CLM ReadyCLM-ReadyCLM Preperation2024SolutionsFuture-ProofingAgiloft Summer ReleaseRelease 25Agiloft AILegal TechCLM SuccessFuture PlanningCLM ValueCLM GuideCLM PitfallsEducationFuture PlansWhat is CLMIntroductionEducationalNZ AvocadoWACNZ2023AvocadosAgiloft partnerBrandingAwardsRic LaughlinGlobee AwardsEnterprise AI2022Tech predictionsSupportShut downClosureChristmasHolidaysPlatformMarketScapeMicrosoft TeamsMicrosoftSalesforceWinter releaseSupply managerSuppliersData sharingCurrenciesGlobal ecommerceEcommerceWomen entrepreuneursFemale-led startupsFemale business ownersTarget marketPlanningDesignStrategyWebsiteStrengthsWeaknessesDataSafetySecuritySupply chain managementSupplyVaccineIT company10 yearsSaaSamHumansAutomationAutomaticManualTop threeEnterpriseProcurementCritical CapabilitiesContractAssessmentEvaluationFlintWebsite developmentSearch engine optimisationSEORocketsparkAugmented realityARErin LaughlinLeaderVendorsContract templatesChange managementImplementationCLMSearchNavigationAdobe SignAI CoreBIG Innovation AwardsNo-codeDigitalOnline shopping2021CybercrimeCybersecurityTechnologyPredictionsContract lifecycle managementAndy WishartContractsMetadataClauseRiskLegalWorking from homeWomen in businessCorporate rolesWomenIntegrationUser interfaceColin EarlAIBusiness systemCost fallacyCapitalInvestmentEric LaughlinProduct roadmapAgiloft SummitDigital JournalWorkflow automationSalesOnlineBusinessesConsumersShoppingRetailShopifyCovidCovid-19E-commerceComplianceGDPRInfrastructure LibraryMagic QuadrantGartnerSaaSContract lifecycleSingle-situation custom development projectsLarge-scale integrated implementationsExecutive managementProject managementBusiness analysisProgrsmmingInfluence in pacific regionHeather McEwenChannel expertiseWomen of Channel awardCRNTemplatesService deskBetter contact managementEfficient contract managementNew contract managementUnsustainable modelLoss of key personnelSpike in salesSpike in ordersThe critical point in an evolving situationMinor development precipitates a crisisContract lifestyleContract repositoryContract managementEnvironmentally sustainable officeRecyclable coffee podsElectronics recyclingDigital business cardsEnvironmental footprintEnvironmental sustainabilityAgiloftConfigerable no-code platformStreamlined operationsAI risk scoringNatural language processingAutomated contract creationCLM systemsAI contract generationAlexaAutomate pricing negotiationsAI contract negotiationVoice activated technologyAI machine learningAI technologyRobotic processesMachine learningArtificial intelligencePlatinum Agiloft partnerMandalay Bay HotelLas Vegas2019 Agiloft SummitPets in the officeOpen work environmentWork from homeFlexible work policyWork to liveEmployee firstBringing pet to workIncreased productivityPositive work environmentPets in workplaceDogPetsHealthy workplace

The challenges, rewards and tensions of sharing data with suppliers

Originally published on

Supply managers face a daunting challenge when it comes to data. Sharing data with suppliers can improve efficiency, flexibility, quality, and new product development. But there are risks to intellectual property, corporate, and personal information, as well as regulatory and legal concerns, and attacks that could severely impair the organisation. 

Given the benefits, supply managers face pressure to share increasingly sensitive data but face challenges in securing systems and preventing breaches.

The new CAPS Research report Digital Connectivity and Data Protection in Supply Management examines risks, challenges, and best practices for sharing and protecting data.

Today, buyers and suppliers are more connected than ever. Organisations benefit from sharing data with suppliers to improve efficiency, flexibility, quality, and new product development. But those connections carry risks as well.

Though high-profile breaches of personally identifiable information (PII) have been made public, there have been relatively few reports of operational data breaches. This could mean protection plans are effective or it could indicate that companies aren’t aware they have been breached or are reluctant to go public unless legally required.

Organisations face an array of risks in managing relationships with suppliers and multiple tiers of suppliers. The growing use of connected devices, outsourced suppliers, and international supply chains elevate the challenge.

Factors that complicate data sharing

Attackers often look for weak links among smaller companies without sophisticated technology or security partners. That means your supply chain partners are on the front lines of protecting your organization's data. Here are a challenges companies encounter when sharing data:

  • Technological differences: Not all parties use the latest protection standards, technology, and policies.
  • Procedural differences: If they exist at all, policies and procedures can lead to confusion and gaps in protecting data.
  • Employee training: Suppliers may not have adequate employee training in managing and handling confidential information, reporting breaches and incidents, and overall cybersecurity threats and intrusion strategies that lead to vulnerabilities.
  • Monitoring: It's difficult to track data use and distribution at supplier locations, especially if that information is further dispersed into the sub-tiers of the supply base. Assessing supplier policies, procedures, and governance is critical, as well as, ensuring supplier management practices validate data protection & governance procedures are adequate.
  • Communications: While under investigation, information about attacks and breaches may be delayed or, in case of a loss, heavily filtered.
  • Legal liability: Establishing and enforcing liability is difficult, even when covered in contracts. It's even tougher with international relationships.

Tensions in security

Organisations face tradeoffs in managing security and business requirements.

  • Protection vs. Speed: Assessing and validating data protection requirements slow supplier selection, qualification, and onboarding.
  • Protection vs. Cost: Requirements may eliminate low-cost provider options.
  • Protection vs. Agility: Supplier base could be limited to only sophisticated suppliers that can meet requirements.

There's an overlap between internal data security and external security in relationships with suppliers. Both aspects are built on technology, people, and processes. As part of the supplier due diligence and evaluation process, organisations should examine suppliers’ capabilities in managing the risks inherent in sharing data.

Although it may not be possible to eliminate performance tradeoffs, understanding the gaps and looking for alignment between the organisations in the risk areas will help guide the process. The tensions mentioned will be a part of that process, as business priorities compete with security considerations.

After considering risks and relationships, it's helpful to look at best-in-class organisations that are effectively addressing these issues.


This product has been added to your cart