Your facilities run on fragile supply chains and nobody wants to admit it

In this Help Net Security interview, Christa Dodoo, Global Chair at IFMA, discusses how facility managers are managing supply chain risk in critical building systems. She explains how sourcing, localized redundancy, and flexible infrastructure design are being integrated into resilience planning. Dodoo also shares practical approaches such as regional vendor networks, alternative contracts, and strategic inventory to maintain continuity during disruptions.

Supply chains for critical building systems, HVAC components, fire suppression materials, access control hardware, are deeply embedded in geopolitically unstable regions. What concrete steps are forward-thinking FMs taking right now to de-risk those dependencies?

Most forward-looking facility managers include sourcing as a critical part of both risk management and resilience, not just procurement. Through the global pandemic and Ukraine war, facility managers recognized the need for redundancy to be localized, especially when managing a global portfolio. For example, sourcing materials from prequalified regional vendors and using components from decommissioned assets can serve as a viable low risk and a sustainable solution.

Resilience by design can also help to reduce the risk of some of these supply chain issues by allowing flexibility to incorporate locally sourced alternatives in building infrastructure from day one. The COVID-19 pandemic and its related challenges are the best thing that happened to facility managers, as it allowed mainstreaming out-of-the-box solutions for most of a facility’s operations. Another option which I adopt in my operations is the use of alternative contract agreements for some services to allow for a high level of agility during supply chain disruptions.

Sometimes facility managers also need to go back to basics and adopt the good old storage of strategic parts for critical systems. Given the advancements in accessible technology at our fingertips, this is not ideal but, there is something to be said for integrating traditional methods to ensure business continuity.

We’ve seen embassies, multinational corporate campuses, and NGO facilities become targets in active conflict zones. How should FMs be thinking about “hardening” assets in ways that don’t show up in any standard risk assessment template?

In unstable regions where most emergency response organizations and NGOs operate, we must shift focus from reactive to proactive approaches. This includes operational activities like redundant power, water, and communications within the same footprint to allow organizations to operate in isolation for the set recovery time objectives if needed. In most situations, hiding in plain sight is the best approach. A hardened facility should not appear fortified and must be as unassuming as possible. Concealing protection such as blast-resistance materials in conflict-prone areas and blending into the local architecture can help avoid or minimise deliberate attacks.

With the increase in operational technology (OT), there is also the need to reduce exposure to cyberattacks by incorporating a high level of cyber safety in both IT and OT systems. IFMA has partnered with Building Cyber Security to address the rising building cyber risks by proving training, tools and frameworks that will help FMs bridge the gap between IT and physical safety.

There’s a difference between a facility manager who has a crisis plan and one who has stresstested it against a realistic geopolitical scenario. In your experience, how wide is that gap in the profession right now?

Unfortunately, the gap is still wide since most business continuity plans are put in place to meet audit requirements. Frequent testing of such plans are not done, and in instances where testing happens, the scenarios used do not reflect realistic simulations because they are uncomfortable. The bottom line is that majority of organizations do not want to disrupt business operations unless forced to do so.

Most FMs will tell you that when drills are performed, there are always gaps and assets that are earmarked as “ready” on paper, are usually found lacking. Resilience isn’t paperwork, it’s muscle memory. Incorporating ISO 22301 (BC) into the ISO 41001 (FM) management systems is one way to reduce the gap and ensure critical service planning is performed in a more integrated approach.

Workforce continuity is a piece of this that doesn’t get enough attention. If a climate event or geopolitical disruption disables a facility, it also displaces the people who operate it. How are FMs building human redundancy into their continuity plans?

This is another of the lessons learned from the global pandemic. FMs have learned to build human redundancy by distributing competencies and creating a lot of remote functions and operating capabilities that ensure critical roles are not completely disrupted during an incident. For a global organization, having workforce in different regions as alternates to support or mirror some critical roles is an easier way to ensure continuity.

If you could put one thing in front of every Csuite executive who oversees a global real estate portfolio before they leave the room today, what would it be?

Resilience must be intentional and treated as a core asset class. Moving this beyond a budget line and incorporating it into the culture and mindset of everyone in the organization will ensure that when a disaster strikes, its facilities will be able to recover faster.