May 17, 2020

Efficiently managing a warehouse, by A&B Industrial Services

Supply Chain Digital
Supply Chain
supply chain news
Logis
Freddie Pierce
3 min
An efficient warehouse is a happy warehouse
By A & B Industrial Services This handy guide will ensure that you responsibly manage the warehouse. Office Area When people think of a warehouse...

By A & B Industrial Services

This handy guide will ensure that you responsibly manage the warehouse.

Office Area

When people think of a warehouse, they often imagine a large, empty shell of a building, filled with shelves only. What most people don’t realise is that a warehouse needs to have an effectively ran office area too.

If you haven’t already got an office area in your warehouse, you will need to set one up. You’ll need a large, durable work surface to provide an area for you to complete paperwork and house your computer system. Standard desks from high-street retailers simply won’t cut it in the rugged world of the warehouse. A&B Industrial Services is a specialist in providing heavy duty workbenches, which would be much more suitable for your warehouse office.

To aid productivity, you will need to keep your work area tidy and organised. Invest in a filing cabinet to clear all of the paperwork off your desk and store it away neatly.

warehouse generic.JPG

Training

Training is key to the effective running of your warehouse. If your staff don’t know what they’re supposed to be doing and how they should be doing it, your warehouse will be chaotic - not to mention dangerous.

A recent incident in Manchester is testament to this. As the Manchester Evening News reports, the fire service was called to a warehouse after a chemical drum was punctured by a forklift. While it is unknown whether the staff member had been trained or not, it does illustrates the potential severity of an accident in the warehouse. This underlines the importance of ensuring adequate training in order to avoid events like these.

As a manager, it is your responsibility to ensure that all of your staff are fully trained and cut out for the job. You should be vigilant when it comes to vetting your staff’s abilities. If they are lacking in any skills, arrange for a training course to rectify this and assign them alternative tasks until they are fully qualified.

You can find more information on warehouse training courses through the City and Guilds website.

Health and Safety

As the example above illustrates, the warehouse can be a very dangerous place. Another of your duties as manager is to ensure that health and safety guidelines are being met at all times. This can be a very time-consuming task, requiring you to be on the lookout at all times, so you might want to assign another member of staff as health and safety monitor to help you out.

Warehouses can be dark places, so you will need to make sure that your staff are as visible as possible. Your lighting should be adequate and bulbs should be replaced quickly when necessary. Staff members should also wear high-visibility clothing at all times, to further ensure their safety.

Steel toe cap boots are another essential piece of uniform for your staff member, to protect their feet should anything fall from the shelves. You should operate a strict stance when it comes to uniform, as failing to meet these standards could put the health of your workers at risk.

Staff members should have easy access to cleaning products, allowing them to easily and safely mop up any spillages that may occur. An accident book should also be used to monitor any incidents that may happen. This is a necessary requirement for all businesses to safeguard your staff and helpyou to investigate and rectify the causes of these incidents.

You should place a great deal of emphasis on health and safety as this will prevent your staff from disregarding it, if they know how seriously you take the matter. You should be open to ideas and suggestions too, so that staff members will feel comfortable approaching you to discuss any safety issues they may have.

You can find further information about health and safety by visiting the HSE website.

Share article

Jun 21, 2021

Google and NIST Address Supply Chain Cybersecurity

Google
NIST
SLSA4
Sonatype
Elise Leise
3 min
The SolarWinds and Codecov cyberattacks reminded companies that software security poses a critical risk. How do we mitigate it?

As high-level supply chain attacks hit the news, Google and the U.S. National Institute of Standards and Technology (NIST) have both developed proposals for how to address software supply chain security. This isn’t a new field, unfortunately. Since supply chains are a critical part of business resilience, criminals have no qualms about targeting its software. That’s why identifying, assessing, and mitigating cyber supply chain risks (C-SCRM) is at the top of Google and NIST’s respective agendas. 

 

High-Profile Supply Chain Attacks 

According to Google, no comprehensive end-to-end framework exists to mitigate threats across the software supply chain. [Yet] ‘there is an urgent need for a solution in the face of the eye-opening, multi-billion-dollar attacks in recent months...some of which could have been prevented or made more difficult’. 

 

Here are several of the largest cybersecurity failures in recent months: 

 

  • SolarWinds. Alleged Russian hackers slipped malicious code into a routine software update, which they then used as a Trojan horse for a massive cyberattack. 
  • Codecov. Attackers used automation to collect credentials and raid ‘additional resources’, such as data from other software development vendors. 
  • Malicious attacks on open-source repositories. Out of 1,000 GitHub accounts, more than one in five contained at least one dependency confusion-related misconfiguration. 

 

As a result of these attacks and Biden’s recent cybersecurity mandate, NIST and Google took action. NIST held a 1,400-person workshop and published 150 papers worth of recommendations from Microsoft, Synopsys, The Linux Foundation, and other software experts; Google will work with popular source, build, and packaging platforms to help companies implement and excel at their SLSA framework

 

What Are Their Recommendations? 

Here’s a quick recap: NIST has grouped together recommendations to create federal standards; Google has developed an end-to-end framework called Supply Chain Levels for Software Artifacts (SLSA)—pronounced “Salsa”. Both address software procurement and security. 

 

Now, here’s the slightly more in-depth version: 

 

  • NIST. The organisation wants more ‘rigorous and predictable’ ways to secure critical software. They suggest that firms use vulnerability disclosure programmes (VDP) and software bills of materials (SBOM), consider simplifying their software and give at least one developer per project security training.
  • Google. The company thinks that SLSA will encompass the source-build-publish software workflow. Essentially, the four-level framework helps businesses make informed choices about the security of the software they use, with SLSA 4 representing an ideal end state. 

 

If this all sounds very abstract, consider the recent SolarWinds attack. The attacker compromised the build platform, installed an implant, and injected malicious behaviour during each build. According to Google, higher SLSA levels would have required stronger security controls for the build platform, making it more difficult for the attacker to succeed. 

 

How Do The Proposals Differ? 

As Brian Fox, the co-founder and CTO at Sonatype, sees it, NIST and Google have created proposals that complement each other. ‘The NIST [version] is focused on defining minimum requirements for software sold to the government’, he explained, while Google ‘goes [further] and proposes a specific model for scoring the supply chain. NIST is currently focused on the “what”. Google, along with other industry leaders, is grappling with the “how”’. 

 

Share article