Risk management handbook
Supply chain security: management, initiatives and technologies
This publication aims to define the principles of security in the supply chain and to guide all operators in the supply chain on how to enhance value through effective security implementation. It not only promotes good practice but also explains why security need not be seen as an unnecessary drain on resources and can actually provide a significant contribution to the bottom line. The booklet provides an overview of current security initiatives and technologies available to assist, but is centred on the premise that the ISO 28000:2007 management standard offers a valuable framework for implementation.
Introduction
In the years immediately following the events of 11 September 2001 the transportation industry created and implemented several port and supply chain security measures to prepare and protect the industry such as the IMO’s International Ship and Port Facility Security (ISPS) Code and the United States’ Container Security Initiative (CSI) and Customs-Trade Partnership Against Terrorism (C-TPAT) initiative. As the depth and complexity of supply chain security has become apparent, the focus of many security initiatives has broadened past terrorism and it is these initiatives that this booklet aims to introduce in a practical manner.
Debate at this time is focused on securing supply chains from end to end. Research has shown that it typically takes 25 different parties and 30 different documents to get goods from one end of the supply chain to the other. With all these hands involved, the opportunities for tampering are plentiful. Against this background, the World Customs Organisation introduced the twin pillars of the customs-to-customs network arrangements and customs-to-business partnerships in the Safe Framework of Standards to Secure and Facilitate Global Trade (known as the ‘SAFE Framework’).
The SAFE Framework introduced the concept of the ‘Authorised Economic Operator’ which has since been enshrined in various countries’ legislation including the EU. Authorised economic operators include manufacturers, importers, exporters, brokers, carriers, consolidators, intermediaries, ports, airports, terminal operators, integrated operators, warehouses and distributors. This brings emphasis to the entire supply chain.
Supply chain security initiatives are not exclusively 21st century phenomena.The Business Alliance for Secure Commerce (BASC) began as an anti drug-smuggling programme introduced between Mexico and the United States in 1996. Similarly,The Transported Asset Protection Association (TAPA) was founded in the 1990s to counter the threats to increasingly high-valued shipments of technology products.
Furthermore, the current interest in supply chain security initiatives is only partly due to the events of 11 September 2001. The reality is that globalisation has resulted in companies’ supply chains becoming extended across continents as never before and the need for the effective management of risk has resulted in the extension of supply chain risk management to include issues of security. However, as global trade increases, the danger of weapons or a terrorist entering a country in a cargo container is a very real threat. The incident at the Port of Ashdod in March 2004, involving the apprehension of a terrorist operative hiding in a container en-route to Canada, highlights the fact that ‘the container is the Trojan Horse of the 21st century,’ as described by Robert Bonner, US Commissioner for Customs and Border Protection.
A key focus of this booklet is ISO 28000, which fundamentally addresses the shift to supply chain security. One of the main purposes of ISO 28000 is to be a common value-adding, verifiable, internationally recognised standard that bridges governmental and industry-driven supply chain initiatives; it currently stands alone in being able to fulfill the requirements for reciprocity between them. It is based on all currently prevalent and relevant global security initiatives, including the World Customs Organisation’s ‘SAFE Framework’, C-TPAT and EU AEO.
In addition, it represents a move away from mere compliance by applying a process approach and the ‘Plan-Do-Check-Act’ methodology to address potential risks. ISO 28000 offers a systematic approach to security management that can both improve operational capabilities and increase confidence on the part of customers and regulators. All businesses that are reliant on the supply chain for business continuity will benefit by adopting the sound management principles in ISO 28000.
The Benefits of Investing in Supply Chain Security
It is the contention of this booklet that operators should invest enthusiastically in supply chain security. Whereas compliance has been the focus of supply chain security, the advice here promotes an approach which does not see supply chain security as an opportunity to meet static requirements. A better approach gives each individual company the latitude to institute security measures tailored to its unique needs and vulnerabilities. This is exactly the approach of the ISO 28000 Standard.