Accessibility Tools

Skip to main content

Ensuring Secure Supply Chains for Small Organisations

Apples and Pears

For small organisations to keep large enterprise customers they must make sure that their supply chain is secure, consistent and not affected negatively easily. To do this successfully they have to invest in processes similar to those used by their enterprise customers. Here we explore some of those considerations for small organisations, so that you are not comparing apples to pears.

This is edited content from Sarb Sembhi and co-host Nick Ioannou. Also in video and podcast media.

 Glossary Terms in this Blog Article - hover to view, click for full glossary.



This is edited content from Sarb Sembhi and co-host Nick Ioannou. Also in video and podcast media.


Introduction to Small Organisation Supply Chains

Today we are going to be looking at Small Organisation supply chains. In another episode we looked at how you can be secure as part of your customers supply chain and now, we are following that through to your own supply chain. So, over to you Nick, how do you ensure the security and resilience of your supply chain?

Default sample awareness and knowledge infographic

Small Organisation Supply Chain

For many Small Organisations, when they start off with just one or two staff members don’t think about resilience or the security of their suppliers. But in many cases, we know that it is probably the best time to start, because with very few suppliers it is going to be simpler and as the organisation develops and grows so will the number of suppliers and the requirements for resilience and security.

To some extent many small organisations do ask some of the basic questions but without formalising anything on paper. The starting point is to understand what product or service is required, its impact on your ability to continue to operate as planned.

The requirements stage may involve considering the following:

  • How critical is the product or service for our continued operations?
  • What are the impacts of a disruption to continued supply?
  • What are the technical or standards requirements?
  • Will the supply of this service impact other products or services?
  • Is the whole service being outsourced?
  • What are the support requirements?
  • What are the internal requirements for staff?

We explore some of these in more detail later.

Apart from the product or service requirements, there are considerations about the supplier. Depending on the organisations policies or intentions, these set of considerations may be treated with the service requirements or separately.

Supplier considerations may include:

  • Suppliers’ background and years of service in Organisation.
  • Diversity of suppliers.
  • Sustainability policies of suppliers.
  • Suppliers’ commitment to Anti-Slavery.
  • Suppliers’ commitment to other Social Responsibilities.
  • Suppliers’ commitment to staff development and training.
  • Suppliers’ achievement of security standards, and related policies.
  • Suppliers’ Continuity Policies.

Once the service and supplier requirements are defined, the procurement process that will be used needs to be considered. There are some things that may be as simple as picking up the phone and placing an order or getting onto a supplier’s website and placing an order. In most cases such things may not require a process and it will be accepted that there is no reason to document such process, but it may be useful and important over time that the boundaries of how staff can make such decisions is documented. Some of the reasons for doing this may include other considerations that come over time like Supplier Diversity Policies, or Sustainability Policies, where certain suppliers or types of suppliers may be excluded.

Considerations around supplier selection processes may include:

  • The value or types of purchases, products or services which don’t have to go through the more formal process.
  • Any additional special processes or cases that may need to be considered differently. Examples may be that the formal process is used for all existing recognised important services, and a different process for new or first-time purchases where the organisation is still trying to understand the service or solution. These special processes may be shorter or quicker processes (where there is a requirement to bring the service in quickly), or more stringent processes due to the value and importance where additional due diligence may be required.
  • Will there be only one formal process or more and how will they differ from any tendering processes that are used.
  • Importance of the service to the organisation – all critical services should undergo the formal process.
  • The minimum number of suppliers to be included in each type of process.
  • The individual roles that should be involved in each type of process.
  • The process of notifying the selected suppliers.
  • What will the standard contract to supply include, in relation to support?

What we’ll do now is going into some of these things in a little more detail.

Default sample Threat Map infographic

This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.

Infographic images are copyright of Virtually Informed, and available to registered users for download during the publication week of the blog article together with other downloadable resources, including: all related infographics on this page, example policy templates, posters, screen savers and much more.