Palo Alto Networks Reveals Keys to Achieving Compliance

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Arena recently interviewed Rachel Yabut, Supply Chain Risk Manager at Palo Alto Networks, to discuss compliance.

In part two of this two-part blog post series, Rachel shares her thoughts on the solutions and best practices that support successful end-to-end supply chain management through development and execution of strategic planning.

Arena: How much of a concern is environmental compliance?

Yabut: We are extremely concerned with that. Our business and product designs are driven by it. We sell into EU quite a bit. Europe sales provide a good portion of our revenue, so we need to make sure our product complies for selling in the EU. RoHS is ingrained in our design process. A part will not be approved without RoHS compliance. It dictates our ability to reach these markets.

Arena: How important is having supply chain wide visibility in your efforts to track RoHS and other compliance directives?

Yabut: Visibility is a big issue. It’s been on my roadmap for Supply Chain development for quite a while now. Visibility impacts a few different areas. Companies like ours that are 100% outsourced, put procurement and many supply chain issues in the hands of their CM’s and can lose visibility as a result. You don’t know what the CM has in the current pipeline, on order, inventory on hand, what channel the CM is buying through or what is being bought direct or through sub tiers of vendors/distributors.

You lose visibility from a cost perspective. While we establish standard costs with our CMS’s, they negotiate pricing based on aggregated demand of all their customers — not just what we need. We don’t know the CM’s actual purchase cost vs. standard costs (or what we pay the CM). As such, you can lose visibility and control into costs and savings.

Arena: There is a big push in the market for collaborative tools and transparency through master agreements with CMs and suppliers so they provide transparency. Are you using other collaboration tools beyond Arena PLM to aid in visibility?

Yabut: From a risk management perspective, I need visibility into my supply chain for crisis management, “what if” analysis, lead times and buffering. Programs for procurement methods are also critical. Visibility into supply chain includes understanding where our parts come from down to the sub-component–sub-tier level. The big drive on the risk management side, as an industry, is striving to improve risk management down to those very sub-tier levels. An example is we’ve been mapping our first-tier suppliers and we’ve got this part on our approved manufacturers list (AML) currently. Now we need to understand how our sub-tier suppliers are doing and where are they manufacturing, so we can apply appropriate risks. We need to understand points of failure in advance so we can put mitigation in place.

We’d love to hear your take on the topic and if you are experiencing a similar situation.