In recent years, digitisation in the manufacturing industry – known as the ‘Fourth Industrial Revolution’ – has streamlined the manufacturing process. Organisations are rapidly integrating new forms of technology at pace into entire supply chains, with manufacturers accounting for $189 billion of IoT spending in 2018.

Licence: CC0
More recently, IBM research shows that 67% of manufacturers have accelerated digital projects as a result of Covid-19, with many onboarding new software quickly in response to the global pandemic and Brexit.
Technology supply chains can often be complex and varied – as much reliance can be placed on global software suppliers as niche, smaller operators, so understanding how to future-proof any dependence is key to building long term success.
How the manufacturing sector can build operational resilience into supply chains
1. Assessing risk across the supply chain
Supply chains can have a huge impact on an organisation’s overall resilience - the wider or longer a supply chain, the more an organisation is at risk of an outage or loss of availability of critical data disrupting its business, through no fault of its own.
Having a clear idea of the level of risk across an organisation’s supplier landscape is key to building resilience and this can include categorising outsourcers on their criticality, financial stability, and concentration risk.
With many organisations in the manufacturing and logistics sector increasing their use of hardware and software, with software even embedded within the manufacturing devices themselves, this management is even more crucial. Risk assessment can be carried out using recommended or methodologies from independent risk mitigation specialists. Once these are assessed and understood, organisations can manage them with appropriate strategies to become more resilient.
2. Securely integrating new software solutions
The development and implementation of an onboarding process for the use of any new third-party software providers is important as bringing any third-party supplied software into an organisation can introduce a security risk if not managed appropriately.
Bringing the issue of third-party software risk to internal boards within organisations, ensuring that all information regarding business-critical applications is recorded securely, and forming contingency disaster recovery plans is essential to maintain supply chain resilience.
Moreover, when using third party software providers, the long term availability of the software should be protected, with the source code behind business-critical applications held securely in escrow and tested to ensure that it is correct, and vulnerability and error-free so that it can be accessed in case of any disruption.
3. Ensuring flexibility in legal agreements
It is important for organisations to have a pre-developed “stressed exit plan” in place, so that there are measures in place to ensure business continuity should an IT failure occur within the supply chain.
This plan should then be repeatedly tested to ensure that any business-critical applications can be rebuilt if necessary. Manufacturing organisations should use suppliers that proactively deliver complementary risk mitigation and business continuity assurance to fit their needs. This can include implementing robust onboarding and procurement policies that ensure that software escrow agreements and verification testing are built into all supplier contracts.
4. Understanding the resiliency of third parties
The level of risk created by dependency on third party supplied software applications is dependent on many factors. These include the solvency of third-party critical software and solution providers; the losses associated with disruption to business-critical systems, whether there are alternatives to business-critical systems and the ease of transition to these alternatives; and whether there is sufficient protection over the intellectual property rights to access and use the source code for business-critical applications.
To determine the level of risk, manufacturing companies should implement a robust risk assessment model taking these factors into account. This model can then determine the plans and steps needed to deal with the failure of a third-party software provider.
Ultimately, in today’s increasingly complex and changing landscape, it is crucial for manufacturing organisations to consider and implement these four steps to ensure supply chain resilience when onboarding new technology and software. By increasing resilience in line with rapid transformation and digitisation in the sector, organisations can mitigate risks and ensure business continuity in the case of disruption.
- The author, Simon Fieldhouse, is global managing director – software resilience at NCC Group.
Back to Homepage
Back to Technology & Innovation