,
increases the complexity of
supply chains and their length
and depth.
▶ Multiple supply chains, driven by
diverse markets and products,
have become networks,
increasing mutual dependence
among companies.

Conceptual
Framework of Supply
Chain Safety
▶ The growing trend of outsourcing is
expected to intensify due to factors
like customer numbers, product
variations, demand fluctuations, and
strategic suppliers.
▶ Supply chain disruptions have
significant negative impacts on
companies, including damage to
reputation, loss of productivity,
financial burdens, while customers
also face detrimental effects on
supply continuity.
▶ Real-world examples, such as
Nikon, Mattel, Bosch, Volvo, and
Ford, highlight the tangible
consequences of supply chain
disruptions caused by various
factors

Conceptual
Framework of Supply
Chain Safety
▶ Supply chain disruptions are
diverse and becoming more
complex due to increased
integration of company activities
and the networking paradigm.
▶ Companies face internal risks
from their own operations and
also new supply chain and
environmental risks.
▶ A holistic concept is needed to
address supply chain risk and
uncertainty factors and develop
effective action measures for
continuity of supply.

Conceptual
Framework of Supply
Chain Safety
▶ Literature presents a variety of
concepts aiming to enhance
supply chain continuity, each
with specific focuses on
disruption type, protection, or
management approach.
▶ The aim is to introduce a
comprehensive concept called
Supply Chain Safety
Management (SCSM) that
provides an overall framework
and forms the foundation of the
book's structure. The chapter
systematically outlines existing
concepts, highlighting their
similarities and differences, and
integrates their results into the
SCSM concept.
This Photo by Unknown Author is licensed under CC BY

Preliminary
Considerations
▶ Overview on existing, supply
chain safety-related
concepts.
• Literature analysis is used to
identify existing supply chain
safety-related concepts.
• The analysis involves a two-
step procedure: a general
literature survey across
monographs and a detailed
analysis of 13 selected
journals focused on
purchasing, logistics, and
supply chain management

Preliminary
Considerations
▶ Some Concepts Include:
• Risk Management
• Supply Chain Risk
Management
• Business Continuity
Management, Disaster
• Management, Emergency
Management
• Crisis Management
• Supply Chain Event
Management, Supply Chain
Security
• Supply Risk Management

Type of disruption
▶ Type of disruption: Disruptions reflect
conditions that result in a partial or entire
interruption of an original plan of the
operating processes.10 In the literature,
depending on the individual concept
these conditions are described by specific
types of disruptions which are presumed
to differ not only in terms of terminology,
but also in terms of content.
▶ Management approach: Due to the
character of risk and uncertainty factors
possibly resulting in associated
disruptions, an appropriate management
approach must be implemented. Here,
different types can be distinguished,
which differ among the individual
concepts.
▶ Process: (Strategic) management is
executed in several (strategic) steps.
Regarding the management of risk and
uncertainty factors, a process-oriented
view is recommended as well. However, it
is assumed that these steps differ among
the individual concepts in terms of scope
and level of detail.

Type of disruption
▶ Objective: Each of the concepts has a focus
on managing risk and uncertainty factors –
however, a focus on specific objects to be
protected is to be supposed. This particularly
refers to the protection of individuals,
companies, parts of companies (e.g.,
functional areas), supply chains or parts of
supply chains.
▶ Scientific discipline: Each concept has its
origin in one or more specific scientific
discipline(s). Thereby, conclusions can be
drawn about the (horizontal) “proximity” of
the individual concepts among one
another as well as about the (vertical)
“proximity” of each concept in relation to a
holistic, all-embracing concept for the
management of risk and uncertainty factors
in supply chains.
▶ Theoretical approach: By taking this
feature into account, theoretical approaches
can be captured that help explaining,
respectively designing (specific facets of) a
concept for the management of risk and
uncertainty factors. At the same time, the
theoretical approaches can be identified that
prevail in the literature.

Risk Management
(RM)
▶ Risk Management (RM) is a
widely used concept for
managing risk and uncertainty
factors.
▶ RM has its origins in the 1950s
and 1960s within the US
insurance industry and has
applications across various
scientific disciplines and
business administration areas.
▶ The concept focuses on the
disruption type called "risk,"
characterized by probability of
loss and significance of loss; it
primarily aims at the company
level.
This Photo by Unknown Author is licensed under CC BY-NC

Risk Management
(RM)
▶ SCRM aims to decrease supply chain
vulnerability through process-oriented
steps.
▶ Companies recognize that achieving a
100% safety level is not feasible; they
focus on achieving an optimal cost-
benefit balance.
▶ Transaction cost theory focuses on
relationships between actors and offers
corresponding approaches for supply
chain risk management.
▶ High reliability theory and normal accident
theory emphasize the impact of proactive
and reactive action measures on supply
chain resilience.
▶ Portfolio theory distinguishes between
systematic and unsystematic supply
chain risks, relevant for risk assessment
and management.

Supply Chain Risk
Management
▶ Risk Management (RM) is primarily used at
the company-level to ensure survival,
future success, and minimize risk-related
costs.
▶ Companies recognize that achieving a
100% safety level is not feasible; they
focus on achieving an optimal cost-benefit
balance.
▶ The marginal benefit of action measures
decreases as the safety level increases.
▶ RM processes vary in design and level of
detail, but they commonly involve steps like
risk identification, analysis, assessment,
management, and control.
▶ RM goals often align with a company's
main objectives and risk attitude.
Preventive and reactive measures are
used to manage risks, aiming to address
the probability and significance of risk
factors. Risk-minimizing action measures
are recommended for unsystematic risks
based on capital market theory.

Supply Chain Risk
Management
▶ SRM is a specific type of SCRM
focusing on risks in dyadic supply
chains.
▶ It analyzes risks at the interface
between a purchasing company and
its supplier(s).
▶ Agency theory is relevant for
managing risks in this dyadic
relationship.
▶ SRM aims to ensure the continuity of
supply to the end customer.
▶ The SRM process includes steps like
mapping supply network, risk
identification, assessment,
management, and collaborative
strategy.

Accessibility and The
Protection of
Information
▶ Accessibility: Accessibility
refers to the ability of
authorized individuals to
access the information they
need in a timely and efficient
manner. Access to
information is vital for
employees to perform their
tasks, make informed
decisions, collaborate, and
contribute to the
organization's success.
Proper accessibility ensures
that the right people have
access to the right
information when they need
it.

Protection of
Information
▶ Key considerations for ensuring
accessibility include:
• User Authentication and
Authorization: Implement strong
authentication methods, such as
usernames and passwords, multi-factor
authentication (MFA), or biometric
recognition, to ensure that only
authorized users can access the
information.
• Role-Based Access Control (RBAC):
Assign access rights based on job roles,
responsibilities, and the principle of least
privilege, ensuring that users have
access only to the information necessary
for their tasks.
• Access Logging and Monitoring: Keep
track of who accesses what information
and when. Implement audit logs to
monitor and review access activities for
any suspicious or unauthorized activities.
• User-Friendly Interfaces: Design
intuitive user interfaces that make it easy

Protection of
Information
▶ Protection of
Information: Protecting
information involves
safeguarding sensitive
data from unauthorized
access, loss, alteration,
or theft. Ensuring the
security of information is
essential for maintaining
trust, compliance with
regulations, and
preventing data
breaches This Photo by Unknown Author is licensed under CC BY

Protection of
Information
▶ Key considerations for
protecting information include:
• Encryption: Encrypt sensitive
data both in transit and at rest to
prevent unauthorized access
even if data is intercepted or
stolen.
• Firewalls and Network
Security: Implement firewalls,
intrusion detection and
prevention systems, and other
network security measures to
protect information from external
threats.
• Data Classification: Classify
information based on its
sensitivity and assign
appropriate security controls
This Photo by Unknown Author is licensed under CC BY-SA

Protection of
Information
• Regular Updates and
Patching: Keep software,
applications, and systems up-
to-date with the latest security
patches to address
vulnerabilities.
• Security Training: Educate
employees about the
importance of information
security, safe browsing
practices, and how to
recognize and respond to
phishing attempts or other
threats.
• Data Backup and Disaster
Recovery: Regularly back up
critical information and have a
disaster recovery plan in place

Protection of
Information
• Vendor Security: Ensure
that third-party vendors
and partners who have
access to your data follow
robust security practices.
• Compliance: Adhere to
relevant data protection
regulations and standards
to ensure legal and ethical
handling of sensitive
information.
• Incident Response Plan:
Develop a plan to respond
to security incidents
promptly and effectively,
minimizing damage and

Protection of
Information
▶ Protecting information in
distribution centers is crucial to
ensure the security, privacy, and
integrity of sensitive data related
to supply chain operations,
inventory, customer information,
and more. Distribution centers
play a vital role in the movement
and storage of goods, making
them potential targets for security
breaches and data theft.
By implementing a combination of
these measures, distribution
centers can create a secure
environment that safeguards
sensitive information, prevents
unauthorized access, and
minimizes the risk of data
breaches and security incidents.

Protection of
Information
▶ Here are some specific
measures to consider for
protecting information in
distribution centers:
• Physical Security
• Information Classification
• Network Security
• Inventory Management
System Security
• Data Encryption
• Secure Storage
• Vendor Management
• Employee Training
• Incident Response Plan
• Regular Security
Assessments
• Physical Document Handling

Theoretical approach
in Security
▶ A theoretical approach to security
involves the application of theoretical
frameworks, models, and concepts to
analyze and understand various
aspects of security, including
cybersecurity, physical security,
information security, and risk
management. These approaches
help practitioners, researchers, and
policymakers gain insights into
security challenges, vulnerabilities,
and threats, and develop strategies to
enhance security measures and
mitigate risks.
The choice of theoretical approach
depends on the specific security
context, such as cybersecurity,
physical security, or risk
management, and the goals of the
analysis or strategy development.
Applying theoretical frameworks can
provide a deeper understanding of
security challenges, inform decision-

in Security
▶ Here are some common theoretical
approaches to security:
• Risk Management Theory: Risk
management theory focuses on
identifying, assessing, and managing
risks to an organization's assets,
operations, and reputation. It involves
evaluating the likelihood and impact of
various threats and vulnerabilities and
developing strategies to minimize risks.
• Game Theory: Game theory explores
strategic interactions between different
parties and how they make decisions to
optimize outcomes. Applied to security,
it can help model scenarios involving
cyberattacks, security breaches, and
defensive strategies.
• Deterrence Theory: Deterrence theory
suggests that potential attackers can be
dissuaded from carrying out malicious
acts if they believe the costs or
consequences will be high. This theory
is often applied to cybersecurity and
crime prevention strategies.

in Security
• Systems Theory: Systems theory
views security as a complex system
with interconnected components. It
focuses on understanding the
interactions and dependencies
between these components to
identify vulnerabilities and ensure a
holistic approach to security.
• Human Behavior Theories:
Various theories from psychology
and sociology can be applied to
security, such as understanding
how individuals perceive risks,
make security-related decisions,
and respond to security measures.
• Criminology Theories:
Criminology theories, such as
routine activities theory and
situational crime prevention, can be
used to analyze how security
measures impact criminal behavior
and how to design environments
that discourage criminal activities.
This Photo by Unknown Author is licensed under CC BY-ND

in Security
• Social Engineering Theories:
Social engineering theories
examine how attackers manipulate
individuals through deception to
gain unauthorized access to
information or systems.
Understanding these tactics can
inform strategies for user
education and awareness.
• Economics of Security: This
approach involves analyzing the
costs and benefits of security
investments, exploring the trade-
offs between security measures
and their impact on organizational
operations and productivity.
• Cybersecurity Maturity Models:
These models provide a
framework to assess an
organization's cybersecurity
capabilities and maturity level,
helping to identify gaps and

in Security
• Resilience Theory: Resilience
theory focuses on an
organization's ability to withstand
and recover from security
incidents or disruptions. It
emphasizes adaptability,
redundancy, and response
planning.
• Sociotechnical Systems
Theory: This approach considers
the interplay between
technological and social factors in
security. It recognizes that
security is not solely a technical
issue but also involves human
behavior and organizational
dynamics.
• Identity and Access
Management (IAM) Theories:
IAM theories focus on how to
securely manage user identities

Supply Chain
Approach
▶ Managing the various
elements of a supply chain
involves making critical
decisions that impact the
flow of goods, information,
and resources. Different
approaches to managing the
supply chain can have
varying consequences for its
efficiency, effectiveness, and
overall resilience. When
these approaches are not
well-coordinated or lack
strategic planning, they can
lead to vulnerabilities,
disruptions, and negative
impacts on supply chain
operations.

Supply Chain
Approach
▶ To mitigate these
vulnerabilities and negative
impacts, organizations
should adopt a more
systematic, strategic, and
collaborative approach to
supply chain management.
This includes aligning supply
chain functions, investing in
technology, promoting
effective communication,
conducting risk
assessments, and fostering
collaboration among supply
chain partners. Such efforts
can enhance the overall
resilience, efficiency, and
effectiveness of the supply

Supply Chain
Approach
▶ Here are a few different approaches that
might result in such issues:
• Decentralized Approach:
1. In a decentralized approach, different
departments or units within an
organization make independent
decisions related to their specific
functions. While this approach can
empower individual units, it can lead to
inefficiencies and coordination
challenges across the supply chain.
• Fragmented Communication:
1. If communication between supply chain
partners is disjointed or inconsistent, it
can result in misunderstandings,
delayed responses, and misaligned
expectations. This can lead to
disruptions in production, delivery, and
inventory management.
• Overemphasis on Cost-Cutting:
1. Focusing solely on cost-cutting
measures might lead to compromises
in quality, supplier relationships, and
risk management. Overreliance on cost
reduction can increase the risk of using
subpar materials or suppliers that may
cause disruptions.

Supply Chain
Approach
• Lack of Risk Management:
1. Ignoring potential risks or not
implementing risk management
strategies can expose the supply
chain to unexpected disruptions.
Natural disasters, geopolitical events,
or supplier issues can severely impact
operations if risks are not adequately
addressed.
• Reactive Approach to Demand:
1. Adopting a reactive approach to
demand fluctuations, instead of
proactive demand forecasting and
planning, can lead to stockouts,
overstocking, and inefficient
production scheduling.
• Inadequate Supplier Evaluation:
1. Failing to thoroughly evaluate
suppliers for reliability, quality, and
capacity can lead to interruptions in
the supply of materials, components,
or products.
• Absence of Collaboration:
1. Lack of collaboration between
different supply chain partners can
result in conflicting priorities, lack of
visibility, and inefficiencies in sharing

Supply Chain
Approach
• Neglecting Technology Adoption:
1. Refusing to adopt technology
solutions, such as supply chain
management software or real-time
tracking systems, can hinder
visibility and decision-making
across the supply chain.
• Single-Sourcing Dependencies:
1. Relying heavily on a single
supplier for critical components
can make the supply chain
vulnerable to disruptions if that
supplier faces issues.
• Inconsistent Quality Control:
1. A lack of consistent quality control
measures can lead to defective
products entering the supply
chain, affecting customer
satisfaction and disrupting
downstream processes.
• Short-Term Focus:
1. Prioritizing short-term gains over
long-term supply chain resilience
can result in a lack of

Effects of Theft in
Supply Chain
▶ Theft in the supply chain can have
significant and far-reaching effects
on both businesses and consumers.
Theft can occur at various points
along the supply chain, from raw
materials and components to
finished products and goods in
transit. These effects can disrupt
operations, increase costs, damage
reputations, and compromise
customer trust.
To mitigate the effects of theft in the
supply chain, businesses can
implement comprehensive security
measures, such as surveillance
systems, access controls, employee
training, secure packaging, and
supply chain visibility solutions.
Collaborating with supply chain
partners and investing in risk
assessment and prevention
strategies can help reduce the

Effects of Theft in
Supply Chain
▶ Here are some of the effects of theft
in the supply chain:
• Financial Losses: Theft leads to
direct financial losses for businesses
due to stolen merchandise,
equipment, and materials. These
losses can impact profitability and
financial stability.
• Increased Costs: Businesses may
need to invest in security measures,
insurance premiums, investigations,
and legal proceedings to address theft
incidents. These additional costs can
strain resources and decrease profit
margins.
• Inventory Discrepancies: Theft can
result in inaccurate inventory records,
leading to inventory shortages that
impact order fulfillment and production
schedules.
• Disruptions in Production: Stolen
raw materials or components can
disrupt production schedules, delaying

Effects of Theft in
Supply Chain
• Delayed Deliveries: Theft of
goods in transit can lead to
delivery delays, customer
dissatisfaction, and potential
contractual penalties.
• Supply Chain Inefficiencies:
The need to implement additional
security measures and
investigations can slow down
supply chain processes and
decrease overall efficiency.
• Loss of Customer Trust: Theft
incidents can erode customer
trust in a brand's ability to provide
secure, reliable products.
Customers may lose confidence
in the brand's ability to protect
their personal data.
• Brand Reputation Damage:
Publicized theft incidents can
damage a company's reputation
This Photo by Unknown Author is licensed under CC BY-NC-ND

Effects of Theft in
Supply Chain
• Lost Sales Opportunities:
Inventory shortages resulting from
theft can lead to lost sales
opportunities when products are
not available for purchase.
• Counterfeit and Gray Market
Risk: Stolen goods can enter the
market through unauthorized
channels, increasing the risk of
counterfeit products and
compromising product quality.
• Regulatory and Legal
Consequences: Theft incidents
may result in legal actions,
regulatory investigations, and
potential fines for non-compliance
with security regulations.
• Employee Morale: Frequent theft
incidents can negatively impact
employee morale and job
satisfaction, creating a tense work

Effects of Theft in
Supply Chain
• Business Relationships:
Supply chain partners may
question the reliability and
security of their relationships
with businesses that
experience theft incidents.
• Loss of Competitive
Advantage: Theft can
diminish a business's
competitive advantage if it
affects its ability to meet
customer demands, maintain
pricing, and deliver quality
products.
• Insurance Premiums:
Frequent theft incidents can
lead to increased insurance
premiums, which can further

Conclusion
▶ We started out describing
accessibility and the protection of
information access control and theft
prevention. We learned they are two
crucial and often interconnected
aspects of information management
within organizations. We examined
theoretical approach to security
involves the application of
theoretical frameworks, models, and
concepts to analyze and understand
various aspects of security,
including cybersecurity, physical
security, information security, and
risk management. We examined
different approach to managing the
various elements of a supply chain
which can result in vulnerabilities,
disruptions, and negative impacts
on supply chain operations. We
concluded with the effects of theft
with supply chain.

Securing the Supply Chain: What Does
Compliance Look Like?

What are some risk
definitions?

What are some risk
definitions?
• Economic
• Compliance
• Security & Fraud
• Financial
• Reputational
• Operational
• Competitive

What is the German
Supply Chain Due
Diligence Act?

What Incentives Do
We Have to Work
Together?

Security, Compliance & Loss Prevention Part 7.pptx

Recommended

Recommended

More Related Content

Similar to Security, Compliance & Loss Prevention Part 7.pptx

Similar to Security, Compliance & Loss Prevention Part 7.pptx (20)

More from Sheldon Byron

More from Sheldon Byron (20)

Recently uploaded

Recently uploaded (20)

Security, Compliance & Loss Prevention Part 7.pptx