How To (Quickly) Evaluate Supplier Risk & Pivot During A Crisis


Share this post

There isn’t a shortage of reasons to be concerned with supply chain issues, especially in the wake of the Ukraine-Russia conflict. But unfortunately, global crises, whether they’re natural disasters or geo-political issues, are not as few and far between as we'd like.  When you only have limited time and resources to track the impact of a crisis on your value chain, make sure you’re taking a look at the following measures. 

Key Metrics to Follow


The reason behind evaluating supplier locations may be obvious, but there is more that goes into a company’s location than physical facilities. According to Ukraine’s Ministry of Foreign Affairs, more than 100 Fortune 500 companies rely in some part on the country’s IT services, and are consistently among the top outsourcing options for technical services worldwide.  That means it’s worth investigating whether your supplier employs or outsources at least a portion of work to remote employees in an impacted country.  Many natural disasters, for example, force migration to neighboring countries or regions, thereby affecting supply (if they are physical facilities) or operational capacity and tech (if they are IT workers).  Be sure to look not just at the country (ies) directly impacted, but understand if your suppliers have workforces in the neighboring countries and regions as well. 


Unfortunately, objective, robust and up-to-date cybersecurity risk analyses on suppliers is difficult to come by. Many companies still rely on surveys for suppliers to fill out, which has several major flaws, the first one being that these surveys are point-in-time only; therefore, responses and cyber risk could change the next day, week or month. But perhaps more importantly, these are subjective assessments that are filled out by suppliers themselves, and they would prefer to portray themselves in the best light possible. Ensure you’re able to quickly access objective cyber risk scores on your suppliers that are dynamic and can be retrieved in real time over the following areas: network security, endpoint security, DNS, patching cadence, IP Reputation, application security and storage protection.

Ownership, Investors, and Politically Exposed People (PEP)

This is especially important in tense global conflicts where sanctions are involved. Using a supplier intelligence platform that helps you understand who has a stake in your suppliers, whether they have connected holding companies or are blacklisted investors, is a critical part of preventing disruption to your supply chain. Sanctions on Russian financial institutions, for example, present a uniquely complicated situation for procurement and supply chain professionals who are unclear which, if any transactions, may be at risk.   

Affected Industries and Commodities

Get supplier data that can quickly identify industries and commodities that are heavily produced in the affected regions. The Russia-Ukraine conflict has proven that, in addition to oil and natural gas, significant commodities come from the region, such as palladium, wheat, aluminum and nickel. With a bird’s eye view of key goods and materials produced in the area, you’ll be able to act quickly to secure supply.

Looking Beyond Tier 1 Supplier Data

N-tier Mapping

The supply chain world is chock full of disaster stories that were a result of a lack of n-tier data, and the gaps in understanding tend to widen in the wake of a crisis. Just take the 2011 Japanese earthquake - unbeknownst to major automakers, the disaster shut down the world’s only factory that produced a specialty pigment used in multiple car paints.The result? Chrysler, Toyota, General Motors and Ford had to heavily restrict orders on all cars being ordered in 10 colors.   

Of course, in situations with ongoing regional conflict such as in Russia and Ukraine, the stakes can be higher. 

But visibility into n-tier supply chains has long been a challenge, even if you have sufficient participation from tier 1 suppliers. To the extent possible, be sure to track the same metrics outlined above - location, cybersecurity, and affected commodities - for your n-tier suppliers, and share findings with your tier 1 suppliers to collaboratively work towards mitigating risk.

Alternative Suppliers

Most companies have contingency plans, but they can’t be executed without reliable supplier data. A big part of this means that you should be able to quickly locate alternative suppliers, whether you’ve confirmed suppliers have already been impacted, or there is reason to believe they’re at heightened risk. Your supplier intelligence tool should allow for quick lookups using a myriad of filters, such as product codes, industry or investors, as well as the ability to collaborate and coordinate cross-functionally. As part of your supplier diversification strategy, mitigate risk by searching for alternatives that exist in different locations.

Incident Alerts

Just like with n-tier focused supply chain disasters, there are also plenty of supply chain issues that result from delayed responses. Stay informed in real time when major disasters or conflicts occur by having an alerting system in place within your supplier intelligence platform. 

Evaluating risk and subsequently taking proactive measures to secure your entire value chain in the midst of a sudden crisis is daunting and stressful. But it’s not impossible. Use a supplier intelligence platform that can track a myriad of traditional and non-traditional metrics in real time with the visual representation you need for quick interpretation and action.

Learn more about Craft's supplier intelligence platform here.