SUPPLY CHAIN SECURITY IN THE 21 st CENTURY



Similar documents
Risk Assessments and Risk Based Supply Chain Security. March, 2010

WAREHOUSE SECURITY BEST PRACTICE GUIDELINES CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM

APEC Private Sector. Supply Chain Security Guidelines

Intermec Security Letter of Agreement

Global Supply Chain Security Recommendations

Rail Carrier Security Criteria

Customs-Trade Partnership Against Terrorism (C-TPAT) Minimum Security Criteria Third Party Logistics Providers (3PL)

Seventh Avenue Inc. 1

A Message for Warehouse Operators And Security Guidelines for Warehouse Operators

C-TPAT Self-Assessment - Manufacturing & Warehousing

Security Criteria for C-TPAT Foreign Manufacturers in English

Security Profile. Business Partner Requirements, Security Procedures (Updated)

C-TPAT Importer Security Criteria

SECURITY IN TRUCKING

welcome to Telect s Minimum Security Criteria for Customs-Trade Partnership Against Terrorism (C-TPAT) Foreign Manufacturers Training Presentation

C-TPAT Highway Carrier Security Criteria

ABBVIE C-TPAT SUPPLY CHAIN SECURITY QUESTIONNAIRE

Importers must have written and verifiable processes for the selection of business partners including manufacturers, product suppliers and vendors.

Customs-Trade Partnership Against Terrorism (C-TPAT) Security Guidelines for Suppliers/Shippers

Return the attached PPG Supply Chain Security Acknowledgement by , fax, or mail within two weeks from receipt.

What is C-TPAT? Customs Trade Partnership Against Terrorism

Supply Chain Security Audit Tool - Warehousing/Distribution

Security Policies and Procedures

Customs -Trade Partnership Against Terrorism (C-TPAT) Vendor Participation Overview

Customs-Trade Partnership against Terrorism Supply Chain Security Profile

C-TPAT Customs Trade Partnership Against Terrorism

Increasing Competitiveness / Lowering Costs with Supply Chain Management and Security Standards

Customs-Trade Partnership against Terrorism Supply Chain Security Profile

"DOT IN-DEPTH HAZMAT SECURITY TRAINING"

C-TPAT Security Criteria Sea Carriers

Best Practices For. Supply Chain Security

Physical Security Assessment Form

DOT HAZMAT SECURITY AWARENESS TRAINING

Partners in Protection / C-TPAT Supply Chain Security Questionnaire

C-TPAT Executive Summary

Best Practices C-TPAT 5-Step Risk Assessment Process

Costs and Benefits of Investing in Supply Chain Security Measures: Case Studies of Successful Experiences by Private Sector

MINIMUM SECURITY GUIDELINES FOR SOURCE MANUFACTURER/WAREHOUSEMEN C-TPAT INFORMATION

Risk-Based Approach to Managing Supply Chain Security and Compliance

Developing a Security Training and Awareness Program

MSC Security Program Security in the Logistics Supply Chain

Customs & Trade Partnership Against Terrorism (C TPAT)

Rx-360 Supply Chain Security Template -- Requirements for Third Party Logistics Providers 6 June 2012

The Authorized Economic Operator and the Small and Medium Enterprise FAQ

SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES

DEFENSE SUPPLY CHAIN SECURITY & RISK MANAGEMENT: PRINCIPLES & PRACTICE

Security Guidelines for. Agricultural distributors

Rx-360 Supply Chain Security White Paper: Audits and Assessments of Third Party Warehousing and Distribution Facilities

Corporate Basel, Panalpina Security. "Adding value, while ensuring our customers' products are safe and secure"

Supply Chain Security Best Practices Catalog. Customs-Trade Partnership Against Terrorism (C-TPAT)

CVS Pharmacy C-TPAT Requirements For Import Product Suppliers

Jordan s electronic transit monitoring and facilitation system

APPENDIX 1: ORACLE SUPPLY CHAIN AND HIGH VALUE ASSET PHYSICAL SECURITY STANDARDS

New Certified Company Program (NEEC) Reinforcing Supply Chain Security in Mexico NEEC Profile

E3211. DOT Hazmat Security Awareness. Leader s Guide

CVS Pharmacy C-TPAT Requirements For Product Suppliers

Reducing Trade-Financing Risks Through the Use of the Powers Secured Chain of Custody

Supply Chain Security. Greg Stein Global Trade Compliance

World Customs Organization

Hazardous Materials Transportation Security Planning

Contents. Global Security Verification (GSV) Standard. Introduction The Global Security Verification Criteria Implementation Guidance...

Hazardous Materials Security Awareness

APPENDIX B ABOUT U.S. CUSTOMS AND BORDER PROTECTION: MISSION AND CORE VALUES

A Message for Carriers, Carrier-Forwarders and Others, With Security Procedures Guidelines Attached.

A Supply Chain Management Perspective on Mitigating the Risks of Counterfeit Products

UNDERSTANDING THE SUPPLY CHAIN SECURITY CERTIFICATION STANDARDS

SETTING THE STANDARD FOR SUPPLY CHAIN SECURITY

Key Small Parcel Requirements

Managing Risk in the Global Supply Chain

Jordan customs Electronic Transit Monitoring and Facilitation System (Jordan model)

FOOD DEFENSE STRATEGIES: Four Ways to Proactively Protect Your Brand

Food Defense Supplier Guidelines

Seals Security & Best Practices

Each time a driver crosses the international border, the driver must clear, or be released by, the customs agency of the country they are entering.

C-TPAT: What Every Security Executive Should Know

TSR2014 TRUCKING SECURITY REQUIREMENTS. Transported Asset Protection Association. All rights reserved.

Trusted Traders Programs Overview

September 25, Dear Mr. Lewis:

AEO Template Introduction

Cyber Security through Education & Awareness. KSU Police Converged Security: A holistic approach to cyber safety and security. Community Policing

C-TPAT CUSTOMS TRADE PARTNERSHIP AGAINST TERRORISM

SCHEME OF EXAMINATION PG DIPLOMA IN CORPORATE AND INDUSTRIAL SECURITY MANAGEMENT (PGDCISM) ONE YEAR PROGRAMME

Threats, Risks and Possible solutions

Certifying the Industrial Athlete of the Future Edition

Guidance Notes FSR 2014

UNITED STATES DEPARTMENT OF AGRICULTURE FOOD SAFETY AND INSPECTION SERVICE WASHINGTON, DC

C-TPAT Expectations for Agents, Vendors & Manufactures

Infusing Technology to Mitigate Risk in the Supply Chain

Technology Asset Protection Association (TAPA) Securing the Global Supply Chain. Rosita Swain

CALIFORNIA HIGHWAY PATROL C.T.I.P. TASKFORCE

Music Recording Studio Security Program Security Assessment Version 1.1

Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721

SPECIAL RECOMMENDATION IX: CASH COURIERS DETECTING AND PREVENTING THE CROSS-BORDER TRANSPORTATION OF CASH BY TERRORISTS AND OTHER CRIMINALS

Upon completion of the module, you will be issued an electronic training certificate.

Threats, Risks and Possible solutions

ICMI Cyanide Code Transportation Re-Certification Audit SUMMARY AUDIT REPORT. Sentinel Sodium Cyanide Transportation Operations

Transcription:

SUPPLY CHAIN SECURITY IN THE 21 st CENTURY

INTRODUCTION Overview of the Supply Chain Recent Supply Chain Security Issues Standards: World Customs Organization (WCO) Framework U.S. Customs and Border Protection s C-TPAT Program ISO 28000 Series Security Management Systems for the Supply Chain Other Supply Chain Security Approaches Risk-Based Supply Chain Security Approach Supply Chain Security Management Best Practices

DEFINITION The term Supply Chain Security can be defined as a process encompassing the: Programs Procedures Systems Technology and, especially, the People applied to addressing threats to the supply chain and the related threats to the economic, social and physical well-being of citizens and organized society.

SUPPLY CHAIN SECURITY ISSUES CUSTOMS AND BORDER PROTECTION, TAPA AND PINKERTON EXPERIENCE IS BASICALLY THE SAME: 60% of all supply chain security problems involved poor transportation related security 20%+ involved poor security at the manufacturing site, including poor access controls and poor security practices within the shipping and receiving departments 90% of the time, the security weaknesses were well known internally by staff 75% of the incidents had an internal connection

SUPPLY CHAIN SECURITY ISSUES CUSTOMS AND BORDER PROTECTION, TAPA AND PINKERTON EXPERIENCE IS BASICALLY THE SAME (cont): In spite of the pop culture that drivers and staff are intimidated and coerced into helping with theft and smuggling, less than 5% of the incidents investigated had that linkage 15% involved bribes and kickbacks Main motivation money and greed

SUPPLY CHAIN SECURITY ISSUES In Asia and Latin America: Both smuggling and theft are serious problems; can involve violence but usually focused on pay-offs Major issues revolve around transportation from the factory to a distribution center or customs clearance area Another major source of problems is transportation from the distribution center, truck yard or customs clearance area to an international port or border crossing Sophisticated modus operandi involves compromising transportation companies and/or drivers; multiple surveillance teams, and use of stolen duplicate rigs with hidden compartments; transloaders include wreckers or repair vehicles and box trucks

SUPPLY CHAIN SECURITY ISSUES In Asia and Latin America (cont.): Trailers/containers can be unloaded/transloaded in less than 30 minutes Criminal groups have experts who can get into the trailer or container without breaking the high security seal; have special racks to hold the doors and keep the seal in place Have experts who can duplicate the seal and replace it

SUPPLY CHAIN SECURITY ISSUES In Europe: Truck/trailer theft is increasing 20%+ a year Violent hijacking is extremely popular modus operandi Drivers are threatened and turn over their rigs/loads to avoid being shot or beaten; Eastern European, especially Russian, Albanian and Bulgarian organized crime often involved Drivers are often overpowered when sleeping along the way or at rest stops Drivers are oblivious to the threats and are not trained on how to avoid or respond to threats

SUPPLY CHAIN SECURITY ISSUES In the United States: Truck theft is a major issue Sophisticated organized crime groups are targeting manufacturers, distribution centers, truck stops, rest stops, etc. Ethnic Cubans, El Salvadorians (MS-13), working in conjunction with Eastern European (Albanian, Bulgarian and Russian) organized crime elements steal trucks/trailers, remove the property and ship it out of the country or sell it on E-Bay or to fences Trucks, heavy equipment and parts are also targets and go to Latin America/Europe Tactics include recruiting or inserting individuals inside a business with high value goods ; sometimes as employees, sometimes as temps Surveillance groups in vans and SUV s follow trucks or stake out truck stops, rest stops or other identified areas where trucks are parked (e.g. Wal-Mart or shopping center parking lot) Drivers are involved or are oblivious to threats; are untrained in how to detect surveillance and avoid problems; security officers equally oblivious and untrained

SUPPLY CHAIN SECURITY ISSUES So What Can We Do???

SUPPLY CHAIN SECURITY ISSUES It is VERY much a global business: Organized crime (even Italian) Mexican cartels Latin American gangs Cuban gangs Chinese triads And they will work together and share resources and expertise!

Supply Chain Security Use good, tested Supply Chain Security Programs!! Evaluate your situation; know the threats and modus operandi Know the supply chain security programs you can borrow from Select one as a starting point, or combine several, and move forward with a standard to evaluate against

WCO Guidelines World Customs Organization (WCO) 174 member nations Standardize worldwide customs policies and procedures (including supply chain security) WCO SAFE Framework of Standards Provide security and facilitate world trade Built upon joint customs and business pillars Authorized Economic Operator (AEO) is the name of the WCO supply chain security program

C-TPAT Program CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM (C-TPAT) The United States implementation of the WCO Framework of Standards AEO program U.S. Customs and Border Protection (CBP) and the Trade Community working together in a voluntary program first of its kind in the world Joint, voluntary commitment to secure the supply chain

C-TPAT Program C-TPAT PROGRAM ELEMENTS: General Security Business Partner Requirements Conveyance Security Physical Access Control Personnel Security Physical Security IT Security Security Training and Threat Awareness

Other Supply Programs OTHER INTERNATIONAL SUPPLY CHAIN SECURITY RELATED APPROACHES: Authorized Economic Operators (AEO) e.g. European Union AEO or Japan AEO program, etc. ISO 28000 Transported Asset Protection Association (TAPA) Business Alliance for Secure Commerce (BASC)

Risk-Based Supply Chain RiskSecurity Programs How do you get Risk-Based security solutions from C-TPAT, AEO or ISO 28000? RISK is a Widely Mis-used Term!! US government (Department of Homeland Security and Department of Defense), the British CCTA Risk Analysis and Management Method (CRAMM) or the French Marion methodology, and most recently the ISO 28000 series, all basically break the Risk Assessment Methodology down to this formula: Risk = Threats X Vulnerabilities X Consequences If you want a Risk-Based Approach Use an Established Methodology and Use the Terms Properly

Risk-Based Supply Chain RiskSecurity Programs (cont) (Risk = Threats X Vulnerabilities X Consequences) Threats (T) considered should be holistic and can include: Terrorism Cargo Theft Hijacking Drug, Contraband Smuggling People Smuggling Undeclared Hazardous Goods Government Instability Labor or Health Issues IP/Brand Protection General Integrity of People Rated: Severe, High, Moderate, Low or None

Risk-Based Supply Chain RiskSecurity Programs (cont) (Risk = Threats X Vulnerabilities X Consequences) Vulnerability (V) (effectiveness of security) based on ability to deter, detect, delay and respond in, as a minimum, the following categories: General Security Procedural Security Business Partner Requirements Physical Access Controls Physical Security Container and Trailer Security IT Security Security Training and Threat Awareness Rated: High, Moderate, Low or None

Risk-Based Supply Chain RiskSecurity Programs (cont) (Risk = Threats X Vulnerabilities X Consequences) Consequences (C) is determined based on a Business Impact rating. Issues to consider include: Volume of Business Percentage of Particular Components/Services Provided Timeliness Cost/Value of Goods Impact on Business if Lost Quality Performance Rated: High, Moderate, Low or None

Risk-Based Supply Chain RiskSecurity Programs (cont) (Risk = Threats X Vulnerabilities X Consequences) IS THIS RISK? Excerpt from Congressional Research Service Report on Air Cargo Security, January 2005 Air Cargo Security Risks Potential risks associated with air cargo security include introduction of explosive and incendiary devices in cargo placed aboard aircraft; shipment of undeclared or undetected hazardous materials aboard aircraft; cargo crime including theft and smuggling; and aircraft hijackings and sabotage by individuals with access to aircraft.

Supply Chain Security Management So How can we manage the Risk and reduce the Risk? Lower the Threats? How? Lower the Vulnerabilities? Lower the Consequences? How? How?

Supply Chain Security Management Supply Chain Security Management (SCSM): Cannot eliminate most Threats; work with law enforcement Instead, the goal is to minimize the impact of any type of threat within the supply chain Threats can be of minor or major nature Threats can consist of removing cargo (theft) or adding to cargo (smuggling) Threats include: theft, terrorism, sabotage, extortion, accidents, etc. - Also can include counterfeit, product diversion, parallel trade, loss of reputation, etc. Note: Good SCSM can help companies to deal with all types of supply chain Threats, including bad weather, natural disasters etc.

Supply Chain Security Management Supply Chain Security Management (SCSM) (cont): Focuses on how to make security measures more effective and, hence, lower the Vulnerability Individual security measures typically have one or more of the following goals: Deter/Prevent Detect Delay Respond/Recover But all must be present to have effective security Identify security gaps and close them How can the enterprise do better at this? (Supply chain security action plans!) The biggest vulnerabilities seem to focus around PEOPLE which is why security education and awareness and personnel security are so important!! As is, having a reporting mechanism

Supply Chain Security Management Supply Chain Security Management (SCSM) (cont): Companies can certainly reduce the impact of adverse Consequences on their business. Not all consequence related actions are security actions It might involve broadening the supply base or changing processes It definitely involves business continuity and recovery planning This can play a major role in reducing Risk!!

Supply Chain Security Management Analysis Framework BASC Security Management Concept

Supply Chain Security Best Practices General Supply Chain Security Related Best Practices (CBP/ISO/TAPA/BASC/Pinkerton): Make your solutions Risk-Based (but properly determine your Risk) Use qualified third parties to assist; they don t have your blind spots Conduct Self Assessments of your Supply Chain Business Partners, document the gaps and develop a Corrective Action Plan; monitor the implementation of improvements or lack thereof Conduct On-Site Assessments of the Highest Risk Business Partner Sites; document the gaps and develop a Corrective Action Plan; monitor the implementation of improvements Follow-up and re-audit the Highest Risk Sites, if they do not score well (high vulnerability scores) but claim implementation of improvements Build security into your Business Partner selection and retention process as a factor Track, and require tracking, of all shipments -- and immediately respond to any anomalies

Supply Chain Security Best Practices (cont) Access Control Documented policies and procedures Advanced visitor approval Real-time monitored systems that document entry, exit and movement Check IDs of all visitors, vendors, drivers, etc. and keep a record of everyone who enters, when they entered and when they exited Require escorts for visitors and vendors Don t tolerate tailgating Work Area Restrictions (identifiable badges, color coded uniforms, further physical/electronic restrictions) Controlled driver waiting area

Supply Chain Security Best Practices (cont) Security Related Policies and Procedures Comprehensive and integrated Include special policies and procedures for information/data security Include special policies and procedures for shipping/receiving Include special policies and procedures for purchasing/contracting Integrated with security guard post orders

Supply Chain Security Best Practices (cont) Personnel Security Have a Code of Conduct that addresses supply chain security and integrity Include documented special policies and procedures for personnel/hr Have detailed policies and checklists for timely termination and return of IDs, keys, equipment and restriction for IT and other access Conduct detailed BI s, in accordance with the law, and check all references, including developed references, documents, education and qualifications; do re-checks!! Consistent enforcement of policy violations, etc.

Supply Chain Security Best Practices (cont) Physical Security Routine and random facility inspections and ensure compliance to established standards Well trained and equipped personnel, following documented procedures, and doing detailed reporting Monitored access control, CCTV and alarm systems that are integrated, (monitored) and allow for immediate real-time response Conduct tests (e.g. penetration tests) and audits of compliance Review and analyze systems and information Document what you do; guard patrols should be producing detailed reports on every shift!! Ensure security is looking for surveillance or suspicious activities and is reporting it

Supply Chain Security Best Practices (cont) Shipping and Receiving Specialized packing material Specialized shipping markings Segregated and controlled areas (ID badges, uniforms) High Security Seals controlled, secured and randomly issued CCTV and still photography of loading/unloading process, entry and exit Anonymous reporting of issues or conspiracies Rotate employees including supervisors and security System for tracking shipments and reporting/responding to anomalies

Supply Chain Security Best Practices (cont) Highway Carrier or Transportation Provider Establish standards for contracting/purchasing; require this of all transportation service providers Require notification of any subcontractor use and make it clear they must adhere to the same requirements as the primary Ensure all drivers are screened for licensing and criminal records Documented education and awareness training required including: Training on detecting surveillance Trailer security Reporting procedures Responses to different scenarios Establish communications methods and emergency signals

Supply Chain Security Best Practices (cont) Highway Carrier or Transportation Provider (cont) Know the transportation carriers security procedures and ensure they include no stops in designated red zones Allow stops only at authorized, pre-cleared trucks stops, etc. Require GPS tracking for both the tractor and trailer; GPS must be actively monitored and require regular check-ins and communication with the driver A response should be available that can be dispatched if there are any suspicious activities or stops Use automatic and/or remote cut-off and remote locking capabilities Consider light sensitive alarms linked to GPS Require high security locking devices/seals, spot weld hinges and tamper tape

Supply Chain Security Best Practices (cont) Security Education and Awareness Training All training well-documented Have a documented method for determining effectiveness of training Orientation and recurring general security training Specialized training for: Shipping/Receiving Drivers Mail and package handling Security and reception HR Internal conspiracies Outreach to Business Partners Focus on the NQR (Not Quite Right) approach Make sure reporting and response is addressed

Supply Chain Security Conclusion Supply chain security is an important facet of doing business Supply chain security can be improved by using RiskBased Security Management C-TPAT, AEO, ISO 28000 can all be a part of enhancing supply chain security Effective supply chain security can save the enterprise money, preserve reputation and protect brand name It s not James Bond stuff!!

Thank You!! QUESTIONS?