EMC2 didn't have to do a "hard sell" to convince management of the need for a concerted effort to improve the company's risk-management program. Its top executive came aboard shortly after the Thailand floods and Japan tsunami, Mills says. "He saw a solution in the market to collect more information, with the ability to react more quickly."

Previously, the company had a program based on self-assessments, with onsite audits. But it lacked visibility of suppliers beyond Tier 1 vendors. The key, says Mills, lay in supplier mapping. EMC2 wanted to ability to map its parts to supplier sites, then assess the impact of a given event. In the process, it could create risk profiles and understand where its weaknesses were. “It helps the whole system to become more resilient,” he says.

Mills doesn’t have a large team of people dedicated to supply-chain risk. He has had to rely on business partners to undertake corrective actions and enable risk mitigation throughout the network. “One of the things we had to do,” he says, “was educate our business partners on the value of the tool, and the types of risk data they were going to see so that they could take action on it.”

With buy-in from top leadership, EMC2 became an early adopter of the technology. Much of the effort centered on educating the company’s commodity managers, who oversaw supplier relationships. There was some initial reluctance among suppliers to embrace the tool, Mills says, “but once they got over it, it came in fairly easily.”

EMC2 is three years down the road of implementation, having undertaken initial risk data collection and cleansing. “Now we’re trying to figure out the different ways that we can use that data to target action in our supply chain,” says Mills. “There’s a lot more that we can do with regard to supplier capability building, driving training into suppliers, continuity and supply risk management best practices.”

To view the video in its entirety, click here