March 2019

Creating Trust in Global Supply Chains Through Transparent Self-Declared Policies

Author: Jon Shamah, EEMA


The world of commerce relies upon efficient and effective supply chains. When these break down the speed at which the wheels of industry begin to slow can be dramatic. Strengthening these fundamental but often fragile ecosystems is a constant challenge given the changing geopolitical landscape, regulatory changes and the ever-present and evolving threat of attack. In recent years we have seen many incidents where high-value supply chains have been crippled by a single weak link that has been exploited.

With parties within the supply chains often geographically distant and the chains themselves becoming increasingly extended, the task of managing them cannot be underestimated. Some are tightly controlled in-house through the use of systems such as SAP, whilst others are less rigorous relying on email.

Whatever the preferred management model, it is a prerequisite that counterparties have matching policies and procedures that can be trusted in order to interact and transact. For example, knowing who the

authorised delegations are? What are the authentication policies? Who has authority to place, accept and pay for orders up to a certain value? These represent some of the biggest attack vectors for organised and opportunist cybercrime but are also a major cause of fraud. All of which has a significant impact on the performance, productivity and profitability of the entire supply chain.

LIGHTest provides a way for each party within the chain to make swift and informed decisions as to whether to place trust in another. It solves this perennial supply chain problem by creating transparency though the publication of self-declared policies. Crucially, this is not about verifying the authenticity of the policy itself, but providing a publicly stated self- declaration upon which a contract can be based. This in turn gives an important layer of protection that has not previously existed. It is very much akin to self-declaration on insurance policy applications.

Put simply, declared policies (created and published via the LIGHTest Trust Scheme Publisher) of the parties in question can be automatically verified (using the LIGHTest Automatic Trust Verifier). If compatible the ‘green light’ to proceed is given, if not policy differences are flagged so that a further course of action can be taken. The LIGHTest trust infrastructure makes it simple for organisations to adopt this process, through the development of a comprehensive toolkit of open- source components, which can be incorporated into existing systems, or built to run as a standalone model, making it suitable for enterprises of all sizes that form part of the modern global supply chain.