Security as part of the overall Enterprise Risk Management (ERM) continuously gains importance and increases in complexity with the growth of Supply Chains. To prevent attacks, like theft, sabotage and smuggling, businesses implement security measures, like data encryption or import shipment screening. Such requirements are given by standards and initiatives and are dependent on the business landscape they are implemented in. Security as integrated part of a business landscape is referred to by security-by-design. Enterprise Architecture (EA) sets business assets like people, processes, data and technology in relation which aids ERM and enables a security-by-design approach.

The integration of security into EA has recently been addressed by literature (e.g. Band et al., 2015). They make use of EA tools like the TOGAF Architecture Development Method (ADM) to integrate security at design-time. Further ERM tools like the Sherwood Applied Business Security Architecture (SABSA) have also been reviewed towards security. Yet the state of the art is limited to information security and fails to address Supply Chain Security requirements.

An integration of security requirements into the design of EA within Supply Chains requires several steps. First, it is necessary to review Supply Chain Security requirements from literature referring to the design of a business landscape and aggregate them to the levels of EA (e.g. organizational, behavioral, IT). From this, a capability matching is used to select appropriate tools for the integration of requirements into the business landscape. Identified gaps are to be resolved by extending the selected tools. The result is a toolset which enables the integration of Supply Chain Security requirements into the EA at design-time.

Recommended reading:

• Closs, D. J., & McGarrell, E. F. (2004). Enhancing security throughout the supply chain (pp. 10-12). Washington, DC: IBM Center for the Business of Government.
• Band, I., Engelsmann. W., Feltus, C., Paredes, S.G., Hietala, J., Jonkers H., Massart, S. (2015). Modeling Enterprise Risk Management and Security with the ArchiMate® Language.
• Sheffi, Y. (2005). The resilient enterprise. MIT Sloan Management Review, 47(1).