5 Sub-dimensions · Click to expand L2 detailClic para expandir detalle L2
🧭
› L2N2
L2 · Enterprise & Supply Chain Risk Management
Risk identification & taxonomy, quantification (FMEA, heat maps, VaR/CFaR), continuous monitoring & early warning, mitigation portfolio design, and third-party & supplier risk management.
The systematic discipline of identifying, quantifying, monitoring, and mitigating risk across the end-to-end network. This layer converts uncertainty into a managed portfolio: a shared risk taxonomy, quantified exposure, leading-indicator monitoring, and a mitigation portfolio with explicit owners and triggers — extended to the third parties that carry most modern supply chain exposure.
L3 Sub-componentsSubcomponentes L3 5 items · click to explore elementos · clic para explorar
01
Risk identification & supply chain risk taxonomy
Building the shared vocabulary of what can go wrong: structured risk identification across supply, demand, process, environment, and control risks, maintained as a living taxonomy with clear ownership.
→
02
Risk assessment & quantification (FMEA, heat maps, VaR/CFaR)
Converting identified risks into comparable magnitudes: probability-impact scoring, FMEA for process risk, and financial quantification through value-at-risk and cash-flow-at-risk methods.
→
03
Risk monitoring & early-warning systems
Moving from periodic risk reviews to continuous sensing: leading indicators, supplier financial health signals, event monitoring services, and escalation thresholds that trigger before impact.
→
04
Risk mitigation portfolio & treatment strategies
Designing the response: avoid, reduce, transfer, or accept — assembled as a portfolio with explicit cost-benefit logic, owners, implementation status, and residual-risk acceptance at the right level.
→
05
Third-party & supplier risk management (TPRM)
Extending the risk discipline to the supplier base: segmentation by criticality, onboarding due diligence, continuous financial and operational monitoring, and contractual risk allocation.
→
🧱
› L2N2
L2 · Network Resilience Engineering
Redundancy & multi-sourcing design, stress testing & scenario simulation, TTR/TTS analytics, structural flexibility (postponement, modularity), and resilience metrics incl. ROR governance.
Resilience treated as an engineering property of network design, not an aspiration. This layer designs the structural capacity to absorb and recover from disruption: where to hold redundancy, how to stress-test the network against scenarios, how to measure recovery capability with TTR/TTS, and how to govern the resilience-opacity trade-off of increasingly autonomous operations.
L3 Sub-componentsSubcomponentes L3 5 items · click to explore elementos · clic para explorar
01
Resilience strategy: redundancy & multi-sourcing design
Deciding where the network holds structural slack: dual/multi-sourcing, geographic diversification, capacity buffers, and strategic inventory — placed deliberately, not uniformly.
→
02
Stress testing & disruption scenario simulation
Testing the network against hypothetical shocks before reality does: scenario design, digital simulation of failure modes, war-gaming exercises, and translating results into design changes.
→
03
Time-to-Recover / Time-to-Survive (TTR/TTS) analytics
The quantitative core of resilience: for each node, how long the network survives its loss (TTS) versus how long recovery takes (TTR) — exposing the gaps where TTR exceeds TTS.
→
04
Structural flexibility: postponement, modularity & flexible capacity
Resilience through design rather than slack: postponement of differentiation, modular product and process architecture, multi-purpose capacity, and logistics route flexibility.
→
05
Resilience metrics & ROR governance
Measuring resilience as a managed KPI set: TTR/TTS coverage, exposure concentration indices, recovery performance — and, for autonomous operations, the Resilience-Opacity Ratio (ROR).
→
🚨
› L2N2
L2 · Business Continuity & Crisis Management
Business continuity planning (ISO 22301), crisis response & command structures, disruption playbooks, stakeholder communication, and post-event learning & recovery audits.
What the organization does when prevention fails. This layer covers the formal continuity discipline — BCP aligned to ISO 22301, crisis command structures, pre-built disruption playbooks, disciplined stakeholder communication during the event, and the post-event learning loop that converts every disruption into structural improvement.
L3 Sub-componentsSubcomponentes L3 5 items · click to explore elementos · clic para explorar
01
Business continuity planning (ISO 22301)
The formal continuity discipline: business impact analysis, recovery objectives (RTO/RPO) for critical processes, documented continuity strategies, and the ISO 22301 management system.
→
02
Crisis response & command structures
How the organization decides under fire: incident classification, activation thresholds, crisis command roles, decision rights under uncertainty, and the operating rhythm of a live event.
→
03
Disruption playbooks & response protocols
Pre-built responses for the predictable failure modes: supplier failure, port closure, plant outage, logistics strike — with triggers, first-72-hours actions, decision trees, and owners.
→
04
Crisis communication & stakeholder management
Managing the information dimension of disruption: internal cascades, customer allocation communication, supplier coordination, regulator notification, and a single source of truth.
→
05
Post-event learning & recovery audits
Converting every disruption into structural improvement: structured after-action reviews, root-cause analysis beyond the proximate cause, recovery performance audit against plan, and tracked corrective actions.
→
🌐
› L2N2
L2 · Geopolitics & Trade Risk
Geopolitical exposure mapping, sanctions & export-control risk screening, footprint strategy (nearshoring/friendshoring), tariff & trade-war scenario planning, and country risk intelligence.
The geopolitical lens on network design and sourcing decisions. This layer maps the network's exposure to political and trade discontinuities, screens counterparties against sanctions and export-control regimes from a risk perspective, evaluates footprint moves such as nearshoring, runs tariff and trade-war scenarios, and maintains structured country risk intelligence. Operational execution of customs and trade compliance lives in D11; D17 owns the risk assessment that precedes it.
L3 Sub-componentsSubcomponentes L3 5 items · click to explore elementos · clic para explorar
01
Geopolitical exposure mapping
Mapping where the network is exposed to political discontinuity: country concentration of supply, single-region dependencies, chokepoint transit exposure, and political risk scoring of the footprint.
→
02
Sanctions, export controls & trade-restriction risk
The risk lens on trade restrictions: counterparty screening exposure, dual-use and export-control classification risk, sanctions regime monitoring, and restricted-entity contagion in the supply base.
→
03
Footprint strategy: nearshoring, friendshoring & regionalization
Evaluating structural footprint moves through the risk lens: nearshoring and friendshoring business cases, regionalization of supply networks, and the México opportunity in North American re-architecture.
→
04
Tariff & trade-war scenario planning
Stress-testing the network against trade-policy discontinuities: tariff scenarios, retaliation dynamics, trade-agreement disruption, and pre-computed response options by scenario.
→
05
Country risk intelligence & monitoring
The standing intelligence function: structured country risk assessment for sourcing and market decisions, continuous monitoring of political and security developments, and integration into network decisions.
→
⚡
› L2N2
L2 · Emerging & Systemic Risk
Climate & catastrophe risk, supply chain cyber risk, algorithmic & AI systemic risk (ROR monitoring), pandemic-class systemic shocks, and insurance & risk transfer.
The risk classes that do not respect single-domain boundaries: climate and natural catastrophe, cyber events propagating through the supply network, systemic risk from autonomous algorithms, pandemic-class shocks, and the transfer mechanisms — insurance, parametric covers, contractual allocation — that finance residual exposure. Cyber tooling lives in D16 and agent mechanics in D13; D17 owns the systemic risk view across them.
L3 Sub-componentsSubcomponentes L3 5 items · click to explore elementos · clic para explorar
01
Climate & catastrophe risk
Physical climate risk on the network: acute event exposure (hurricanes, floods, drought, heat), chronic shifts affecting sites and logistics, climate stress testing, and adaptation investment.
→
02
Supply chain cyber risk
Cyber as a supply chain risk class: operational technology exposure, supplier cyber posture, software supply chain integrity, and the network impact of cyber events — tooling lives in D16, the risk view here.
→
03
Algorithmic & AI systemic risk
The risk class created by autonomous operations: emergent behavior in multi-agent systems, opacity accumulation, automation-propagated errors at machine speed, and ROR-based oversight.
→
04
Pandemic & systemic shock preparedness
The shocks that hit everything at once: pandemic-class events, systemic logistics collapse, critical-input crises — where diversification fails and preparedness shifts to absorption capacity.
→
05
Insurance & risk transfer
Financing the residual: property and business-interruption coverage, contingent business interruption for supplier events, parametric instruments, captives, and contractual transfer.
→