The traditional industrial supply chain model is becoming increasingly digitised as many companies move towards the use of smart processes and automation. We are seeing a rise in the use of connected (IoT) devices, turning once traditional industrial manufacturing hubs into data-driven smart factories.
IoT refers to the ever-growing network of physical objects/devices (“things”) that have the ability to connect to the internet and to each other. These connected objects and devices collect and share vast amounts of data about the way they are being used and operated, their condition and also about the physical environment that they are in. Combined with sophisticated analytics tools, such data can be harnessed and used to drive forward change and efficiencies.
Whilst the benefits often far outweigh the negatives, the use of IoT devices as part of supply chain processes does bring with it a host of risks, both commercial and legal. Here we visit five key risk areas for businesses to consider when introducing IoT solutions into their supply chains and how to mitigate or manage them.
1. Implementation and inflexible contracts
It is not unusual for technology projects to overrun. We have advised on many large-scale implementation projects that have run into difficulties even though the technology being implemented is well established or a COTS (commercial off-the-shelf) solution. In the context of newer and emerging technologies such as IoT, it is not difficult to imagine that complexities could lead to significant project overrun. Accordingly it is critical to ensure that underlying contracts associated with the roll out of IoT solutions adequately deal with delay and over run costs. However, just as important is ensuring that contracts allow for enough flexibility so that changes can be made to development processes/methodologies (e.g. a move from waterfall development to agile/rapid application development) - although the contractual controls and governance for this needs to be clear.
2. Managing Collaboration
One of the challenges in introducing IoT within a supply chain is that there are a significant number of parties involved in the supply chain process. For connectivity to work, thought needs to be given as to how the relevant technology will be rolled out and managed on an end-to-end basis. Collaboration will, in many cases, be essential for success. However, as part of any collaboration, thought needs to be given as to how the collaboration will be governed – should there be minimum standards for each of the supply chain members to meet in terms of (i) processes and technologies adopted; (ii) the skill of staff deployed (do they need upskilling to be able to use the technology, for example); (iii) how IoT technology is used and maintained? How are the arrangements and standards to be formalised? What about the development of the technology itself? If done as a collaboration, thought needs to be given about entering into collaborative development agreements to ensure the successful roll out of the technology.
3. Apportionment of risk
Whilst the need to understand how risk will be apportioned in a supply chain is nothing new, use of IoT devices means that there are new risk areas that need to be considered and understood before decisions are made about how risk will be apportioned. Thought should be given as to who is responsible for what elements when things go wrong. For example, where does responsibility lie if software used in IoT sensors is not updated in one part of the supply chain and this causes devices to fail or data not to be captured, which in turn impacts on another part of the supply chain?
IoT devices generate a huge amount of data – thought needs to be given to how that data is to be managed, how it can be used and how it can be protected. With cross-border supply chains, organisations need to consider the impact of data protection legislation. If software analytics tools are being used to review data and generate outputs, who owns the outputs? The supply chain entity or the software vendor?
With the rise in the use of connected devices and the mass generation of data, thought needs to be given as to how security will be managed through the supply chain. After all, you are only as strong as your weakest link. In our view, uniform standards and processes for ensuring security is maintained ought to be implemented with all supply chain partners. For example, requirements around data encryption, rules on ensuring that all default passwords are changed on devices, that IoT devices (hardware and software) are regularly audited for maintenance and patches.