Skip to content

Supply Chain Risk Management Standard: A Compilation of Best Practices

ATTENTION: This page is intended to be viewed online and may not be printed or copied.

Annex L


L. Bibliography

L.1 ASIS International Publications

ANSI/ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness and Continuity Management Systems — Requirements with Guidance for Use

ANSI/ASIS/BSI BCM.01-2010, Business Continuity Management Systems: Requirements with Guidance for Use

L.2 ISO Standards Publications

ISO 9004:2009, Managing for the sustained success of an organization -- A quality management approach

ISO/IEC 17021:2011, Conformity assessment -- Requirements for bodies providing audit and certification of management systems

ISO 17712:2013, Freight containers -- Mechanical seals

ISO 19011:2011, Guidelines for quality and/or environmental management systems auditing

ISO/IEC 27001:2013, Information technology -- Security techniques -- Information security management systems – Requirements

ISO 28000:2007, Specification for security management systems for the supply chain

ISO 28002:2011, Security management systems for the supply chain -- Development of resilience in the supply chain -- Requirements with guidance for use

ISO 31000:2009, Risk management – Principles and guidelines

ISO/IEC 31010:2009, Risk management -- Risk assessment techniques

L. 3 Other Relevant Publications

Berman, Al, “Business Continuity in a Sarbanes-Oxley World,” Disaster Recovery Journal, Vol. 17, No. 2, Spring 2004, pp. 18-24.

British Standards Institute, “Risk Management: Code of Practice,” BS 31100, October 2008.

Castillo, Carolyn, “Disaster Preparedness and Business Continuity Planning at Boeing: An Integrated Model,” Journal of Facilities Management, Vol. 3, No. 1, July 2004, pp. 5-26.

Chopra, Sunil, and ManMohan S. Sodhi, “Managing Risk to Avoid Supply-Chain Breakdown,” MITSloan Management Review, Vol 46, No. 1, Fall 2004, pp. 53-61.

Christopher, Martin, “Understanding Supply Chain Risk: A Self-Assessment Workbook,” Cranfield University, School of Management, Department for Transport, 2003. As of August 10, 2011:

Ellis, Simon, “Supply Chain Risk Management: A Best Practice Case Study of Cisco,” Manufacturing Insights, June, 2009.

European Union Authorized Economic Operator (AEO) Program, Taxation and Customs Union,

Favre, Donovan, and John McCreery, “Coming to Grips with Supplier Risk,” Supply Chain Management Review, September 1, 2008.

Finch, Peter, “Supply Chain Risk Management,” Supply Chain Management: An International Journal, Vol. 9, No. 2, 2004, pp. 183-196.

Giunipero, Larry C., and Reham Aly Eltantawy, “Securing the Upstream Supply Chain: A Risk Management Approach,” International Journal of Physical Distribution & Logistics Management, Vol. 34, No. 9, 2004, pp. 698-713.

Hepenstal, Ann, and Boon Campbell, “Maturation of Business Continuity Practice in the Intel Supply Chain,” Intel Technology Journal, Vol. 11, Issue 2, May 2007, pp. 165-171.

Hillman, Mark, and Heather Keltz, “Managing Risk in the Supply Chain – A Quantitative Study,” AMR Research, 2007.

Lee, Don, and David Pierson, “Disaster in Japan Exposes Supply Chain Flaw,” Los Angeles Times, April 6, 2011.

Moore, Nancy Y., Clifford A. Grammich, and Robert Bickel, Developing Tailored Supply Strategies, Santa Monica, Calif.: RAND Corporation, 2007.

Norrman, Andreas, and Ulf Jansson, “Ericsson’s Proactive Supply Chain Risk Management Approach After a Serious Sub-supplier Accident,” International Journal of Physical Distribution and Logistics Management, Vol. 34, No. 5, 2004, pp. 434-456.

Pitt, Michael, and Sonia Goyal, “Business Continuity Planning as a Facilities Management Tool,” Facilities, Vol. 22, No. 3/4, 2004, pp. 87-99.

Ritchie, Bob, and Clare Brindley, “Supply Chain Risk Management and Performance: A Guiding Framework for Future Development,” International Journal of Operations and Production Management, Vol. 27, No. 3, 2007, pp. 303-322.

Sheffi, Yossi, The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage, Cambridge, Mass.: MIT Press, 2005.

Sheffi, Yossi, and James B. Rice Jr., “A Supply Chain View of the Resilient Enterprise,” MIT Sloan Management Review, Vol. 47, No. 1, Fall 2005, pp. 41-48.

Smith, Briony, “Intel: Disasters Can Be ‘Business As Usual’ With Enough Planning,” ComputerWorld, June 18, 2008.

Solomon, Lance, and Joe McMorrow, “Case Study: Chengdu Earthquake Crisis Response,” Supply Chain Risk Leadership Council Newsletter, Fourth Quarter, 2008.

United States Customs and Border Protection C-TPAT: Customs-Trade Partnership Against Terrorism,

Verstraete, Christian, “Share and Share Alike,” Supply Chain Quarterly, Quarter 2, 2008.

World Customs Organization, The SAFE Framework of Standards, 2012,

Zsidisin, George A., “Business and Supply Chain Continuity,” Critical Issues Report, January 2007.

Zsidisin, George A., Gary L. Ragatz, and Steven A. Melnyk, “Effective Practices for Business Continuity Planning in Purchasing and Supply Management,” East Lansing, Mich.: Michigan State University, July 21, 2003.

Zsidisin, George A., Alex Panelli, and Rebecca Upton, “Purchasing Organization Involvement in Risk Assessments, Contingency Plans, and Risk Management: An Exploratory Study,” Supply Chain Management, Vol. 5, No. 4, 2000, 187-198.

L.4 References Relating to ICT SCRM

To learn more about ICT SCRM review the following documents and sources.

NIST Supply Chain Risk Management (SCRM) for Information and Communication Technology Program Office

NIST IR 7622, Notional Supply Chain Risk Management Practices for Federal Information Systems

SP 800-30 Rev. 1, Guide for Conducting Risk Assessments

SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View