Four years ago, NetApp lacked a comprehensive means of measuring the resilience of its supplier network. Coming to the company, Wolfe needed to understand the ramifications of a potential supplier bankruptcy, as well as which of its suppliers are single-sourced. The company saw the need to invest more heavily in risk assessment, especially with regard to the location and financial health of its suppliers.
The floods in Thailand were a particular wakeup call, Wolfe says. With its focus on the storage industry, NetApp was relying on multiple hard-drive manufacturers in the area. “When the dikes broke,” he says, “it was a traumatic and drastic turning point for much of the industry and the storage business.”
It wasn’t a simple case of dual-sourcing key materials. NetApp needed to gain visibility of multiple tiers of suppliers. Prior to adopting a more aggressive program of risk management, it almost totally lacked that capability, Wolfe says.
NetApp had to launch both internal and external audits to determine where the greatest areas of risk lay. It began with Tier 1 – the contract manufacturers. After that came hard-drive and chip makers. With that information in hand, the company could proceed with a plan of action.
Getting cooperation from suppliers was a challenge. Some were reluctant to share what they considered to be proprietary information. Meanwhile, NetApp needed to expand its range of risk elements, while distinguishing the network by type of component and supplier.
Wolfe sees a high degree of value in industry-wide collaboration, particularly through the aegis of the Supply Chain Resiliency Council. It allows companies to compare best practices and compare notes on suppliers, a practice that Wolfe finds “very valuable.”
