BAE Systems has sidestepped security rules with its new sourcing system. Malcolm Wheatley blogs.
What does a manufacturer do when barred by government rules from using its preferred sourcing solution? That was the quandary faced by defence manufacturer BAE Systems.
A long‑time user of Exostar’s cloud‑based e‑sourcing solution, SourcePass, BAE wanted to leverage SourcePass for its Type 26 frigate development programme for the Ministry of Defence.
But SourcePass is hosted on servers located in the United States, and because of the sensitive nature of the Type 26 programme, UK government regulations mandated that all applications and data associated with the programme be hosted on UK‑based servers, thereby sidelining SourcePass.
Nothing loath, Exostar worked with BAE to deploy a new SourcePass instance on a secure BAE Systems server in the located in the UK.
And to further enhance security, it connected the UK SourcePass instance to its Managed Access Gateway to allow BAE Systems to administer and grant access to the system; and provided BAE with ‘one‑time password’ hardware tokens that it could issue to its suppliers and customers to enable confirmation of user identities with strong two‑factor authentication.
The result? A continuation of the ability to use its preferred sourcing tool, and a BAE Chairman’s Award for the joint BAE-Exostar team in recognition of the work put in to develop the UK instance.
“The Chairman’s Award is a testament to the highly‑collaborative effort between BAE Systems and Exostar to overcome a challenge and bring the right solution to bear,” says Elliot Webber, supply chain lead, Project BOLT eSourcing at BAE Systems.
“Without SourcePass, we were looking at a longer sourcing process where governance would be more difficult to enforce.”
Instead, BAE has found a way to realise the advantages of SourcePass in a restricted environment. Its ingenuity will benefits internal operations, the company’s customer and its suppliers.