Supply Chain Security Greg Stein Global Trade Compliance November 12, 2015
Agenda Brand Protection & Supply Chain Security Risks Points Common issues to the industry SanDisk Supply Chain Security and Risks Overview of SanDisk Supply Chain How does SanDisk protect our chain 2
C-TPAT, TAPA, AEO & SanDisk Customs Trade Partnership Against Terrorism (C-TPAT): U.S. Customs / Homeland Security initiative Certifies sufficient security related to the handling of U.S. imports. Front-to-back / End-to-end: point of manufacturer through to receiving location. Engages Logistics Service Providers and Materials Suppliers SanDisk Certified Partner # 79425226 (since 2007) Authorized Economic Operator (AEO) status is a certified standard issued by customs administrations in the EU. It certifies that a business has met certain standards in relation to their security, management systems, compliance with customs rules and ongoing solvency. SanDisk certified 2012 Technology Asset Protection Association (TAPA) Industry supply chain organization producing measurable standards in warehouse, transport, aviation operational and physical security SanDisk member since 2007 Structured Security Program requires: Policies Procedures Training Auditing 3
Brand Protection & Supply Chain Security - Product Life Flow & Supply Chain Risk to IP Risk to product, Components, & logistics information Risk to Finished Product Transportation Production Factory Production/ Fulfilment W.House/Distribution Partners/Distributers End User/Retail Product Development Marketing Order Services Planning Production/ Fullfilment Inhouse Logistics In house Logistics Risk of insertion of unauthorised materials The earlier the compromise the greater potential impact The more embedded and consistent the security, the greater the protection 4
Risk Points Exposure in the Supply Chain Exposure often exists in: Operational infrastructure: Inadequate physical/procedural security in premises and/or on transport vehicles. Operational practices: Flawed staff recruitment checks. Poor training and ongoing performance assessment. Careless handling of information / documentation Workforce can be a target for criminal infiltration: criminal opportunities collusion deception disgruntlement 5
How does SanDisk secure its Supply Chain? SanDisk utilizes a combination of Acknowledged industry security standards (TAPA), Government security initiatives (C-TPAT, AEO), Combined with SanDisk specific requirements to ensure all aspects of our Supply Chain are secure. Set the Rules Early Provide clear expectations to vendors at RFP stage Agree to Security levels in contract Ensure right to audit - Overview 6
How does SanDisk secure its Supply Chain? This approach involves several key steps: - Key Steps Developing Contracts with vendors which encompass their requirement to hold and adhere to our identified Security criteria. Maintaining a Security Audit program to assess compliance. Assisting Operations and Logistics through Investigation of any, reported or potential, loss within our Supply Chain. Liaise with Industry, Govt. and Local Law Enforcement groups to monitor trends and benchmark on best practices. Regular evaluation of Risk and potential Gap s within our supply chain. Supply Chain Security 7
Summary Security needs to be embedded in all aspects of the Supply Chain program You need to ensure your Partners security meets the expected standards You can ensure these standards are maintained by building security into your daily routine, being conscious of potential weaknesses, and reporting any concerns to your Security Team. It s well worth the investment 8
Thanks for your Attention and 9
Suspect Product Examples Examples of Suspect Product Seized by CBP Example of a non- SanDisk card with a suspect SanDisk label fitted on top Example of a non- SanDisk adapter with a suspect SanDisk label fitted on top Example of suspect USB where the coding does not match the claimed capacity Above is an example of a non-sandisk card with the pins painted on a piece of plastic 10