Supply chain security and risk

Supply chain security can be defined as a “general system property characterizing uninterrupted performance of a supply chain functioning to achieve its goals under protection against external purposeful threats” (Ivanov and Sokolov, 2010 books of supply chain management courses). To achieve that state of uninterrupted performance, the Magdalena Jażdżewska-Gutta

companies and other entities must implement sets of security measures that are described as supply chain security management (SCSM). Closs and McGarrel provided also the definition of supply SCSM:

"Supply chain security management is the application of policies, procedures, and technology to protect supply chain assets (product, facilities, equipment, information, and personnel) from theft, damage, or terrorism, and to prevent the introduction of unauthorized contraband, people, or weapons of mass destruction into the supply chain." (Closs and McGarrel, 2004).

It is important to mention, that the above definitions cover man-made threats and exclude natural disasters and other typical supply chain risks, which were listed by Mason-Jones and Towill: demand and supply side risks, manufacturing process risks and control system risks (Mason-Jones and Towill, 1998). These risks are a part of supply chain risk management (SCRM) and SCSM is considered to be a part of this concept (Markmann et al., 2013; Williams et al., 2008). Supply chain risk management is defined as:

"a collaborative and structured approach to risk management, embedded in the planning and control processes of the supply chain, to handle risks that might adversely affect the achievement of supply chain goals." (Pfohl et al., 2010).

Thus, the analysis of security threats to the supply chain involves risk analysis. Risk should be considered in terms of probability and severity or business consequences of the event (Brindley, 2004). The basic tool for such an analysis is the risk matrix, which can be also used for classifying security measures (Knemeyer et al., 2009). The risk matrix has two dimensions – disruption probability and consequences (business impact) which divide the risk into at least four sections. This analysis concentrates on the two sections that contain the most common security threats to the supply chains.

According to many supply chain institutes who are offering supply chain management degree program risk is the most important factor in supply chain cycle if organisation neglects risk factor then there will 80% chances of loss or damage.

The probability of such events is very low, for some firms the occurrence of such events is almost impossible. This is one of the reasons why companies usually ignore such risks, resign from developing and financing security plans and concentrate on the protection from low impact risks (Knemeyer et al., 2009).