Parallax View : New Lines of Insight

By Bill McBeath

To Trust or Not To Trust:
What To Share with Trading Partners?

I recently asked a question to a senior supply chain executive:

“ When should you trust your trading partners and when should you withhold information from them?”

His answer:

“Never and Never.”

His answer was only partly tongue-in-cheek. It highlights a dilemma we all face. When important information is withheld, it leads to enormous inefficiencies or even disasters in the supply chain. Trust is needed to streamline decision making and interactions in the supply chain. But, in spite of what “Kumbaya Collaborationists” preach, there are very real and serious risks with sharing information, as shown in table 1 below. Not everyone is trustworthy.

Before the virtualization of the enterprise and globalization of the supply chain, it was not so hard. The boundaries of your “domain of trust” aligned pretty clearly with the boundaries of the old vertically integrated enterprise. Just keep all that confidential information safe inside your company and you were OK.

Figure 1 - Expanding Domain of Trust
click on image for larger view

No longer. The “domain of trust” now extends deep into the supply chain. We are so interconnected. Everything is networked. More to the point, we’ve outsourced so much that you MUST share confidential information with your trading partners. If someone else is designing major components of your product, someone else doing your manufacturing, someone else servicing your products at your customer’s sites, and someone else is running your call centers, then by default you’re sharing confidential customer information, product designs and IP, production information, etc. And all the competitive pressures to reduce cycle times, inventory levels, improve service, and innovate products faster are pushing companies to integrate more tightly and share more information, not less. No longer can you afford the sloppiness inherent in keeping your trading partners in the dark.

Type of Information	Rewards from Sharing Information	Risks from Sharing Information
Product Designs and Roadmaps	Increased Innovation—Pace of innovation is increased when trading partners collaborate on designs and roadmaps Parallel Development—Aerospace, automotive, and high tech depend heavily on parallel development between OEM, Tier 1, and Tier 2 suppliers. Automotive OEM shares physical envelope and attachment points with Tier 1 suppliers. High Tech OEMs give designs to contract manufacturer. Component suppliers share product roadmaps.	Stolen IP—Example: Huawei Technologies Co., a well-known network equipment company in China was sued by Cisco Systems last year for copying Cisco's software and source code (right down to the bugs). U.S. losses to piracy in China alone are nearly $2 billion and over $10 billion worldwide.
Run rate, Backlog, Inventory Positions	Lower Inventory + Higher Service Levels—When inventory levels and consumption are understood, there is better matching of supply and demand.	Lower Allocations—During constrained supply, customers often overstate run-rate and backlog, and may understate their inventory to get a larger share of the constrained component. Loss of Negotiating Power—A supplier who is hedging production starts on the upside may not want to disclose that to their buyer, because they will get beaten down on the price.
Prospects and Customer Info	Solution Partnerships — When done right, joint selling of a more complete offering (total solution) can be very fruitful for both sellers.	Back-selling—A partnership is ruined because your partner goes behind your back and sells without you to a customer that you introduced them to.
New Product Introductions, Promotions, and POS data	Lower Inventory + Fewer Stockouts—Wal-Mart shares POS data which enables suppliers to more quickly respond to changing demand. When promotions and NPIs are discussed well in advance and changes kept up-to-date, both sides can plan much better.	Competitive Disadvantage—If it gets in the wrong hands, competitors find out what you’re selling, what you’re promoting, and what new products your introducing, and use that to compete more effectively against you.
Quality and failure data	More Reliable Designs—When comprehensive failure data is provided, suppliers can improve the reliability of components. Reduced Inspections— Suppliers’ outbound inspection data can replace buyers’ inbound inspection.	Exploitation of Quality Flaws—Competitors can use your quality problems to sell against you.
Pricing information	Better Demand Prediction	Anti-Trust—In some cases, it is against the law to share pricing information.
Forecasts	Production Planning—Good forecasts are essential to plan production to meet demand.	Insider Trading—If someone at the supplier uses the customer’s forecast to decide when to buy/sell the customer’s stock, it can lead to insider trading investigations. This risk also goes the other direction when the customer has insider information about the supplier’s future performance.

Table 1 - Risks and Rewards of Sharing Information with Partners

Building Strategic Relationships

A clear distinction should be made between strategic partnerships and more tactical commodity vendor-buyer relationships. Building strategic relationships takes time and diligence and can only be done with a small, rationalized set of suppliers. Done right, suppliers become an extension of the enterprise. This requires methodically laying out an agreement on what will be shared, the benefits, as well as the consequences of breach—building an understanding of the mutual self-interest and interdependence of the relationship. Because traditional relationships are adversarial, it takes a lot of time to change mindsets.

Many companies use the quarterly business review, generally under strict non-disclosure agreements, as the primary forum for sharing confidential strategies. These planning sessions at a senior-executive-to-senior-executive level review things like the changes to market assumptions, scenarios, product roadmaps and transitions (strategy, timing, risks), and supplier performance (goals, actuals, and improvement plans). There are occasional instances where a trading partner abuses this position of trust, but the end result is usually bad for the abuser. For example, a CPG company planned a major promotion with one of its retailers. A week before the planned promotion, the manufacturer did a promotion on the same exact product at a lower price at one of the retailer’s competitors. As a result of that breach of trust, the supplier lost business and took years to rebuild its standing with that major retailer. In another instance a supplier of a component under severe allocation leaked information to one of its customers about a second customer’s volumes and mix, in an effort to demand higher prices. The second customer eventually found out and fired the supplier.

Confidential dialogs can be even more challenging when the supplier or customer is also your competitor. Even with a non-disclosure agreement, the sharing of product strategies, roadmaps and other confidential data is uncomfortable, though it is done every day. Many of the large diversified conglomerates that are likely to be both competitors and trading partners are in the Far East where IP rights are not as strongly upheld. Another twist: as more and more manufacturing is outsourced to China and elsewhere, it raises the issue of sharing product and manufacturing knowledge with companies that could potentially become competitors of yours. Giant bicycle, founded in 1972 as a contract manufacturer for Schwinn and others, used the knowledge it learned from its customers about manufacturing and designing bicycles to build its own brand. Giant is now the largest bicycle manufacturer in the world and 70% of its revenue is from its own brand. A number of electronic contract manufacturers and ODMs are following this same path.

Reducing Information Sharing Risks

ChainLink’s 3Pe™ methodology provides a useful framework to show how companies can get value from sharing relevant and useful information, while decreasing the risks of abuse.

Policy

Segmentation—The basic foundation for protecting confidential data is the classic technique used by the military to protect secrets; classifying data according to its confidentiality and giving access only on a “need to know” basis. For example, a supplier designing a component that fits in your product usually only needs to know the physical envelope (attachment points and constraints) and electrical interface characteristics for their component, rather than receiving your entire design.
Actionable Information—A promising approach is to scrub data into actionable information. Structured contracts, described in last month’s issue, are a good example. Instead of sharing range forecasts, companies express future demand via structured contract terms like minimum firm commitments, lead times guarantees with different pricing for different lead times, capacity guarantees for upside flex at a higher price, etc.
Escrow Account— At least one company had success with another creative approach; establishing an escrow account that is used if either party violates the agreement. The money is then reinvested in the relationship to fix the cause of the problem, e.g. joint team education, fixing flawed processes, or new technology. This dramatically improved the level of trust in that relationship.

Process

It is critical that the policies are backed up by processes and controls to prevent, detect, and correct accidental or deliberate misuse of confidential information, such as:

Physical Security—Controlled access to offices, receptionist diligence on who is allowed in the building, badges, questioning unknown people in sensitive areas, not leaving confidential documents out in the open, etc.
Separation/Rotation of Duties—E.g. having a different person control physical inventory than the one controlling information about that inventory.
Training and Testing—Training employees on the procedures and importance of protecting confidential information (yours and other’s under NDA). Testing awareness and taking corrective steps.
Logs—Keeping accurate, tamper-proof records of who accessed what areas/ information and when.
Audits—Auditing your firm and trading partners to ensure safeguards and proper training. Some companies have computer-assisted “continuous auditing” of compliance.

Particularly sensitive data may require structural organizational safeguards as well. For example, some engineering organizations establish a “clean room” approach that separates the people receiving the highly sensitive design information and restricts their interactions and communications with the rest of their engineering organization to prevent the partner’s design information from leaking into their own proprietary designs.

Performance

Policy and process decisions must weigh tradeoffs based on business performance impact:

Business value of sharing information
Cost of implementing proposed controls
Consequences of compromising the information

Enablers/Technology

There are useful technologies available for implementing these practices. Role-based access controls (RBAC) enable implementation of segmentation—giving access only to specific people only for the specific chunks of information they need. Digital Rights Management systems can protect individual documents even after they are sent outside your company, limiting access only to specific people and certain actions (e.g. no printing, no cut and paste, no forwarding, etc.). Private and industry networks have implemented technologies to protect confidential data between trading partners; for example, the ANS network enables automotive OEMs and their suppliers to securely exchange digitally signed and encrypted confidential design files and business transactions.

Executive-level Advocates

To realize the optimum “return on sharing”, there should be advocates for both the sharing and protection of data. Some companies have elevated data protection to a C-level job—the CISO (Chief Information Security Officer). Senior supply chain executives must also advocate the benefits of sharing of information. These decisions should rationally weigh the tradeoffs. The supply chain that maximizes sharing of the right information works like one integrated enterprise, realizing significant competitive advantages over a supply chain whose participants withhold valuable information from each other. Smart sharing wins.