ISO TS 22318:2021 pdf download – Security and resilience — Business continuity management systems — Guidelines for supply chain continuity management.
NOTE 1 Resources include materials, labour, information and data, workplace, facilities and associated utilities, equipment, consumables, ICT systems, transportation, logistics, finance and other services required for the activities of the organization. NOTE 2 Products and services delivery includes transportation, logistics, implementation, machinery installation services, etc. performed by the organization or by a third party under the organization’s responsibility. It is possible that the end user is not the immediate customer of the products and services. In some circumstances, the organization needs to consider that post-delivery use and consequences of the provision of their products and services, beyond the immediate customer, can impact brand and reputation. The organization can consider contracts to control subsequent use or implement end-user agreements to limit further downstream transfer. A supply chain exists where the provision of resources depends on other organizations that are not under the direct management or control of the organization. There are different types of relationships that an organization can have: — upstream relationships: — long term for recurring resources such as raw material, workspace, professional services; — one time for infrequent resource acquisition such as special projects; — professional association such as franchises, supplier associations; — downstream relationships: — business-to-business (wholesalers and retailers); — business-to-customer. The basis for all these relationships is commitments to meet interested parties ’ expectations. These commitments can either be explicit (e.g. contract or purchase order) or implicit (e.g. what can be reasonably expected). Organizations in the supply chain should take into account that the degree of flexibility and the related control on essential services and heavily regulated suppliers can be constrained, e.g. national electric companies, telecommunications, internet providers. NOTE The above relationship types provide examples only and are not intended to be complete. 4.2 Supply chain continuity management 4.2.1 General SCCM is a management process that identifies potential impacts to an organization from disruption to its supply chain and provides an approach to manage this. Continuity of the supply chain is important to all organizations, enabling them to deliver products and services. Disruption to the supply chain can impact or even prevent the organization from delivering those products and services with consequent negative effects to its revenue, market share and reputation. Effective SCCM enables the organization to avoid or minimize the consequences of disruption. There can be conflict between SCCM and the objectives of supply chain management such as the need to reduce costs, avoid excessive inventory and optimization of lead times. Organizations should recognize that effectively managing the supply of resources will lead to increased control of the supply chain, improved efficiency and help to avoid severe disruptions. SCCM seeks to identify those suppliers who can significantly impact the organization and ensure that the organization has implemented strategies and solutions to address these.