What is Your Supply Chain?

Your supply chain is the network of vendors your business works with to ensure access to products or services rendered. Your various vendors make up your supply chain. It doesn’t just include products, either; it can include activities, people, information, and other resources that let you maintain operations.

A supply chain is incredibly important to the continued success of your business. For example, if your organization makes shoes, then you need access to the materials to make said shoes, like leather, rubber, and otherwise. Another example is the computers you use to provide goods or services to your customers. If there are shortages in the supply chain or if products are unavailable, then your supply chain will be disrupted, which also means a disruption to your operations and a negative impact on your bottom line.

Why is the Supply Chain Having Problems?

There are several reasons why the supply chain is experiencing problems, one of which is the pandemic. People were forced to move essential employees off-site, meaning they needed the technology to make this happen. The pandemic placed a significant strain on the materials required to work remotely, and the goods needed to move entire workforces remotely could not keep up with demand. This is why certain components are hard to come by, even all this time later.

Additionally, there is a labor shortage in the form of crucial workers who make the supply chain work. Countless people have quit their jobs over the past year, including warehouse workers and truck drivers, both of which are essential to the supply chain, creating bottlenecks—which hamper it. The people in these positions are being asked to do more, and they quite simply can’t. These issues aren’t getting better; if anything, they are getting worse.

What Can You Do?

Here are some things you can do to keep the supply chain from impacting your organization to the extent it might otherwise:

Inventory Control

There are two parts of having effective inventory control. First, you’ll need to have an extensive list of your inventory so you know what you have on-hand at any given time. If you don’t, you might find yourself falling behind. The other part of inventory management is mitigating risk by building a surplus. While it’s not the ideal state of things, it’s the way we have to get through the pandemic supply chain problems.

Be Flexible

If you source specific components or products from a manufacturer, they may not have access to the same goods and services they had in the past. They will do their best to get you what you need, but there might be a chance they cannot fulfill the order. Therefore, you should be open to sourcing your products or services from alternative suppliers if necessary. While it’s great to have the established relationships with manufacturers, you also need to keep your needs in mind.

Use Technology Security

Technology Security can help make your supply chain problems less of an issue. Software can automate a fair amount of the inventory process, and the Internet of Things is also invaluable for letting you know which parts of your business might need to be addressed.

Thrive can’t control the supply chain issues, but we can help you address these challenges with complete and total transparency. To learn more about what we can do for your business, contact Thrive.

The post Businesses are Feeling the Impact of Supply Chain Issues appeared first on Thrive.

Introducing PCI DSS

With so many people using credit, debit, and prepaid gift cards to pay for goods and services, the economic ramifications of digital payment fraud, data loss, and other side effects of continued reliance on these methods of payment have led the companies that issue these cards to band together to create what is now known as the PCI Security Standards Council. Since its inception in 2006 the PCI Security Standards Council has been overseeing the establishment and coordination of the PCI DSS, or Payment Card Industry Digital Security Standard. Let’s take a look at how PCI compliance works.

Taking a Look at PCI

PCI DSS was established in 2006 by credit card companies as a way to regulate business use of personal payment card information. That means all businesses. If your business processes or stores payment card information as a means of accepting digital payment, you need to maintain your PCI compliance. PCI DSS demands that businesses satisfactorily take the following steps:

1. Change passwords from system default
2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
3. Encrypt transmission of card data across public networks
4. Restrict the transmission of card and cardholder data to “need to know” basis
5. Assign user ID to all users with server or database access
6. Make efforts to protect physical and digital access to card and cardholder data
7. Monitor and maintain system security
8. Test system security regularly
9. Create written policies and procedures that address the importance of securing cardholder data
10. Train your staff on best practices of accepting payment cards

While many businesses already do these things in the normal course of doing business, if you currently don’t and you still allow for the use of payment cards, your business could have a problem on its hands.

Business Size and Compliance

Once you understand what you need to do to be PCI compliant, you then need to comply with the standards of your business’ merchant status. They are defined as follows:

• Merchant Level #1 – A business that processes over six million payment card transactions per year.
• Merchant Level #2 – A business that processes between one million-to-six million payment card transactions per year.
• Merchant Level #3 – A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
• Merchant Level #4 – A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Since a business with more transactions has a better chance to foul up a situation concerning payment card compliance, they are required to do more to prove compliance than smaller businesses do. Here are the expectations for businesses in each merchant level:

Merchant Level #1

Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

• Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
• Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2

As transactions begin to decrease there are less stringent standards. Level twos include:

• Perform a yearly Self-Assessment Questionnaire (SAQ)
• Allow an ASV to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3

Many medium-sized businesses will fall under this level and need to:

• Perform an SAQ
• Allow an ASV to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4

The majority of small businesses fall into level #4 status and, like levels two and three, need to:

• Perform a SAQ
• Allow an ASV to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council record

Businesses that are non-compliant will face fines, extra scrutiny, or risk having the privilege of accepting payment cards officially revoked. If you have questions about the particulars of PCI DSS compliance, contact the knowledgeable professionals at Thrive today.

The post The Basics of PCI Compliance appeared first on Thrive.