We recommend sound preparation and a three-step process for implementing adequate and targeted risk- prevention or crisis-response measures: 1) Pool of measures. First, a catalogue of preventive actions, or a pool of measures, must be created and described. For this step it is useful to group the individual preventive actions by topics according to risk factors (risk indicators), e. g. natural hazards, political situa- tions, sanctions, working conditions or strikes. 2) Identification of extent of loss or damage. Risk identification (step 1) provides details regarding which supply chains (more specifically which suppliers, loca- tions, own plants and customers) are affected by a risk event or a change in a risk indicator. Together with the details about the level of impact (step 2) it is possible to make a quick decision in an emergency as to which potential preventive actions should be used from the pool of measures. 3) Effect and origin of preventive actions. The final step involves deciding how to handle the relevant risk. Not all risks are equal: some risks are easy to control and others are difficult to manage. Depending on whe- ther the situation – or in a specific case, the level of impact – is critical/high or non-critical/low, preventive actions with appropriate effect must be derived, that is, risk prevention, risk transfer, risk mitigation or risk acceptance measures. Using the example of a supplier’s production plant being located in an area with a high earthquake risk, the framework of preventive risk management is as follows: a) Low impact: The risk of an earthquake hitting the supplier, or more specifically, the supplier's site can be taken and accepted. b) High impact: The following preventive actions can be derived, for example: • Risk prevention measures, e. g. by establishing an alternative source • Risk transfer measures, e. g. by taking out CBI insurance • Risk mitigation measures, e. g. through structural earthquake protection measures Creation of preventive action catalogue. As already mentioned, the catalogue of preventive actions is a collection of all risk-prevention or crisis-response mea- sures that have been grouped by topics according to risk indicators. Every measure is assigned to at least one risk factor. However, when creating the catalogue of preventive actions, additional steps must also be taken into account. A responsible party must be defined for each measure, and all stakeholders involved must be listed. The parties involved can be from the most diverse departments: Logistics (e. g. emergency logis- tics), Quality (e. g. quality approval concerning re- placement procurement), Corporate Communication (e. g. in case of compliance breaches), Insurance (e. g. where a CBI insurance policy has been taken out), or Legal Division (e. g. in case of sanction matches). To ensure fast response in a risk event, we also recom- mend describing the actual procedure to be followed for each measure. Ideally, specific recommendations Comprehensive risk management along the supply chain creates transparency about risks and impact, and contributes to a sustainable solution for mitigating risks. First, managing risks along the supply chain means identifying and assessing them. These steps provide the basis for addressing risks in a proactive way using appropriate measures to ensure long- term corporate success. SUPPLY CHAIN RISK MANAGEMENT 3. RISK MITIGATION planning RISK Radar 1. 3. ACTION Planner 2. IMpACT Validator CONTROLLING & ANALYTICS