Around the world, new regulations about the collection and usage of personal data are changing workflows for major organizations. Following the passage of legislation like General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA), businesses are auditing privacy practices and creating much stricter guidelines when they select partners and vendors.
With tighter regulations about the way consumer data is collected and used, organizations have to increase scrutiny for every party that has access to personal data. The entire system is only as secure as the weakest part, so it’s more important than ever to vet external parties and maintain visibility into their data practices. Here are eight vital steps organizations can take to ensure that vendors aren’t jeopardizing data privacy compliance.
Step 1: Audit Your Existing Data Privacy System
Before you do anything else, examine what’s currently in place to understand the changes that need to be made to maintain compliance with new regulations. You want to avoid reinventing the wheel and make adjustments without slowing down the business or adding risks.
After that self-examination, conduct the same check on your network of vendors. It’s imperative that you have a 360-degree understanding of vendors’ business practices and overall reliability before entering or continuing business relationships.
The concept of sustainable sourcing, also known as green purchasing or social sourcing, is nothing new. Sustainable sourcing is impacting nearly every area of corporate business and the consumer’s mindset. Everything from sourcing materials, talent attraction and consumer purchasing habits are changing because of the growth of sustainable sourcing. However, the term gets thrown around in the procurement industry quite a lot and is often misunderstood or misused. So, here’s a guide with all the basics you need to know about sustainable sourcing.
WHAT IS SUSTAINABLE SOURCING
First and foremost, we have to define the term. Sustainable sourcing is the integration of social, ethical and environmental performance factors into the process of selecting suppliers. It includes purchasing sustainably preferable products and services (products made from recycled or remanufactured materials), as well as green purchasing guidelines that might pertain to certain products or commodities.
I should know – I lived through a very painful and protracted software audit at my current company, Russell Investments, an audit that lasted over eight months from start to end. While the software provider (who I will not name) was completely within their contractual rights, I learned a lot from the experience and would like to share that experience with you – so you can learn from what we did right, and what we did wrong. For the purposes of this blog and my presentation at SIG’s Western Regional SIGnature Event, I will call this software provider “Skynet,” but rest assured the real name of the company is one you would easily recognize.
Software audits never happen at a convenient time. Our situation started in late November 2018, near the end of our fiscal year. Our various business groups were scrambling to get their purchase orders approved and issued by year-end. Any remaining budget dollars were being used to get a head start on the next fiscal year.
Skynet sent a letter to our CFO saying that we had been “selected” to receive a software license review. The word “audit” was never used in the letter. Audits are highly profitable for software companies – companies can operate within their contractual rights, as audits have a high ROI. Why? Because most clients do not have a firm grasp on the number of software licenses purchased or deployed (either on-prem or in the cloud).
In highly regulated industries, there are seemingly endless regulatory and compliance requirements and activities, and they often are inseparable from the underlying risk management activities themselves, including those for third parties.
Since the 2008 financial crisis, the U.S. has arguably become the most complex and costly jurisdiction for regulatory compliance. An article published by World Economic Forum on enterprise risk management points out that banks are “less experienced with non-traditional threats such as cyber risk, strategic risk, operational risk, regulatory risk and legal risk. Making matters trickier, these risks aren’t easily quantified.” The authors also note that “the growth in such risks is virtually unprecedented in the history of banking. This puts a premium on firms’ abilities to make connections and to recognize the complex whole is far greater than the sum of its parts.”
The financial services sector leads the pack in terms of the amount of regulation it is subject to, including the compliance challenges, regulations and laws in near and far-flung jurisdictions, as well as the cost and complexity of compliance, risk management and governance practices. This sector is not alone is the endless struggle to balance costs and compliance. Healthcare, oil and gas, and the tech sector are also struggling with the cost and complexity to managing sector-specific risks and compliance.
Contracting is one of the most important parts of the sourcing process – this is one of the final steps in the process before (or in parallel with) implementation and it documents all terms and conditions agreed to by both parties throughout the sourcing engagement. While it is one of the most important steps in a sourcing engagement, it can also be one of the most painful with numerous rounds of revisions and reviewing legalese that can extend out a project timeline substantially at times. As a Sourcing professional, I’ve reviewed my share of contracts ranging from one page agreements to lengthy contracts with multiple attachments and exhibits. Each contracting experience is different, some have gone smoothly and are wrapped up in a few days’ time, while others took months to come to agreement on the final language. I will highlight a few recent experiences with contracting and some of the lessons learned that can be applied to others in similar situations.
Don’t skip the contract just because of a low spend figure.
On a recent project, my team was brought in to negotiate with a local hardware store that was used regularly for as needed supplies at a local manufacturing plant. Upon further investigation, we learned that the client had already negotiated a discount structure with this supplier earlier in the year, but there was no formal documentation because the annual spend with the supplier was below the threshold when contracts are required.
In my last blog, I spoke about ethical sourcing and the many benefits it can have for your company. Seems like a no-brainer, right? When attempting to put in a plan to obliterate unethical practices in your supply chain, it starts to be risky business. The best way to mitigate risk is to set up a solid plan and be diligent about following through with it.
In my research to find a clear plan to mitigate unethical practices, I found a slew of proposed methods. Unfortunately, I felt that many of them seemed too simple—basically, too easy and too good to be true. I finally came across a solid and thorough plan proposed by Declan Kearney, the founder of 360° Supplier View, who shares tips with companies to ensure ethical sourcing practices in their supply chain.
Do Your Research
Make sure you do your research on your suppliers…and their suppliers. With myriad complex regulations now put in place, go out and learn from case studies and the resources that will act as a survival guide as you attempt to research your vendors and suppliers.
Stay Away from the Fat Cat
Assess whether the higher-ups in your supplier organization are well known or politically aligned. These individuals are more susceptible to bribery or corruption.
Hailey Corr, Junior Editor and Marketing Associate, Outsource and SIG
For those who work in any area of the supply chain, diversity is a word that comes up often. Supplier diversity or diversity in contracting are programs that can be either mandatory (i.e., requirement to fulfill state or federal contracts) or voluntary (i.e., procurement/social responsibility strategy).
Whether your organization chooses diverse suppliers for advocacy and social responsibility reasons, to comply with state or federal regulations, or to simply meet your stated requirements and work scope, the benefits of supplier diversity can have lasting impacts on your community and your organization.
Starting a Supplier Diversity Program (SD Program) in your organization requires input and collaboration from various stakeholders at all levels. The SIG Resource Center has a wealth of information to help you begin the process to implement an SD Program, including how to make the business case to internal stakeholders, best practices and benchmarking studies from your peers.
Mary Zampino, Senior Director of Global Sourcing Intelligence
With kids back in school, many parents like me are reflecting on what has become an annual ritual of buying necessary school supplies and of course an equivalent amount of not-so-necessary 'things' to decorate or accessorize school lockers, shelves, backpacks, clothing, etc. So while the leading retailers like Staples...Office Depot...Walmart...Target and other cash in on this period with attractive deals, our friendly neighborhood 'fiVeBELoW' comes in very handy for all those non essentials. Don't get me wrong, sometimes compulsive bargain hunters (once a buyer always – a buyer) like me can also find deals for the back-to-school essentials and a number of other things at 'fiVeBELoW.' I often wonder if there exists a similar pattern in enterprise spending...meaning, does a similar phenomenon (the anything and everything at places like fiVeBELoW – for cheap or let us call it really low dollar spend buys) exist in enterprise buying, especially when we are talking about indirect spend. Throughout my Procurement career, I have come across companies with annual indirect spend ranging between a couple of million dollars up to and in excess of 15-20 billion (though they are very few). Spend items/services...what in old days used to be called 'petty' cash kind of spending...exist everywhere (the $$ amount may vary from a few thousand to a double digit millions), essentially exhibiting with one or more of the features as below.
Rajiv Gupta, Head of Procurement Services, Americas, Infosys
Mergers and acquisitions (M&A) trends are growing on a global scale, and the benefits are many. M&A create cost efficiencies through economies of scale and also lead to tax gains. They often increase revenues and can reduce cost of capital. And while the benefits of M&A are significant to businesses, there is often an overlooked factor that can potentially collapse the upsides to these benefits. As M&A continue to trend upward, so does the contingent worker population. According to the Bureau of Labor Statistics (BLS) the total number of flexible workers exceeded 2.6 million in late 2013 with projected growth to continue full steam in the coming years. Contingent labor growth is a direct result of the changing overall workforce landscape, and companies are making considerable investments in their contingent workforces to reduce costs and remain nimble. To that extent it's important to recognize that during a merger between companies, independent contractor (IC) liability is often times overlooked. This "hidden exposure" can be devastating to any company as state and federal agencies are increasing their efforts to uncover unknown ICs and penalize the companies responsible for misclassifying these workers. Individual states are also establishing harsh consequences as IC misclassification continues to be a growing problem, and ICs themselves are becoming empowered with information on how to secure their rights as an independent business. Ultimately the acquiring company inherits the ICs as well as the risk associated with those IC engagements. Because the level of IC validation (if any) with the selling company is unknown, it's critical to include discovery of the IC population as a part of the overall M&A due diligence process.
Dan Evanoff, Director of Compliance, Synergy Services