Outline for the CEN Supply chain security (SCS) Good Practices guidebook



Similar documents
Supply Chain Security Training Needs for Law Enforcement Agencies

Risk-Based Approach to Managing Supply Chain Security and Compliance

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines

Costs and Benefits of Investing in Supply Chain Security Measures: Case Studies of Successful Experiences by Private Sector

Increasing Competitiveness / Lowering Costs with Supply Chain Management and Security Standards

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

The Authorized Economic Operator and the Small and Medium Enterprise FAQ

Information for Schools and Colleges. So you want to. Know more about the BS EN ISO 9000:2000 family of quality management system standards

Reputation. Further excellence. business continuity. risk management. Data security

BS EN Energy Management Systems VICTORIA BARRON, PRODUCT MARKETING MANAGER, BSI

Survey report on Nordic initiative for social responsibility using ISO 26000

Infusing Technology to Mitigate Risk in the Supply Chain

Reducing Trade-Financing Risks Through the Use of the Powers Secured Chain of Custody

SCOTTISH CHILDREN S REPORTER ADMINISTRATION

Cyber Security Strategy

Australian Standard. Information technology Service management. Part 2: Guidance on the application of service management systems

5957/1/10 REV 1 GS/np 1 DG H 2 B LIMITE EN

SUPPLY CHAIN INTEGRITY AND SECURITY

Audit summary of Security of Infrastructure Control Systems for Water and Transport

Security Risk Assessment Tool

The Proposed Quality Competency Framework for the Future Quality Professional

APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES

Is securing personal information a priority? Reassure clients and achieve data protection compliance with BS 10012

GFMAM Competency Specification for an ISO Asset Management System Auditor/Assessor First Edition, Version 2

TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL

C-TPAT Customs Trade Partnership Against Terrorism

European Code for Export Compliance

Global framework. Safety, health and security for work-related international travel and assignments

How companies leverage quality and quality certifications to achieve competitive advantage

ROADMAP. A. Context and problem definition

Invoice Only PROFILE DESCRIPTION

ISO/IEC/IEEE The New International Software Testing Standards

Information Security Team

Information Security Program CHARTER

Moving from BS to ISO The new international standard for business continuity management systems. Transition Guide

The World Economic Forum: Non-profit community of leaders from business, government and civil society

Procurement Policy Note Use of Cyber Essentials Scheme certification

SETTING THE STANDARD FOR SUPPLY CHAIN SECURITY

The Asset Management Landscape

I S O I E C I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

Security Management of Government Buildings

16) QUALITY MANAGEMENT SYSTEMS

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines

Chapter 10 Transportation Managing the Flow of the Supply Chain

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS

DATA BREACH COVERAGE

Title: Rio Tinto management system

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence

How to gain and maintain ISO certification

Business Plan 2012/13

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt. Monitoring & Audit

Preparing yourself for ISO/IEC

MANAGEMENT SYSTEMS CERTIFICATION

Critical Infrastructure Private Guarding Company Requirements Checklist

A GOOD PRACTICE GUIDE FOR EMPLOYERS

Risk Assessments and Risk Based Supply Chain Security. March, 2010

For the Design, Installation, Commissioning & Maintenance of Fixed Gaseous Fire Suppression Systems

UNDERSTANDING THE SUPPLY CHAIN SECURITY CERTIFICATION STANDARDS

ICH guideline Q10 on pharmaceutical quality system

BUSINESS CONTINUITY POLICY

Supply Chain Security Compliance Programs and Third Party Support

Navigating ISO 14001:2015

Maritime Insurance Cyber Security Framing the Exposure. Tony Cowie May 2015

Office for Nuclear Regulation

Accenture Risk Management. Industry Report. Life Sciences

BS BUSINESS CONTINUITY MANAGEMENT

IRIS International Railway Industry Standard

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Business Continuity Management Policy

New Guidelines on Good Distribution Practice of Medicinal Products for Human Use (2013/C 68/01)

Systems and software engineering Lifecycle profiles for Very Small Entities (VSEs) Part 5-6-2:

Unilever Supplier Qualification System (USQS) PI Supplier Information Pack SQA Audit

Supply Chain Security. Greg Stein Global Trade Compliance

Global Supply Chain Security Recommendations

National Cyber Security Strategies

Governance and Management of Information Security

Implementing ISO 9000 Quality Management System

World Customs Organization

Business Continuity Policy and Business Continuity Management System

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02)

Quality Management System

LOGISTICS, SECURITY AND COMPLIANCE: THE PART TO BE PLAYED BY AUTHORISED ECONOMIC OPERATORS (AEOs) AND DATA MANAGEMENT

Federal Bureau of Investigation s Integrity and Compliance Program

Managing Growth, Risk and the Cloud

Business Continuity Management

ELA Standards of Competence on the Supervisory/Operational Management Level

Western Australian Auditor General s Report. Information Systems Audit Report

MANAGEMENT SYSTEMS CERTIFICATION FROM AUTOMOTIVE SPECIALISTS

Transcription:

Outline for the CEN Supply chain security (SCS) Good Practices guidebook Foreword: The purpose of this 7 page outline document is to provide a concrete basis for kicking off the development of the SCS Good Practices guidebook, as a collaborative effort between supply chain operators and experts in the field. Cross border Research Association (CBRA) research team would also like to thank all the CEN/TC 379 members who answered the survey (Sep Oct. 2010) helping to set priorities for the upcoming content. We are looking forward to having you and all other experts interested in the topic to work with us to develop the first draft book during Nov.2010 April 2011. All potential contributors, please contact us by email: cenbook@cross border.org, to get involved in the process! Preliminary table of content for the SCS guidebook Chapter 1. Introduction Scope and objectives for the good practices guidebook Chapter 2. Supply chain security management and crime prevention overview Chapter 3. Good SCS practices Set 1: Application of a holistic security management approach Chapter 4. Good SCS practices Set 2: Anecdotes/ short stories on crime incidents and security responses in Europe Chapter 5. Good SCS practices Set 3: Complying with SCS programs/standards/regulations in Europe Chapter 6. Good SCS practices Set 4: Any SCS management and crime prevention anecdotes from anywhere in the world Chapter 7. Summary and conclusions Bibliography, recommended readings Annexes

Chapter 1. Introduction Scope and objectives for the SCS Good Practices guidebook This SCS good practices book is aimed at collecting and presenting practical approaches enabling companies to manage risks related to supply chain crime in a cost efficient way. As stated by Menzer et al (2008), Supply Chain encompasses the planning and management of all activities involved in sourcing and procurement, conversion, demand creation and fulfillment, and all logistics activities. 1 The aim of security and operational management is to create and maintain systematic, coordinated, and cost effective activities and practices in order to prevent exploitation of supply chains for criminal purposes, and to enable quick response in case of a security breach. Crimes of interest include (among others): theft, counterfeiting, customs law violations, organized immigration crime, terrorism, and sabotage. Crimes can have intra and/or inter organizational impacts. The content of the good practices book is collected by means of comprehensive literature and standard reviews, and case company / supply chain interviews and written replies. The SCS standard review follows recommendations by the members and observers of CEN TC 379. The semi structured interviews aim at collecting experiences related to implemented security measures, contributing or preventing factors during the process and attained results. Due to the fact that connections between implemented security measures and their outcomes are contextdependent, part of the experiences are collected in the form of anecdotes, which include descriptions of the conditions under which the outcomes were achieved. Findings are compressed into the form of crime problem solving processes following continuous improvement principles. This should facilitate exploiting presented practices and processes inside normal quality improvement programs, decision making processes, and operational practices in companies. This should also help to fill traditional communication gaps between supply chain managers, risk managers, compliance managers, and security managers, amongst others. The good practices book considers existing standards, including EU AEO; ISO28000 Security in the Supply Chain, ISO31000 Guidance on Risk Management and ISO/PAS28002: Resilience in the Supply Chain, and other relevant security standards (EN, BS, and DIN standards) as potential sources for good practices, and the book provides examples on how to comply with such requirements for those interested in doing so (and, what the consequential benefits may be if such data is available). 1 Menzer, J.T. et al. (2001), Defining Supply Chain Management Journal of Business Logistics, 22(2), 1-25.

Chapter 2. Supply chain security (SCS) management and crime prevention overview The objective of this chapter is to inform readers about the most relevant frameworks, models, and reference standards of managing security of the supply chain. Risk management forms an important part of this overview chapter. Below, initial references are made to SARA approach and SCS management layers. During the book s development, this chapter will be expanded to cover other relevant aspects of SCS management and crime prevention in supply chains. For example, good practices discovered during ISO 28000 implementations 2 will be highlighted (subject to access to the data). Also, references to several annexes (preliminary list of annexes can be found at the end of this overview paper) will be made. SARA approach SARA presents good practices in crime prevention commonly used by police agencies in the United States, the United Kingdom, Canada, Scandinavia, Australia, and New Zealand. Early experiments can be traced back to the early 1980s. SARA is a problem solving approach, which uses the data to establish the existence and extent of a problem, analyze its nature and source, plan intervention measures to reduce it, and monitor and evaluate the effectiveness of the selected measures (Read and Tilley, 2000 3 ). It emphasizes the transfer and sharing of crime prevention knowledge. SARA is a generic problem solving tool, which enables one to connect specific crime types, specific contexts, appropriate security measures, and observed outcomes. SARA resembles the risk management principles of ISO 31000, Total Quality Management (TQM), and Continuous Improvement, and exploits opportunity reducing crime preventive techniques. SARA consists of four phases (Clarke and Eck, 2003 4 ): 1. Carefully defining the specific problems (Scan) 2. Conducting an in depth analyses to understand their generative mechanisms (Analysis) 3. Undertaking broad searches for solutions to disable causes (Response) 4. Evaluation of the result (Assessment) 2 ISO 28000:2007, Specification for security management systems for the supply chain; ISO 28001:2007, Security management systems for the supply chain Best practices for implementing supply chain security Assessments and plans Requirements and guidance; ISO 28004:2007, Security management systems for the supply chain Guidelines for the implementation of ISO 28000. 3 Read T., Tilley N. Not Rocket Science? Problem Solving and Crime Reduction (2000) London: Home Office. Crime Reduction Research Series Paper 6 4 Clarke, R.V.and Eck, J. (2003) Becoming a problem solving crime analyst in 55 small steps. London: UCL Jill Dando Institute

SCS management layers Regarding the SARA Step 3 explained above, the following 7 layer SCS management model is applied as a reference in this good practices guidebook (adapted from Hintsa J., 2010 5 ): 1. Design and planning layer: designing sourcing (countries) and transport (routes) to minimize risks; creating and updating security, disaster recovery, training, and audit plans. 2. Process control layer: managing key business processes, creating visibility into them, monitoring for deviations, and providing stability/minimizing variations (in time, quality, etc.) 3. Supply chain assets layer: securing facilities, vehicles, shipments, products, data systems, and data by exploiting a broad set of security procedures, technologies, and solutions. 4. Human resources layer: checking backgrounds, training, and motivating personnel; protecting them against blackmail, kidnapping, etc.; minimizing the risk of insider crime. 5. Business partners layer: selection process for business partners; requirements for SCS certifications; and monitoring and audit activities. 6. Aftermath capabilities layer: ensuring post incident recovery with minimum supply chain disruptions; developing competences for investigations, evidence collection, and court procedures. 7. Disrupting criminal activities layer: causing problems in the illicit supply chains, by influencing supply (e.g., counterfeit factories), production, logistics operations, and distribution (e.g., awareness campaigns) 5 Hintsa J. Post-2001 Supply chain security private sector implication. Doctoral thesis manuscript submitted to the thesis jury. Oct.2010

Chapter 3. Good SCS practices Set 1: Application of a holistic security management approach This data is collected by means of semi structured interviews. Interview questions confine the whole security management process starting from (a) identification and defining of the problem, (b) analysis of the nature and extent of the problem, (c) generations of alternative security measures and evaluation of trade offs, and (d) assessing costs and benefits. The following list of questions may be regarded as an example: 1. What did your company do to enhance security in the supply chain? 2. Why did your company take the action (specific crime incident in own organization; specific crime incident in other organization; crimes exceeded the acceptable level; management interest to secure supply chains against potential crime incidents; systematic management process to identify deviations which revealed a possible vulnerability; increased risk level because of entering new sourcing or manufacturing countries, or transport routes; pressure to comply with an existing SCS standard or regulation, etc.)? 3. Did you have practices which contributed to or exacerbated the problem(s) or otherwise made it more difficult to solve the problem(s) (organizational barriers; lack of management commitment; reluctance to follow security requirements on every organizational level; inadequate audit methods, etc.)? If yes, how did you manage to overcome them? 4. What kind of targets and measurements were set (e.g., declined specific crime incident level; better facility and asset utilization; compliance with governmental regulations or programs; lower insurance fees, etc.)? How were such positive effects measured? 5. What kind of alternative security measures were generated and how did you select the implemented security measures? How were the selected security measures expected to work (make it harder to commit a crime; increase a perceived risk of being caught; reduce the anticipated rewards from the crime related activity; remove reasons to commit crime, etc.)? 6. How did the security measures work in practice (fully eliminated the problem; substantially reduced the problem; reduced the consequences caused by the problem; dealt with a problem more efficiently; transferred the problem to other areas of the supply chain or onto others, etc.)? 7. What type of costs were experienced during and after the implementation of new measure(s) (Investment costs; operational costs; maintenance costs, etc.)? Can you quantify any of them? 8. Did the security measures have any positive side effects (better visibility and operational control; better customer satisfaction; fewer governmental inspections; reduced insurance premiums, etc.)? How were these effects measured? 9. Did the security measures have any negative or reverse effects (impact on employee morale; negative impact on environment; displacement of crime to other areas, types, etc.)?

Chapter 4. Good SCS practices Set 2: Anecdotes/ short stories on crime incidents and security responses in Europe This chapter presents a collection of short stories regarding crime incidents and security responses in European supply chains, with the following basic structure: - What happened, what was the trigger (the incident; management attention, etc.)? - Why was it important to act (to do something about it)? - What was done (the security response)? - How was it done when by whom? - What were the outcomes (both positive and negative ones)? Chapter 5. Good SCS practices Set 3: Complying with SCS programs/standards/regulations in Europe Existing SCS initiatives, including the EU AEO program and ISO2800 series, are not selfexplanatory and self executing programs. On the contrary, they often present a framework where compliance with requirements can be attained in several ways. These initiatives often introduce new tasks involving many people at different levels of the organisation. For example, the EU AEO program relates to manufacturing, logistics, financial administration, legal affairs and agreements, social responsibilities and governmental relationships, human resources, supplier relationship, security, and risk management. In this chapter, examples are presented on how different types of companies have managed EU AEO, ISO28000, and other relevant SCS implementation processes, highlighting problems and solutions of potential broader interest and relevance. Chapter 6. Good SCS practices Set 4: Any SCS management and crime prevention anecdotes from anywhere in the world (this chapter is optional, tbd later)

Chapter 7. Summary and conclusions The actual summary and conclusions can be written only towards the end of the book development project. This good practices guidebook helps companies operating in supply chains to enhance their SCS management processes, methods, and techniques: - All actors in supply chains, including companies with cargo interest/ownership and logistics service providers. - All sizes of companies, especially small and medium sized enterprises (SMEs) (this is based on the quick survey in Sep Oct.2010) The good practices presented in this book have helped (the case) companies in the past to 6 : - reduce opportunities for crime and/or actual crime incidents in the supply chain (as the main priority based on the quick survey in Sep Oct.2010); and/or - comply with existing SCS initiatives (standards, regulations, etc.) The good SCS practices shared in this guidebook were not invented by experts in the domain (including security consultants or academics), but they were real implementations of various SCS management approaches in real supply chains. 7 Risk management has played an important role throughout the guidebook. Bibliography, recommended readings To be added later Annexes Preliminary list of annexes for the book Annex 1. Template/questionnaire for collecting SCS good practice cases and anecdotes Annex 2. Crime in supply chains, taxonomy and definitions Annex 3. Security measures in supply chains, taxonomy and examples Annex 4. Selected SCS programs and standards, overview and requirements Annex 5. Technical norms in security management; EN, DIN, BSI, etc. 6 One should note that all the good practices described in this guidebook are context dependent (at least to some extent), thus there is no guarantee that they produce similar results in a new situation (time, mode, location, commodity type etc.). 7 One should note that subjective aspects of many of the good practices could not be avoided, due to the complexities in measuring (and verifying) the actual implications (or benefits) of SCS measures implemented.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information