Skip to content
Menu
menu

Supply Chain Risk Management Standard: A Compilation of Best Practices

ATTENTION: This page is intended to be viewed online and may not be printed or copied.

Annex L

(Informative)

L. Bibliography

L.1 ASIS International Publications

ANSI/ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness and Continuity Management Systems — Requirements with Guidance for Use

ANSI/ASIS/BSI BCM.01-2010, Business Continuity Management Systems: Requirements with Guidance for Use

L.2 ISO Standards Publications

ISO 9004:2009, Managing for the sustained success of an organization -- A quality management approach

ISO/IEC 17021:2011, Conformity assessment -- Requirements for bodies providing audit and certification of management systems

ISO 17712:2013, Freight containers -- Mechanical seals

ISO 19011:2011, Guidelines for quality and/or environmental management systems auditing

ISO/IEC 27001:2013, Information technology -- Security techniques -- Information security management systems – Requirements

ISO 28000:2007, Specification for security management systems for the supply chain

ISO 28002:2011, Security management systems for the supply chain -- Development of resilience in the supply chain -- Requirements with guidance for use

ISO 31000:2009, Risk management – Principles and guidelines

ISO/IEC 31010:2009, Risk management -- Risk assessment techniques

L. 3 Other Relevant Publications

Berman, Al, “Business Continuity in a Sarbanes-Oxley World,” Disaster Recovery Journal, Vol. 17, No. 2, Spring 2004, pp. 18-24.

British Standards Institute, “Risk Management: Code of Practice,” BS 31100, October 2008.

Castillo, Carolyn, “Disaster Preparedness and Business Continuity Planning at Boeing: An Integrated Model,” Journal of Facilities Management, Vol. 3, No. 1, July 2004, pp. 5-26.

Chopra, Sunil, and ManMohan S. Sodhi, “Managing Risk to Avoid Supply-Chain Breakdown,” MITSloan Management Review, Vol 46, No. 1, Fall 2004, pp. 53-61.

Christopher, Martin, “Understanding Supply Chain Risk: A Self-Assessment Workbook,” Cranfield University, School of Management, Department for Transport, 2003. As of August 10, 2011: https://dspace.lib.cranfield.ac.uk/bitstream/1826/4373/1/Understanding_supply_chain_risk.pdf

Ellis, Simon, “Supply Chain Risk Management: A Best Practice Case Study of Cisco,” Manufacturing Insights, June, 2009.

European Union Authorized Economic Operator (AEO) Program, Taxation and Customs Union, http://ec.europa.eu/taxation_customs/customs/policy_issues/customs_security/aeo/

Favre, Donovan, and John McCreery, “Coming to Grips with Supplier Risk,” Supply Chain Management Review, September 1, 2008.

Finch, Peter, “Supply Chain Risk Management,” Supply Chain Management: An International Journal, Vol. 9, No. 2, 2004, pp. 183-196.

Giunipero, Larry C., and Reham Aly Eltantawy, “Securing the Upstream Supply Chain: A Risk Management Approach,” International Journal of Physical Distribution & Logistics Management, Vol. 34, No. 9, 2004, pp. 698-713.

Hepenstal, Ann, and Boon Campbell, “Maturation of Business Continuity Practice in the Intel Supply Chain,” Intel Technology Journal, Vol. 11, Issue 2, May 2007, pp. 165-171.

Hillman, Mark, and Heather Keltz, “Managing Risk in the Supply Chain – A Quantitative Study,” AMR Research, 2007.

Lee, Don, and David Pierson, “Disaster in Japan Exposes Supply Chain Flaw,” Los Angeles Times, April 6, 2011.

Moore, Nancy Y., Clifford A. Grammich, and Robert Bickel, Developing Tailored Supply Strategies, Santa Monica, Calif.: RAND Corporation, 2007.

Norrman, Andreas, and Ulf Jansson, “Ericsson’s Proactive Supply Chain Risk Management Approach After a Serious Sub-supplier Accident,” International Journal of Physical Distribution and Logistics Management, Vol. 34, No. 5, 2004, pp. 434-456.

Pitt, Michael, and Sonia Goyal, “Business Continuity Planning as a Facilities Management Tool,” Facilities, Vol. 22, No. 3/4, 2004, pp. 87-99.

Ritchie, Bob, and Clare Brindley, “Supply Chain Risk Management and Performance: A Guiding Framework for Future Development,” International Journal of Operations and Production Management, Vol. 27, No. 3, 2007, pp. 303-322.

Sheffi, Yossi, The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage, Cambridge, Mass.: MIT Press, 2005.

Sheffi, Yossi, and James B. Rice Jr., “A Supply Chain View of the Resilient Enterprise,” MIT Sloan Management Review, Vol. 47, No. 1, Fall 2005, pp. 41-48.

Smith, Briony, “Intel: Disasters Can Be ‘Business As Usual’ With Enough Planning,” ComputerWorld, June 18, 2008.

Solomon, Lance, and Joe McMorrow, “Case Study: Chengdu Earthquake Crisis Response,” Supply Chain Risk Leadership Council Newsletter, Fourth Quarter, 2008.

United States Customs and Border Protection C-TPAT: Customs-Trade Partnership Against Terrorism, http://c-tpat.com/

Verstraete, Christian, “Share and Share Alike,” Supply Chain Quarterly, Quarter 2, 2008.

World Customs Organization, The SAFE Framework of Standards, 2012, http://www.wcoomd.org/en/topics/facilitation/instrument-and-tools/tools/~/media/55F00628A9F94827B58ECA90C0F84F7F.ashx

Zsidisin, George A., “Business and Supply Chain Continuity,” Critical Issues Report, January 2007.

Zsidisin, George A., Gary L. Ragatz, and Steven A. Melnyk, “Effective Practices for Business Continuity Planning in Purchasing and Supply Management,” East Lansing, Mich.: Michigan State University, July 21, 2003.

Zsidisin, George A., Alex Panelli, and Rebecca Upton, “Purchasing Organization Involvement in Risk Assessments, Contingency Plans, and Risk Management: An Exploratory Study,” Supply Chain Management, Vol. 5, No. 4, 2000, 187-198.

L.4 References Relating to ICT SCRM

To learn more about ICT SCRM review the following documents and sources.

NIST Supply Chain Risk Management (SCRM) for Information and Communication Technology Program Office http://csrc.nist.gov/scrm/index.html

NIST IR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems http://nvlpubs.nist.gov/nistpubs/ir/2012/NIST.IR.7622.pdf

SP 800-30 Rev. 1, Guide for Conducting Risk Assessments http://csrc.nist.gov/publications/nistpubs/800-30-rev1/sp800_30_r1.pdf

SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf

Table of Contents

SCRM Home

Scope
  • Scope
  • Normative References
  • Terms and Definitions
Characteristics of Supply Chain Risk Management
  • General
  • Leadership and Team Composition
  • SCRM Business Case
  • Change Management in SCRM
Risk Principles and Process
  • General
  • Risk Communication and Consultation
  • Establishing the Context
  • Risk Assessment Process
Risk Treatment
  • General
  • Protecting and Securing the Supply Chain
  • Responding to Events
  • Maintaining Resilience of Business Operations Post Incident

Performance Evaluation and Continual Monitoring

  • General
  • Testing and Adjusting the Plan
  • Tracking Change
  • Monitoring and Reviewing the Risk Management Program
 

Annex C: Sample Risks by Category and Type

Annex D: Generic Elements for Supply-Chain Security Agreements

Annex E: Sample Supply-Chain Security Self-Awareness Questionnaire for Suppliers or Other Supply-Chain Partners

Annex F: Elements of Supply-Chain Security Contract Language for External and Third-Party Logistics Service Providers

Annex G: Sample Crisis-Management Program Element Review

Annex H: Sample Site Crisis Plan

Annex I: Supplementary Forms

Annex J: Sample Regulatory Impact Assessment

Annex K: The supply Chain Risk Leadership Council's (SCRLC) Maturity Model

Annex L: Bibliography

arrow_upward