SUPPLY CHAIN RISK ASSESSMENT CHECKLIST Created by ChecklistGuro (https://checklistguro.com) --- SUPPLIER IDENTIFICATION & PROFILING --- [ ] Supplier Name [ ] Supplier ID [ ] Supplier Description/Business Overview [ ] Supplier Tier (1-3) (Tier 1, Tier 2, Tier 3) [ ] Products/Services Supplied (Raw Materials, Components, Finished Goods, Logistics Services, Other) [ ] Supplier Profile Document (Optional) --- GEOPOLITICAL & MACROECONOMIC RISKS --- [ ] Country/Region of Primary Supplier Location (North America, South America, Europe, Asia, Africa, Oceania) [ ] Political Risk Index Score (e.g., from a reputable source) [ ] Date of Last Geopolitical Risk Assessment Review [ ] Description of Current Political Instability in Supplier Region (if applicable) [ ] Trade Agreement Impact (e.g., tariffs, sanctions) (No Impact, Minor Impact, Moderate Impact, Significant Impact) [ ] Estimated Inflation Rate in Supplier Region [ ] Summary of Relevant Economic Forecasts and Potential Impact --- FINANCIAL STABILITY OF SUPPLIERS --- [ ] Supplier's Current Ratio [ ] Supplier's Debt-to-Equity Ratio [ ] Supplier's Revenue Growth (Past 3 Years) [ ] Supplier's Profit Margin [ ] Credit Rating Agency (if applicable) (Standard & Poor's, Moody's, Fitch, None) [ ] Overall Financial Risk Level (Based on analysis) (Low, Medium, High) [ ] Notes/Observations regarding financial stability --- OPERATIONAL RISKS - MANUFACTURING & LOGISTICS --- [ ] Supplier Production Capacity (Units/Year) [ ] Supplier Quality Management System Certification (e.g., ISO 9001) (Certified, Not Certified, Pending Certification) [ ] Description of Supplier Manufacturing Processes [ ] Lead Time from Supplier to Our Facility (Days) [ ] Potential Logistics Risks (Select all that apply) (Port Congestion, Transportation Delays, Customs Issues, Damage During Transit, Lack of Visibility, None) [ ] Last Supplier Audit Date [ ] Notes from Previous Supplier Audit (Manufacturing & Logistics) --- CYBERSECURITY RISKS --- [ ] Supplier's Cybersecurity Framework (e.g., NIST, ISO 27001) (NIST Cybersecurity Framework, ISO 27001, Other (Specify), Not Applicable) [ ] Supplier's Last Reported Data Breach (Number of Records Affected) [ ] Description of Supplier's Security Awareness Training Program [ ] Supplier's Security Controls (Select all that apply) (Firewalls, Intrusion Detection/Prevention Systems, Data Encryption (at rest and in transit), Multi-Factor Authentication, Vulnerability Scanning, Penetration Testing, Endpoint Detection and Response (EDR)) [ ] Supplier's Incident Response Plan - Reviewed and Tested? (Yes, No, Not Applicable) [ ] Date of Last Cybersecurity Audit of Supplier --- REGULATORY & COMPLIANCE RISKS --- [ ] Applicable Regulations (e.g., GDPR, CCPA, RoHS) (GDPR, CCPA, RoHS, Conflict Minerals Reporting, Modern Slavery Act, Other (Specify)) [ ] Description of Supplier's Compliance Program [ ] Number of Compliance Audits Conducted in Last Year [ ] Date of Last Compliance Audit [ ] Upload Compliance Documentation (Certificates, Reports) [ ] Areas of Non-Compliance Identified (if any) (Data Privacy, Environmental Regulations, Labor Standards, Anti-Corruption, Product Safety, Other (Specify)) [ ] Specific Actions Taken to Address Non-Compliance --- CONCENTRATION & SINGLE SOURCE DEPENDENCIES --- [ ] Percentage of Spend with Single Source Supplier (Critical Component A) [ ] Number of Approved Alternative Suppliers for Critical Component B [ ] Is there a documented strategy for mitigating single sourcing of Raw Material X? (Yes, No, In Progress) [ ] Describe the risks associated with reliance on a single supplier for Packaging Material [ ] Date of last assessment of supplier diversification strategy [ ] Which critical components are currently single-sourced? (Component A, Component B, Component C, Component D) [ ] Upload Supplier Risk Assessment Report (if available) --- BUSINESS CONTINUITY & DISASTER RECOVERY --- [ ] Does the supplier have a documented Business Continuity Plan (BCP)? (Yes, No, Unsure) [ ] Last BCP Review/Update Date [ ] Briefly describe the supplier's BCP scope (e.g., departments, processes covered) [ ] Does the BCP include procedures for data backup and recovery? (Yes, No, Unsure) [ ] Estimated Recovery Time Objective (RTO) (in hours) [ ] Estimated Recovery Point Objective (RPO) (in hours) [ ] What types of disasters/risks are addressed in the BCP? (Natural Disasters (e.g., earthquake, flood), Cyberattacks, Pandemics, Supply Chain Disruptions, Equipment Failure, Utility Outages) [ ] Request BCP Summary Document (if available) --- ETHICAL & SOCIAL RESPONSIBILITY --- [ ] Supplier Code of Conduct Adherence (Fully Compliant, Partially Compliant, Non-Compliant, Not Assessed) [ ] Labor Standards Verification (Select all that apply) (Fair Wages, Working Hours Limits, Child Labor Prevention, Forced Labor Prevention, Freedom of Association, Safe Working Conditions, Not Assessed) [ ] Description of Supplier's Environmental Sustainability Practices [ ] Supplier Sustainability Report (if available) [ ] Conflict Minerals Sourcing (Verified Conflict-Free, Requires Further Verification, Not Assessed) [ ] Number of Worker Grievances Reported (past year) --- RISK MITIGATION & RESPONSE PLANNING --- [ ] Detailed Mitigation Strategy [ ] Estimated Mitigation Cost [ ] Mitigation Implementation Deadline [ ] Risk Owner (Responsible Party) (Procurement, Operations, Quality Assurance, Supplier Management) [ ] Contingency Plan Actions (Identify Alternative Supplier, Increase Safety Stock, Expedite Shipping, Redesign Product/Process) [ ] Communication Plan for Risk Event [ ] Next Review Date of Mitigation Strategy --- END OF TEMPLATE --- Transform this text into a digital, automated, and trackable mobile app! Visit: https://checklistguro.com/templates/scm/supply-chain-risk-assessment-checklist (Click "Install Template" to launch your digital inspection tool immediately)