Information assurance within supply chains’ structures and processes.

Abstract

Organisations are challenging the traditional linear-based market model which is characterised by a straight line movement of goods and services. As a result, they are increasingly forming and moving towards a value web of supply chain network that connects a whole ecosystem of trading partners. These networks, which are mostly complex and dynamic, are creating a global market environment in which organisations no longer focus only on their immediate suppliers and customers, but also on the optimization and the smooth flow of information, funds and materials, within their respective direct and remote trading networks. The large number of participants within most supply chain networks has necessitated that these networks be agile and resilient. For supply chain networks to be agile and resilient, and for supply chains’ structures, processes and resources to be synchronized and integrated, the organisations within the supply chain must share information. Hence, in today’s supply chains, interests are moving towards obtaining the most benefits from information. In order to obtain these benefits from information, organisations are making use of information systems and their related technologies to acquire, process and adequately share information. These systems are making it possible for organisations to form strategic partnerships within the supply chain networks. The global market environment is causing supply chains to expand, and the expansion is exposing information to various security vulnerabilities and risks. The exposure of information to different vulnerabilities and risks is forcing trading partners to seek assurance that the information within their supply chain network is adequately protected and also performs as advertised. To understand how the assurance sought by trading partners can be provided, this study investigated information and information systems’ security within supply chains’ structures and processes. The study also investigated how information assurance objectives (i.e. confidentiality, integrity, availability, authentication and non-repudiation) can be achieved optimally within supply chains. Finally, the study proposes an information assurance model, which if adopted by decision makers, could enable them sustain their respective functions and processes within the supply chain network. In order to achieve the objectives of this study, the exploratory design and the case study approach were adopted in this study. The study also adopted the qualitative research method, and hence, semi-structured interviews were conducted, and served as the primary means of data collection. Participants in this study were drawn from two categories of organisations, which are supply chain and logistics organisations, and Information Technology (IT) consulting organisations. Therefore, the purposive sampling method was adopted in this study. An inductive approach was adopted in the analysis of data, and as a result, thematic analysis was adopted as the analysis method. The main outcome of the study is the proposed information assurance model that can enable decision makers sustain their respective functions and processes within the supply chain network.