The Index:
Supply Chain & Third-Party
Terms You Should Know

The global risk landscape is constantly evolving. To stay ahead, it’s important to understand key concepts that will help you stay informed and attuned to the various risks and opportunities that affect your supply chain and third-party ecosystems.

 

Discover all the essential terms and context you need in our index below as you modernize supply chain and third-party risk management and compliance within your organization. Stay up to date by browsing through our extensive list of informative resources that define and contextualize common terminology and concepts that are essential to supply chain management and third-party risk management.

Alphabetical (select one)

A

Adoption of artificial intelligence (AI) has exploded in the past year, revolutionizing many industries and their supply chains.

Adoption of artificial intelligence (AI) has exploded in the past year, revolutionizing many industries and their supply chains.

C

A new law in Canada may be one to add to your monitoring of global regulations to prevent modern slavery in supply chains.

The Carbon Border Adjustment Mechanism (CBAM) is an emissions trading scheme implemented by the EU that places a price on greenhouse gases emitted in the production of selected imports to prevent carbon leakage. The CBAM requires businesses that import to the EU to accurately report carbon emissions data across their supply chain and rethink supplier engagement.

The existence of child labor within global supply chains presents a troubling reality that demands immediate attention, both to save lives and protect your business.

The CHIPS Act established a $52 billion CHIPS for America Fund to invest in the development of semiconductor technology in the United States.

The Corporate Sustainability Due Diligence Directive (CSDDD) sets a standard for businesses in the EU to address sustainability, focusing on environmental impact, climate change, and human rights. It mandates due diligence practices for companies and their supply chains, ensuring accountability for suppliers' actions and promoting ethical business operations.

Contested logistics refers to supply chain operations conducted in environments where adversaries attempt to disrupt or destroy logistics efforts. This complex landscape demands heightened stakeholder trust and transparency to ensure resilience and readiness across all domains, including land, sea, air, and cyberspace.

Systems and assets so vital to the United States that their incapacity or destruction would have a debilitating impact on security, national economic security, national public health and/or safety. Examples of critical infrastructure include energy, water, chemicals, nuclear facilities, the Defense Industrial Base, IT companies and cloud service providers.

Attacks can occur at every link in a typical software supply chain, and these kinds of attacks are increasingly public, disruptive, and costly.

D

The Defense Industrial Base refers to organizations and companies that provide necessary products and services for the sustainment and deployment of U.S. military operations, including defense research and development, manufacturing, weapon systems and sensors.

E

ESG due diligence is the process of uncovering a company’s ESG (environmental, social, governance) policies and risk factors.

The supply chain risk category known as ESG — environmental, social and governance — spans broad issues like carbon emissions, modern slavery, money laundering, deforestation and more.

The European Union Deforestation Regulation (EUDR), likely to be effective December 30, 2025, mandates that large enterprises ensure their supply chains for seven key commodities — coffee, cocoa, soy, oil palm, cattle, rubber, and wood — do not originate from deforested land post-2020. This regulation promotes sustainable practices and compliance with environmental and human rights laws.

The Cybersecurity Executive Order (Executive Order 14028) responds to the growing number of cyberattacks against government agencies, critical infrastructure and other companies.

President Biden’s landmark Executive Order on Artificial Intelligence (EO 14110) marks the first significant policy-making effort by the U.S. government on the important topic of how best to manage the opportunity — and risk — of artificial intelligence.

F

FedRAMP (Federal Risk and Authorization Management Program) is a government-wide initiative that standardizes security and risk assessment for cloud services. It enables federal agencies to adopt modern cloud technologies safely, reduces inefficiencies, and fosters public-private partnerships to drive innovation and enhance the security of government information.

Financial risk can arise if an organization has poor financial solvency or any history of financial crime among its senior executives. Financial risk indicators can be extracted from sources such as news outlets, social media platforms and financial analysis providers.

Managing foreign ownership, control, or influence (FOCI) risk is a critical concern for U.S. companies.

G

On June 11, 2021, the German Parliament passed a new law on corporate due diligence in supply chains called Lieferkettengest, or the German Supply Chain Due Diligence Act (GSCA).

H

An HBOM is a systematic structure comprising clearly defined data fields that outline the components of a hardware product and its attributes. It enables organizations to identify potential economic and security risks associated with equipment components that may be compromised, untrusted, and subject to availability risks.

M

One benefit a robust supply chain management practice for your enterprise can deliver is cost savings. And one of the main drivers of this efficiency is material demand aggregation.

Modern slavery in supply chains refers to the exploitation and forced labor practices that occur within global networks. To eradicate modern slavery, governments are taking the initiative to make organizations accountable for all activities in their supply chains that might involve human rights abuses.

O

When it comes to regulatory compliance, every business should know the Office of Foreign Assets Control (OFAC) and its sanctions.

Operational risk spans a wide variety of different categories, including geopolitical and geoeconomic risk, the climate variability impact on the physical location of an organization, counterfeits, and potential alternative suppliers.

P

PFAS (per- and polyfluoroalkyl substances) are synthetic chemicals known as "forever chemicals" due to their environmental persistence. Widely used in various industries, PFAS are linked to adverse health effects, making their presence in products, including healthcare items, a significant concern.

A politically exposed person refers to an individual who holds a prominent public position or function. Due to their role, the individual is considered more likely to engage in acts of bribery or corruption.

Procurement risks occur when the process of purchasing or sourcing products, services or resources becomes unreliable.

Product risk occurs when there’s a lack of transparency in your supply chain due to siloed data, incompatible systems across an enterprise, or the outsourcing of parts and raw materials.

R

RCR risks can arise when an organization’s suppliers fail to comply with applicable laws and regulations or neglect due diligence during their onboarding process.

S

Sanctions are a type of economic pressure used by governments and international bodies to protect security interests and international law against aggressive actions or threats to international peace and security.

A Software Bill of Materials (SBOM) is an organized list that offers an in-depth description of the open-source and proprietary components, like modules, libraries and other software artifacts, within a software package.

As your company strives to reduce its carbon footprint, you can’t ignore the supply chains that are part of your business.

As part of the 2019 National Defense Authorization Act (NDAA), Section 889 has significant implications for acquisition and procurement executives, government contractors and suppliers, particularly those involved in the telecommunications equipment and services sector.

A supply chain digital twin is a dynamic virtual representation of an organization’s supply chain. It utilizes real-time data and simulations to analyze performance, identify risks, and enhance decision-making, leading to improved efficiency and resilience in complex operational environments.

Supply chain diversification is a strategic approach that reduces dependence on a single supplier or source by incorporating multiple suppliers and market opportunities. This enhances resilience, competitiveness, and adaptability in disruptions, ensuring smoother business operations.

Supply chain illumination is an analytical evaluation of entities and materials within a supply chain to identify risks and enhance situational awareness. It combines supply chain mapping with real-time insights for comprehensive risk management and opportunities across multiple tiers.

Supply chain mapping is the process of visualizing and analyzing the relationships between suppliers and sub-tiers within a supply network. It tracks the flow of materials and products, ensuring sustainability, regulatory compliance, and accurate tracking for corporations, compliance teams, and governments.

Supply chain resilience is the ability to withstand, absorb and recover from a shock or disruption in the supply chain ecosystem without hindering organizational growth.

Supply Chain Risk Management involves a multi-faceted and dynamic landscape of risk vectors and opportunities that must be consistently assessed and constantly updated to reflect the many macro supply chain risk drivers, from geopolitical risk, trade wars and industrial espionage to modern slavery and climate change.

The quickly evolving landscape of supply chain risk management (SCRM) requires organizations to develop strong programs that can anticipate and mitigate a variety of risks.

An end-to-end view of all tiers and entities in the supply chain as well as material-inputs — metals, plastics, chemicals, electronics, etc. — that flow into the parts, products, and equipment in the supply chain.

T

The Exiger Third Party & Supply Chain Risk Management Maturity Model is designed to help managers assess their organization’s capabilities with respect to managing supply chain risk.

A type of risk management that focuses on identifying, assessing and mitigating risks that arise from relationships with third-party suppliers, vendors and partners.

U

The Uyghur Forced Labor Prevention Act (UFLPA) took effect in the United States on June 21, 2022 to prohibit importation of goods into the United States that were produced by forced labor in the Xinjiang Uyghur Autonomous Region (XUAR) of China.

The UK Modern Slavery Act is a sweeping piece of legislation that seeks to regulate and address the issues of modern-day slavery in business operations and their global supply chains.

The person who ultimately owns or controls a legal entity is known as the ultimate beneficial owner or UBO.

X

The Uyghur Forced Labor Prevention Act (UFLPA) took effect in the United States on June 21, 2022 to prohibit importation of goods into the United States that were produced by forced labor in the Xinjiang Uyghur Autonomous Region (XUAR) of China.

Demo The
Exiger Platform