One positive development from the COVID-19 pandemic was that it forced companies to take hard looks at external supply chains to ensure they were reliable, secure and trustworthy, and that should one vendor fail, another could step in.There were numerous supply chain misfires during the pandemic, and companies and consumers suffered and learned from the experience.That brings us to IT.The IT supply chain comes with its own set of risks, but it faces the same vulnerabilities corporate production supply chains encounter. One key difference is that organizations don't regularly focus on those IT supply chains. While IT departments have active disaster recovery and failover plans, there are few that regularly vet vendors, or that audit their tech supply chains for resiliency.Moodys tells us, Disruption in one part of the supply chain can have significant ripple effects, impacting businesses and economies across sectors and regions, and the IT supply chain is no exception when it comes to risk.I have seen these things firsthand:A trustworthy vendor gets acquired by another vendor that IT has had poor past experience within the past. How easy is it to migrate to another new vendor?A company suddenly and unexpectedly sunsets its technology and with it, the tech support. Can IT find a third party that will step in to support the old tech if the IT department had relied on the original vendor for its know-how, and doesnt have the budget to move to another tech option?Related:There is a component shortage at the vendor, so IT is unable to upgrade routers on its network. Is there an alternative vendor?IT has contracted with a service company to provide technical and user support for a multi-national application, but now the provider ceases operations in one of the countries where the company has a facility. What do you do now?All are real-world examples that Ive personally seen. They call into question the IT supply chains resiliency. When these incidents occurred, there was no ready route for IT to cure a supply chain conundrum, and the IT departments involved found themselves in difficult positions, having to tough it out with unsupported technologies, or pause certain technologies, and/or create workarounds for processes that no longer functioned.No one likes to be in that position. So, are there tried and true supply chain methodologies that can be applied to the IT supply chain, too?Yes, there are proven supply chain strategies and methods out there. Here are four of them:Related:Assess your supply chain.Who are your mission critical vendors? Do they present significant risks (for example, risk of a merger, or going out of business)? Where are your IT supply chain weak links (such as vendors whose products and services repeatedly fail). Are they impairing your ability to provide top-grade IT to the business?What countries do you operate in? Are there technology and support issues that could emerge in those locations? Do you annually send questionnaires to vendors that query them so you can ascertain that they are strong, reliable and trustworthy suppliers? Do you request your auditors periodically review IT supply chain vendors for resiliency, compliance and security?Those are a few questions that IT departments should ask when reviewing tech supply chains, but when I mention these to IT leaders, few tell me that they do them.Mitigate the supply chains weak links.If you have a mission-critical supplier and you find there are no alternative suppliers, youre exposed to risk if that supplier gets acquired, goes out of business, or has a component shortfall and cant deliver.For any mission-critical sole source supplier, its incumbent on IT to locate alternate suppliers that can step in, and to be ready to use them if an emergency warrants it.Related:One key area is internet service providers (ISPs). Companies should always have more than one ISP so Internet service will remain uninterrupted.Audit your suppliers.Most enterprises include security and compliance checkpoints on their initial dealings with vendors, but few check back with the vendors on a regular basis after the contracts are signed.Security and governance guidelines change from year to year. Have your IT vendors kept up? When was the last time you requested their latest security and governance audit reports from them?Verifying that vendors stay in step with your companys security and governance requirements should be done annually.Include the IT supply chain in the corporate risk management plan.Although companies include their production supply chains in their corporate risk management plans, they dont consistently consider the IT supply chain and its risks.Todays digital companies wont function if the IT isnt working, so CIOs must push for the IT supply chain to be part of overall corporate risk management if it isnt already.