Welcome to the Action Methodology
“Competing successfully in any industry involves some level of risk,” says Harvard Business School Professor Robert Simons, who teaches the online course Strategy Execution. “But high-performing businesses with high-pressure cultures are especially vulnerable. As a manager, you need to know how and why these risks arise and how to avoid them.”
The multidimensional demands of supply chain management place unique demands on businesses today.
How do I reduce "Business Risk" associated with supply chains.
Why is it so difficult to securely share information so we can expand our supply chain?
How can our business comply with different and changing regulatory environments in different countries?
There are many different types of connected risk that need to be considered such as: Strategic Risk, Operational Risk, Financial Risk, Compliance Risk, and Cyber Risk.
The following is a list of information sharing challenges. We will address these issues as part of an information sharing discussion.
Key information sharing difficulties in implementing a supply chain:
What new regulatory and compliance issues will impact my business?
Data silos: Information is often isolated within departments or organizations, making it inaccessible to others who need it, which leads to inefficiencies and poor decision-making.
Technology integration challenges: Different systems and platforms used by supply chain partners can be incompatible, complicating real-time data sharing and integration.
Lack of data standardization: Data comes in various formats and qualities, making it hard to assimilate and analyze across the supply chain.
Limited supplier communication: Breakdowns in communication between multiple suppliers can disrupt the flow of information, causing delays and errors.
Organizational culture and resistance: Some organizations resist sharing data due to fears of exposing vulnerabilities or losing competitive advantage.
Data privacy and security concerns: Companies may hesitate to share information due to worries about data breaches, misuse, or regulatory compliance.
Availability and access to data: Even when data exists, it may not be accessible to all relevant stakeholders, limiting supply chain visibility and responsiveness.
The implementation of an SPDX supply chain based on the AM helps mitigate many types of risk.
A review of key issues and related challenges.
These issues can be grouped into 3 categories:
Data capture
Data sharing
Security and Privacy
A simplified approach to creating and sharing information will be presented.
Technical compatibility with existing solutions will be discussed.
An overview of AM and SPDX.
Potential technical architecture will be discussed.
Security and privacy needs will be reviewed.
Compliance and risk.
Length: 1 Day Course
Audience: C-Level executives both technical and non technical
Presentation Method: Online or On Client Premises
Recommended number of attendees: 4-10 Participants
Fee per online class: $10,000USD
Onsite travel, accommodation and expenses are extra
Day 1 of this 2 day course focuses on a detailed review of SPDX architecture, design and use. Day 2 outlines how the AM is used to implement a hardware supply chain while moving SPDX from a static data exchange platform to a dynamic data exchange platform.
Day 1:
Review of SPDX Profiles.
Review SPDX Core elements
Review defined relationships
Day 2:
Provide a detailed review of the Hardware profile.
Review the components of the supply chain element.
Decomposition of components: requirements, processes and actions.
Show by example how a supply chain is modeled in SPDX.
Review the tools and their use related to creating a HBOM and supply chains.
Length: Determined by Requirements
Audience: Starter Course for technical teams
Presentation Method: TBD
Recommended number of attendees: TBD
Fee per online class: TBD
Onsite travel, accommodation and expenses are extra
Supply chain traceability is a simple idea based on the question: What, where and how was a product or service acquired by a company. We need to validate and verify the chain of of custody from origin to end-of-life.
Traceability provides the visibility and data needed to swiftly detect, investigate, and resolve production defects, protecting both product quality, brand reputation and regulatory compliance.
Supply chains and social accountability are closely linked, as companies are increasingly expected to ensure ethical, fair, and responsible practices not only within their own operations but throughout their entire supply chain. This includes Fair Labor Practices, Environmental Stewardship, Stakeholder Engagement,
Fair Labor Practices: Ensuring suppliers pay fair wages, avoid child or forced labor, and provide safe working environments. Transparency and Reporting and Compliance and Certification.
Cyber Resilience Act (CRA)
The EU Cyber Resilience Act (CRA) mandates stringent software supply chain traceability requirements to enhance software security and compliance. The CRA focuses on software but its impact is far reaching because software runs on hardware used in many complex products found in manufacturing, automotive, aerospace, medical and industry.
The CRA includes a list of supply chain requirements that impact most organizations requiring them to attest and assure compliance. This requires a new level of data sharing between buyers, sellers, regulators and governments. Under the CRA, businesses are required to do the following: Third-Party Supplier Vetting, Continuous Software Monitoring, Provide Chain of Custody Assurance, Ensure Regulatory Alignment and Enforce Risk Mitigation to mitigate risk with the supply chain.
By enforcing end-to-end visibility, the CRA strengthens cybersecurity resilience while addressing sustainability and ethical concerns in global supply chains
Compliance with global standards such as Cyber Resilience Act (CRA) in the EU, new Homeland Security Regulations for traceability of product origins to ensure compliance and other regulatory requirements. A few the broader compliance regulations include GDPR, CRA, CCPA, and ITAR.
This course will touch on some of the regulatory standards and issues but will instead focus on the a method for securely chaining information data sets and documents to ensure traceability of a product from origin to end-of-life.
Day 1:
Defining Traceability:
What is the traceability?
What is traceable?
What is the meaning of end-of-life?
What is a product life cycle?
When is a product at end-of-life?
What happens when a product is at end-of-life
Traceability and Regulatory Compliance
Compliance vs Business needs, are they compatible issues?
Day 2:
What is secure data sharing?
What is required to perform secure data sharing?
What are the existing technology challenges related to secure data sharing?
Length: 2 Day Course
Audience: Technical and non technical staff
Prerequisites: SPDX and the Action Methodology
Presentation Method: Online or On Client Premises
Recommended number of attendees: 4-10 Participants
Fee per online class: $20,000USD
Onsite travel, accommodation and expenses are extra
A shared supply chain refers to a supply chain model where multiple organizations collaborate by sharing resources, information, and processes to improve efficiency, reduce costs, and increase transparency across the chain.
A shared supply chain model requires a common ontology for understanding requirements, processes, actions and data. A policy driven data centric security architecture is needed to manage sender and receiver targets. Attestation, verification and validation is needed to ensure Quality of Service (QoS).
At the heart of a supply chain is a actions vs data. Data alone lacks meaning. Actions defines data purpose. In the "Internal Supply Chain" course, the modeling of actions is granular where specific needs of senders and receivers are defined for targeted information delivery.
A common ontology defines the use of requirements, processes and actions. Actions define data needs. Data is used to populate templates. Templates are shared within a secure architecture with attestation, verification and validation.
Day 1: Using Templates
A review of supply chain creation based on SPDX action methodology model.
Using a template
Template verification
Day 2: Building Templates
Creating templates
Sharing of templates
Length: 2 Day Course
Audience: Technical and non technical staff
Prerequisites: SPDX and the Action Methodology, Implementing Internal Supply Chains
Presentation Method: Online or On Client Premises
Recommended number of attendees: 4-10 Participants
Fee per online class: $20,000USD
Onsite travel, accommodation and expenses are extra