Supply chain management and vendor risk assessment
Expert-defined terms from the Specialist Certification in Risk Management in the Restaurant Business course at London School of Business and Administration. Free to read, free to share, paired with a globally recognised certification pathway.
Acceptable Risk #
The level of risk that an organization is willing to accept in order to achieve its objectives, in the context of supply chain management and vendor risk assessment. Acceptable risk is determined by the organization's risk tolerance and is often influenced by regulatory requirements, industry standards, and stakeholder expectations.
Accountability #
The state of being accountable for one's actions and decisions, particularly in relation to risk management and compliance in the restaurant business. Accountability is essential for effective risk management, as it ensures that individuals and organizations are responsible for their actions and are held accountable for any failures or breaches.
Advanced Persistent Threat #
A type of cyber threat that is characterized by its persistence and sophistication, often targeting supply chain vulnerabilities in the restaurant industry. Advanced persistent threats are typically carried out by organized groups or nation-states and can have devastating consequences for the targeted organization.
Agile Methodology #
A flexible and iterative approach to project management, often used in supply chain management and vendor risk assessment. Agile methodology emphasizes collaboration, flexibility, and continuous improvement, allowing organizations to respond quickly to changing requirements and emerging risks.
Annual Loss Expectancy #
The estimated monetary loss that an organization can expect to incur in a given year due to risk events, such as supply chain disruptions or vendor failures. Annual loss expectancy is calculated by multiplying the single loss expectancy by the annual rate of occurrence.
Assessment #
The process of evaluating and analyzing risk in order to determine its likelihood and impact, particularly in the context of vendor risk assessment. Assessment is a critical component of risk management, as it enables organizations to identify and mitigate potential risk events.
Asset #
Any tangible or
Audit #
A systematic and independent examination of an organization's processes and controls, often used to evaluate the effectiveness of risk management and compliance programs. Audits can be internal or external and are typically conducted by qualified auditors.
Authentication #
The process of verifying the identity of users or systems, particularly in the context of cyber security and access control. Authentication is a critical component of risk management, as it ensures that only authorized individuals or systems have access to sensitive data or resources.
Authorization #
The process of granting access to resources or data based on a user's identity and role, particularly in the context of cyber security and access control. Authorization is a critical component of risk management, as it ensures that only authorized individuals or systems have access to sensitive data or resources.
Availability #
The degree to which a system or resource is accessible and usable when needed, particularly in the context of supply chain management and vendor risk assessment. Availability is a critical component of risk management, as it ensures that business operations can continue uninterrupted.
Awareness #
The state of being informed about risk and vulnerabilities, particularly in the context of cyber security and physical security. Awareness is a critical component of risk management, as it enables individuals and organizations to identify and mitigate potential risk events.
Backdoor #
A hidden entry point in a system or application that can be used by unauthorized individuals or malware to gain access to sensitive data or resources. Backdoors are often used by hackers and cyber threats to bypass security controls.
Benchmarking #
The process of comparing an organization's performance or practices to those of other organizations or industry standards, particularly in the context of supply chain management and vendor risk assessment. Benchmarking is used to identify areas for improvement and optimize business operations.
Best Practice #
A recommended approach or procedure that is widely accepted as being effective and efficient, particularly in the context of risk management and compliance. Best practices are often developed by industry associations or regulatory bodies and are used to guide organizations in their risk management efforts.
Business Continuity Plan #
A documented plan that outlines the procedures and strategies for maintaining business operations in the event of a disaster or disruption, particularly in the context of supply chain management and vendor risk assessment. Business continuity plans are critical for ensuring the resilience and sustainability of business operations.
Business Impact Analysis #
A process of analyzing the potential impact of a disaster or disruption on an organization's business operations, particularly in the context of supply chain management and vendor risk assessment. Business impact analysis is used to identify critical business processes and dependencies and to develop strategies for mitigating potential risk events.
Certification #
The process of verifying that an organization or individual has met certain standards or requirements, particularly in the context of risk management and compliance. Certification is often used to demonstrate competence or adherence to industry standards or regulatory requirements.
Cloud Computing #
A model of delivering computing resources over the internet, particularly in the context of cyber security and data protection. Cloud computing offers flexibility and scalability but also introduces new risk and vulnerabilities that must be managed.
Compliance #
The state of being in accordance with laws, regulations, or standards, particularly in the context of risk management and governance. Compliance is critical for avoiding penalties and fines and for maintaining a positive reputation.
Confidentiality #
The property of protecting sensitive information from unauthorized access or disclosure, particularly in the context of cyber security and data protection. Confidentiality is a critical component of risk management, as it ensures that sensitive information is only accessed by authorized individuals or systems.
Continuity Plan #
A documented plan that outlines the procedures and strategies for maintaining business operations in the event of a disaster or disruption, particularly in the context of supply chain management and vendor risk assessment. Continuity plans are critical for ensuring the resilience and sustainability of business operations.
Contract #
A legally binding agreement between two or more parties that outlines the terms and conditions of a transaction or relationship, particularly in the context of supply chain management and vendor risk assessment. Contracts are used to establish clear expectations and obligations between parties.
Control #
A measure or procedure that is implemented to mitigate or manage risk, particularly in the context of risk management and compliance. Controls can be administrative, technical, or physical and are used to reduce the likelihood or
Cyber Security #
The practice of protecting information and systems from cyber threats, such as hacking or malware. Cyber security is a critical component of risk management, as it ensures the confidentiality, integrity, and availability of information and systems.
Data Breach #
A security incident in which sensitive information is accessed or disclosed without authorization, particularly in the context of cyber security and data protection. Data breaches can have serious consequences, including financial loss and reputational damage.
Data Loss Prevention #
A set of controls and procedures that are designed to prevent the unauthorized access or disclosure of sensitive information, particularly in the context of cyber security and data protection. Data loss prevention is a critical component of risk management, as it ensures the confidentiality and integrity of information.
Disaster Recovery Plan #
A documented plan that outlines the procedures and strategies for recovering from a disaster or disruption, particularly in the context of supply chain management and vendor risk assessment. Disaster recovery plans are critical for ensuring the resilience and sustainability of business operations.
Due Diligence #
The process of conducting a thorough review and analysis of a potential investment or transaction, particularly in the context of supply chain management and vendor risk assessment. Due diligence is used to identify potential risk and opportunities and to inform business decisions.
Emergency Response Plan #
A documented plan that outlines the procedures and strategies for responding to an emergency or crisis, particularly in the context of supply chain management and vendor risk assessment. Emergency response plans are critical for ensuring the safety and welfare of employees and customers.
Enterprise Risk Management #
A holistic approach to managing risk that considers the entire organization and its stakeholders, particularly in the context of risk management and governance. Enterprise risk management is used to identify, assess, and mitigate risk and to inform business decisions.
Environmental Risk #
A type of risk that is associated with environmental factors, such as climate change or pollution, particularly in the context of supply chain management and vendor risk assessment. Environmental risk can have serious consequences, including financial loss and reputational damage.
External Risk #
A type of risk that is associated with external factors, such as market trends or regulatory changes, particularly in the context of supply chain management and vendor risk assessment. External risk can have serious consequences, including financial loss and reputational damage.
Financial Risk #
A type of risk that is associated with financial factors, such as market volatility or credit risk, particularly in the context of supply chain management and vendor risk assessment. Financial risk can have serious consequences, including financial loss and reputational damage.
Governance #
The system of rules, practices, and processes that are used to direct and control an organization, particularly in the context of risk management and compliance. Governance is critical for ensuring that an organization is managed in a responsible and ethical manner.
Incident Response Plan #
A documented plan that outlines the procedures and strategies for responding to a security incident, particularly in the context of cyber security and data protection. Incident response plans are critical for minimizing the impact of a security incident and for restoring business operations.
Information Security #
The practice of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction, particularly in the context of cyber security and data protection. Information security is a critical component of risk management, as it ensures the confidentiality, integrity, and availability of information.
Internal Control #
A process or procedure that is implemented to manage and mitigate risk, particularly in the context of risk management and compliance. Internal controls can be administrative, technical, or physical and are used to reduce the likelihood or impact of a risk event.
Key Risk Indicator #
A metric or measure that is used to monitor and track risk, particularly in the context of risk management and governance. Key risk indicators are used to identify potential risk and to inform business decisions.
Malware #
A type of software that is designed to harm or exploit a computer system, particularly in the context of cyber security and data protection. Malware can have serious consequences, including financial loss and reputational damage.
Mitigation #
The process of reducing or eliminating risk, particularly in the context of risk management and compliance. Mitigation can involve the implementation of controls or procedures to manage and mitigate risk.
Network Security #
The practice of protecting networks from unauthorized access or malicious activity, particularly in the context of cyber security and data protection. Network security is a critical component of risk management, as it ensures the confidentiality, integrity, and availability of information.
Operational Risk #
A type of risk that is associated with operational factors, such as process failures or system downtime, particularly in the context of supply chain management and vendor risk assessment. Operational risk can have serious consequences, including financial loss and reputational damage.
Outsourcing #
The practice of contracting with a third-party provider to perform a specific function or service, particularly in the context of supply chain management and vendor risk assessment. Outsourcing can help to reduce costs and improve efficiency but also introduces new risk and vulnerabilities that must be managed.
Penetration Test #
A simulated attack on a computer system or network that is designed to test its defenses and vulnerabilities, particularly in the context of cyber security and data protection. Penetration tests are used to identify weaknesses and vulnerabilities and to inform security controls and procedures.
Procurement #
The process of acquiring goods or services from external providers, particularly in the context of supply chain management and vendor risk assessment. Procurement involves the evaluation and selection of suppliers and the negotiation of contracts and agreements.
Quality Control #
The process of monitoring and controlling the quality of goods or services, particularly in the context of supply chain management and vendor risk assessment. Quality control involves the evaluation and testing of products or services to ensure that they meet specifications and standards.
Regulatory Compliance #
The state of being in accordance with laws and regulations, particularly in the context of risk management and governance. Regulatory compliance is critical for avoiding penalties and fines and for maintaining a positive reputation.
Reputation Risk #
A type of risk that is associated with damage to an organization's reputation, particularly in the context of supply chain management and vendor risk assessment. Reputation risk can have serious consequences, including financial loss and reputational damage.
Residual Risk #
The risk that remains after mitigation or control measures have been implemented, particularly in the context of risk management and compliance. Residual risk is the risk that is accepted by an organization and is often influenced by the organization's risk tolerance and appetite.
Risk Assessment #
The process of identifying, analyzing, and evaluating risk, particularly in the context of risk management and governance. Risk assessment is used to inform business decisions and to develop strategies for managing and mitigating risk.
Risk Management #
The process of identifying, assessing, and mitigating risk, particularly in the context of risk management and governance. Risk management is used to minimize the likelihood and impact of risk events and to ensure the resilience and sustainability of business operations.
Risk Mitigation #
The process of reducing or eliminating risk, particularly in the context of risk management and compliance. Risk mitigation can involve the implementation of controls or procedures to manage and mitigate risk.
Risk Tolerance #
The level of risk that an organization is willing to accept in order to achieve its objectives, particularly in the context of risk management and governance. Risk tolerance is influenced by an organization's risk appetite and is often reflected in its risk management policies and procedures.
Security Awareness #
The state of being informed about security threats and vulnerabilities, particularly in the context of cyber security and data protection. Security awareness is critical for identifying and mitigating potential security threats and for informing security controls and procedures.
Single Loss Expectancy #
The estimated monetary loss that an organization can expect to incur in the event of a single risk event, particularly in the context of risk management and compliance. Single loss expectancy is used to calculate the annual loss expectancy and to inform risk management decisions.
Supply Chain Management #
The process of managing and coordinating the flow of goods, services, and information from raw materials to end customers, particularly in the context of supply chain management and vendor risk assessment. Supply chain management involves the evaluation and selection of suppliers and the management of inventory and logistics.
Supply Chain Risk #
A type of risk that is associated with disruptions or failures in the supply chain, particularly in the context of supply chain management and vendor risk assessment. Supply chain risk can have serious consequences, including financial loss and reputational damage.
Third #
Party Risk: A type of risk that is associated with third-party providers, such as suppliers or contractors, particularly in the context of supply chain management and vendor risk assessment. Third-party risk can have serious consequences, including financial loss and reputational damage.
Threat Assessment #
The process of identifying and evaluating potential threats to an organization's assets or operations, particularly in the context of risk management and compliance. Threat assessment is used to inform risk management decisions and to develop strategies for mitigating potential threats.
Vendor Risk #
A type of risk that is associated with third-party providers, such as suppliers or contractors, particularly in the context of supply chain management and vendor risk assessment. Vendor risk can have serious consequences, including financial loss and reputational damage.
Vendor Risk Assessment #
The process of evaluating and assessing the risk associated with third-party providers, such as suppliers or contractors, particularly in the context of supply chain management and vendor risk assessment. Vendor risk assessment is used to identify potential risk and to inform business decisions.
Vulnerability #
A weakness or flaw in a system or process that can be exploited by a threat or vulnerability, particularly in the context of cyber security and data protection. Vulnerabilities can have serious consequences, including financial loss and reputational damage.