On December 13, the Department of Defense (DoD) issued an update to the governing procedures for supply chain management. 

“DoD Supply Chain Materiel Management Procedures: Operational Requirements,” gives solid direction for Supply Chain Risk Management (SCRM). 

Too often risk management is overshadowed by cyber threats; the DoD didn’t do that. 

Instead, DoD defines Supply Chain Risk Management (SCRM) as “strategies to identify, assess, and mitigate potential supply chain risks.” 

In other words, risk isn’t just about cyber.  DoD illustrates the landscape of risks by citing vectors like terrorism, cyber threats, [physical] attacks, insufficient quality, unreliable suppliers, imbedded threats, access points, machine break-down, uncertain demand, obsolescence, vulnerability from interruptions and interdiction of supplies, including fuel and electric power, flooding, labor strikes, natural disasters, or large variability in demand.

Put your tax dollars to work.  Adapt and adopt the blueprint the government published and make it your own.  Then get to work.