Supply Chain Risk Analytics & Management

Stop supply chain security breaches.
Maximum Visibility. Minimum Effort.

ObjectSecurity SCRAMS™ (Supply Chain Risk Analysis and Management Solution) helps organizations analyze and manage supply chain risks by processing procurement data into actionable insights. SCRAMS provides organizations with visibility into their supply chain to determine supply chain risks. While others mostly focus on financial risks, for example due to loss of production, our SCRAMS solution also focuses on malicious fault injection by adversaries, granular access control, and atypical suppliers/items.

What

Ingest information from your ERP – for example SAP) – and other sources into SCRAMS, and let it intelligently “connect the dots” to provides visibility and  insights. Once done, you can run smart searches across the analyzed data, and run automated analytics. You can also generate actionable reports. To use SCRAMS, upload your procurement data from sources like SAP ERP, other ERPs, and spreadsheets. SCRAMS will automatically identify supply chain anomalies, including counterfeit, modified, sub-par QA items, and vendor and shipping issues. It also enriches the results with public information from sources like counterfeit databases, social media, and news. SCRAMS then provides supply chain risk managers with a detailed, consolidated report to help them quickly address the most critical risks. Originally designed for IT and microelectronics purchases, SCRAMS is widely applicable. For microelectronics, it can help determine the bill of materials for circuit boards and automatically searches for anomalies in circuit boards and parts.

Why

The rationale behind SCRAMS is that supply chain risk analysis today is often still done ad-hoc and manually, for example using spreadsheets – but organizations today need better and more timely visibility into their supply chains, in order to be able to react to supply chain risks better and faster.

  • Identify supply chain risk indicators across your procurement data

  • Convenient searching and automated analysis

  • Ingest your procurement data from SAP + more

  • Customizable platform

Having good supply chain visibility allows you to keep track of individual components from your suppliers. Good visibility enables timely risk identifications and allows you to maneuver inventory, avoid bottlenecks, ensure quality, and meet demands. One of the greatest challenges is manage risk and visibility across partner networks on a global scale.
SCRAMS provides quick risk visibility of your suppliers. The analysis report saves you time on researching and screening your suppliers one by one. SCRAMS not only conducts a background check based on your supplier’s unique CAGE number but also scavenges the internet for any news regarding each supplier. SCRAMS is a quick and easy way to gain visibility to your suppliers and effectively manage your supply risks.

On a global scale, supply chains face many risks such as environmental catastrophes, transport loss, counterfeit production, economic instability, etc. Identifying and addressing those risks in a timely manner allows the supply chain to meet demands continuously. However, these risks are often unpredictable and costly for the business. Therefore, having preemptive supply chain risk indicators is crucial for developing a sustainable supply chain.
SCRAMS provides detailed reports regarding pricing anomalies, supplier anomalies, and any geographical situations that might potentially risk the deliverability of your supply chain. SCRAMS provides a customized report based on your uploaded procurement information!

Optimization of supply chain is one of the key factors to a successful business. How do you guarantee quality, quantity, deliverability, and profit? By minimizing cost and improving performance, an efficient supply chain could not only generate the highest level of profit but also increase customer satisfaction. However, optimizing supply chain is a difficult process because of its complexity. Supply chain manager often struggle to find the optimal balance between, costs of manufacturing, inventory, transportation, yield, and fulfillment. In addition, the supply chain configuration is constantly fluctuating depending on changes in the customer expectations, material cost, carrier pricings, and even geo-political factors.
SCRAMS can help you simplify the supply chain analysis process for optimization. The pricing and vendor anomaly reports allows you to instantly filter out suppliers who are charging too much or have an untrustworthy history. The geo-location event search report gives you the latest updates risk indicators on your suppliers based on their geographical locations. SCRAMS is a quick and easy tool to help you minimize cost while guaranteeing supplier quality during your supply chain optimization process.

To avoid cost, many companies choose to use spreadsheets as an organization solution for supply chain. However, using spreadsheets makes it more difficult to provide supply chain visibility and identify potential risk indicators. On the other hand, implementing a customized SAP ERP program is often too costly and unnecessary for the current stage of business.
SCRAMS provides essential key analytics such as price anomaly, vendor anomaly, product general analysis, and geo-location event analysis. If you are interested in more advanced analytics, the SCRAMS Enterprise edition may be right for you.

How

OpenPMF captures policies in generic terms rather than specific technical rules, reducing the need for frequent updates. For example, in dynamic IoT/IIoT environments, it automatically generates security enforcement rules by analyzing these generic policies alongside changes in applications and their interactions. This method ensures policies remain manageable in large, evolving IT/OT landscapes, leading to significant maintenance cost savings. OpenPMF’s patented technology makes policy management both efficient and adaptable. In its most basic form, OpenPMF’s policy automation steps involve importing, authoring, and generating:

SCRAMS allows users to drill-down search the data using a text input field and search buttons automatically determined by the graph structure. For example, a user can search for a product by typing text in the field and selecting the ‘Product Name’ button to search the DB. The result is displayed in a table with buttons to save, export and print. Users can narrow down displayed search results through a provided text input field on top of the result table. Further drill-down searching is available from each search step result: The left column of the result table usually contains checkboxes that allow the user to select particular rows for deeper search. Once the selection is made, users can select a button from the button menu and SCRAMS will search and return those drill-down search results, again in tables containing data relationships and information.

SCRAMS supports automatic algorithmic analysis of the data, which identifies and aggregates “risk indicator” results based on requirements provided by Navy’s SCRM Lead, such as product pricing anomalies, vendor location mismatch, CAGE code anomalies, component serial number anomalies, etc. The results are SCRM “risk indicators”, not conclusive risk determinations, because surrounding factors are analyzed, rather than the actual ICT parts.  The analyses are automatically executed periodically. Risk indicator information is automatically displayed on the landing page when the user logs in. The SCRAMS app can also push (e.g. email) risk indicator reports to notify designated users.

Users can also visualize search results graphically in 2D, 3D, and in virtual reality (proof-of-concept feature).

The SCRAMS application ingests a data dump from SAP ERP (incl. SAP-based installations such as Navy ERP) etc. The data is processed, converted, and ingested into a graph database (Neo4j) to build a node/relationship-based data graph that is used intensively by SCRAMS’s search and analytics features (see Figure below). SCRAMS enriches the graph with data from additional data sources (such as CAGE info from SAM, location from Google Maps, etc.).

Users can upload files in 1000+ supported formats from the SCRAMS web interface, including images. SCRAMS extracts the text (incl. from images, using OCR), and indexes the extracted text to allow full-text searching from within the SCRAMS web UI.

Users can export results (in table form) into Excel/PDF/Word. Users can also save current search results (both results snapshots of current results, and queries).

The SCRAMS app interacts with SCRAMS’s externalized attribute-based access control (ABAC) system, which is based on our innovative OpenPMF security policy automation product, openpmf.com). SCRAMS obtains fine-grained permission information via OpenPMF’s ClientSDK feature, which control access at a fine granularity (individual Web UI menus and buttons etc.). In other words, users in different groups get different menus and buttons on their web UI. Furthermore, SCRAMS supports industry-standard single sign-on (SSO) using OpenID Connect via Tomcat.

Our fully functioning, robust SCRAMS application prototype is a Java web application running on a web application server (Tomcat), that provides users access from web browsers.

SCRAMS Enterprise™ vs. easySCRAMS™

SCRAMS comes in two flavors: The SCRAMS Enterprise™ version offers advanced analytics, customized reporting, and enhanced search capabilities. easySCRAMS™ is a simpler, packaged version for smaller needs. Both versions support data ingestion from various sources, automated risk analysis, and detailed visualizations. They are designed to improve supply chain visibility and identify potential risks efficiently.

easySCRAMS™

Simply upload your procurement data – easySCRAMS will automatically analyze it for supply chain risks and improve your supply chain visibility and optimization.

The Easy 5 Step Solution for Supply Chain Analysis:

  • Many different input types to choose from
  • Click the [?] for help and example templates

  • Simply drag/drop or upload your procurement data
  • You can upload multiple files of the same type! easySCRAMS can analyze all uploaded files for one comprehensive analysis report

  • Here you can make sure that the columns from the uploaded data are correctly matched
  • With SAP ERP data, the column matching is automatic

  • Hit that “Go” button!
  • A customized analysis report will show up in your email in minutes.

easySCRAMS calculates risk indicators based on many factors:

  • Product anomalies (price, online searches, counterfeit data…)
  • Vendor anomalies (address, CAGE , location events etc.)
  • Shipping anomalies (product/shipping locations etc.)
  • etc.

SCRAMS Enterprise™

SCRAMS Enterprise edition supports more advanced features. In comparison to easySCRAMS, the enterprise version include more advanced analytics, supports advanced searching and visualizations, more detailed reports, and can be customized to your specific needs.

The SCRAMS application ingests a data dump from SAP ERP (incl. SAP-based installations such as Navy ERP) etc. The data is processed, converted, and ingested into a graph database (Neo4j) to build a node/relationship-based data graph that is used intensively by SCRAMS’s search and analytics features (see Figure below). SCRAMS enriches the graph with data from additional data sources (such as CAGE info from SAM, location from Google Maps, etc.).

SCRAMS allows users to drill-down search the data using a text input field and search buttons automatically determined by the graph structure. For example, a user can search for a product by typing text in the field and selecting the ‘Product Name’ button to search the DB. The result is displayed in a table with buttons to save, export and print. Users can also visualize search results graphically in 2D, 3D, and in virtual reality (proof-of-concept feature). Users can narrow down displayed search results through a provided text input field on top of the result table. Further drill-down searching is available from each search step result: The left column of the result table usually contains checkboxes that allow the user to select particular rows for deeper search. Once the selection is made, users can select a button from the button menu and SCRAMS will search and return those drill-down search results, again in tables containing data relationships and information.

SCRAMS supports automatic algorithmic analysis of the data, which identifies and aggregates “risk indicator” results based on requirements provided by Navy’s SCRM lead, such as product pricing anomalies, vendor location mismatch, CAGE code anomalies, component serial number anomalies, etc. The results are SCRM “risk indicators”, not conclusive risk determinations, because surrounding factors are analyzed, rather than the actual ICT parts. The analyses are automatically executed periodically. Risk indicator information is automatically displayed on the landing page when the user logs in. The SCRAMS app can also push (e.g. email) risk indicator reports to notify designated users.

Users can export results (in table form) into Excel/PDF/Word. Users can also save current search results (both results snapshots of current results, and queries).

Users can upload files in 1000+ supported formats from the SCRAMS web interface, including images. SCRAMS extracts the text (incl. from images, using OCR), and indexes the extracted text to allow full-text searching from within the SCRAMS web UI.

The SCRAMS app interacts with SCRAMS’s externalized attribute-based access control (ABAC) system, which is based on our innovative OpenPMF security policy automation product. SCRAMS obtains fine-grained permission information via OpenPMF’s ClientSDK feature, which control access at a fine granularity (individual Web UI menus and buttons etc.). In other words, users in different groups get different menus and buttons on their web UI. Furthermore, SCRAMS supports industry-standard single sign-on (SSO) using OpenID Connect via Tomcat.

Our fully functioning, robust SCRAMS application prototype is a Java web application running on a web application server (Tomcat), that provides users access from web browsers.

Our AFMEP prototype feature adds an innovative solution to analyze microelectronics circuit boards to SCRAMS. It automatically collects relevant information about the analyzed microelectronics device from images and scans of the analyzed device, as well as many public and vendor-provided sources.

Thanks to its automation under the hood and the convenience of the rich user interface, AFMEP makes determining the bill of materials for the circuit board much easier and more reliable. And thanks to its innovative patent-pending technology, AFMEP is in many cases able to confirm automatically that the identified microelectronics parts should be on the analyzed circuit board, and that the analyzed circuit board should be in the analyzed device. Importantly, AFMEP achieves this without the need for a “golden unit”. It also automatically analyzes the risk associated with particular parts.AFMEP brings together a wide range of results and detailed supporting information in an automatically generated report.

Read more here.

easySCRAMS capabilities include:

  • Supplier identification and information, including associated IT components
  • Analytical capabilities to recognize risks, incl. (automated) anomaly detection
  • Ingested SAP ERP and other spreadsheet formats
  • Web compatible access (HTML, JavaScript, CSS)
  • Risk indicator anomaly report
  • User accessibility support in browsers

SCRAMS Enterprise capabilities include:

  • Supplier identification and information, including associated IT components
  • Federated search of available government and internet data
  • Facilitated data discovery and federated searching
  • Analytical capabilities to recognize risks, incl. (automated) anomaly detection
  • Ingested SAP ERP (+ supports document import from 1000+ formats for searching)
  • Saving and exporting queries and reports, exports to PDF, and MS Excel & Word
  • Support for all stakeholders (power users, contract managers etc.)
  • Security features (granular permissions, ABAC, OpenPMF integration)
  • Web-access and centralized cloud service
  • Scaling with users, data and analytics
  • Web compatible access (HTML, JavaScript, CSS),
  • User accessibility support in browsers
  • Circuit board BOM analysis

How to use/adopt easySCRAMS:

  • Deploy as an appliance/virtual appliance, with browser-based user interface
  • Upload several kinds of ERP data directly
  • easySCRAMS ingests into a graph database, enabling advanced search and analysis
  • No customization needed

How to use/adopt SCRAMS:

  • Deploy as an appliance/virtual appliance, with browser-based user interface
  • DB admins provide supply chain data or upload documents directly
  • SCRAMS ingests into a graph database, enabling advanced search and analysis
  • We offer cost-effective data ingestion professional services, leveraging automation

Learn about easySCRAMS in less than 4 minutes:

Learn about SCRAMS in less than 4 minutes:

 

Successful Evaluation by Navy

The full SCRAMS testbed was evaluated by Navy SPAWAR in Feb. 2019 using NAVWAR’s own procurement data. The testbed comprised six interconnected machines, mimicking a production setup

AFWERX Challenge Finalist

SCRAMS was selected finalist at the AFWERX Microelectronics Supply Chain Provenance Challenge in May 2019, and development to extend and enhance SCRAMS are ongoing. (details)