presentation to the sclrc “supply chain security and process management.”
TRANSCRIPT
PRESENTATION TO THE SCLRC
“Supply chain security and process management.”
INTRODUCTION
THREE PART PRESENTATION
1. BACKGROUND - SOME COMMENTS AND OBSERVATIONS
2. THE REAL TIME CURRENT SITUATION
3. CASE STUDY – D P WORLD AND DJIBOUTI
AIM
• The aim of this presentation is:– to address the practical supply chain
security processes and procedures that use the dynamics of physical and procedural security to reinforce and manage supply chain business continuity.
• The objective being: – to identify how to create secure and
resilient supply chains whilst at the same time meeting compliance requirements.
The Future Stealth Bomber
Port and Container vulnerability inextricably linked and found:•At point of stuffing•During trucking•At terminal•During loading •In maritime transit •During delivery•At unloading
PART I - BACKGROUND• Vulnerablities are clear and few deny the
e2e supply chain is complex with multiple stakeholders
• But there are both Commercial drivers for change and Terrorist drivers for change
• A change management issue where management is shirking responsibility
• Has to be “ buy in” by all stakeholders.• Has to be “buy in” from top to bottom
MANY CHALLENGES
Multiple Commercial Challenges:
• Critical Blind Spots• Multiple
participants/stakeholders and chokepoints
• Individual security solutions• Processes, personnel and
facility security• No integrated/continuous
liability• Requirements to reduce
theft - $40Bn• Cyber security – is there? • Terrorism
Terrorist Challenges:• Deny opportunity –
deterrence• Avoid overplaying risk –
m.o?• But - opportunity exists:
– Virtual absence of security
– Supply chain potential – volume and velocity
• And - motivators:– Climate of collapse – Traumatised general
public– Bring trade/economics to
a halt.
The Supply Chain Conundrum – how to secure the container passing through the multitude of choke points in the chain- as presented in the above question?
THE PREPARED MINDSET IS IT SUFFICIENT ?
PART II - CURRENT SITUATION
• Plethora of initiatives – lets remind ourselves of the Volumes of research and discussion
Supply ChainSecurity Initiatives
1. Global voluntary- ISO 28000/1/3/4- WCO SAFE- TAPA…
2. Global mandatory- ICAO- IMO/ISPS- ´Dangerous
goods´…
3. North Americavoluntary
- C-TPAT- CSI- ASIS- PIP (CA)…
4. EU voluntary- StairSec (SE)- Secure operator- EU AEO…
5. Latin America voluntary- BASC…
6. Asia Pacific- Accredited
client (AU)- Secure export
partnership, NZ- …
System
Various SCS programs appearto contain similar securitymeasures, in 6 subgroups
PART II - CURRENT SITUATION • Plethora of initiatives – lets remind
ourselves of the Volumes of research and discussion
• All outstanding in intention but do we have increased security in the SC? Do we ……
• So what are the ‘common denominators’ – Containers – Ports – Ships
POTENTIAL SOLUTIONS• Procedural but ……………..
– Why are there “buy in” problems– Compliance v Voluntary – too much choice? – Policing problems – resources
• Technology but ……………. – Heightened expectations – 21rst Century panacea? – Peak of Expectation v Trough of dissilusionment
• The scapegoat? It is/should be the manufacturers dilemma – the service provider “not my problem” syndrome of stakeholders.
SOLUTION PROBLEMS/ISSUES• SC reliant on mature industry – margins low – highly
competitive – risk averse – conservative – privately owned.
• National and supranational suggestions – some compliance driven but all voluntary – too soft?
• Therefore only high volume high value logistics going to benefit
• Who is going to pay for the unwilling producer where no benefit perceived
• Little point in screening low risk participants. • Crunch point comes at the Port/Terminal but again ask –
who will pay and why, for the technology?
THE PORT OPERATOR OPTIONS• Do nothing or …………………. • Apply best business security practice as lessors and
provide VFM “added value”. • Take the lead practically – intermodal hub that can not
be disinvented. • DPW have looked at security from a corporate
perspective – providing “top down” change management direction in security culture and implementation.
• Driving forward standardisation through common procedures and exploring a technology solution that adds value.
PART III - RADICAL CHANGE
INTRODUCTION OF ISO 28000
•Time for DP World to move beyond the reactive to the proactive and adaptive
DP World’s corporate security management system developed – based upon the new international security standard for supply chains ISO/PAS 28000:2005
Designed to enable an organisation to manage its security effectively through ongoing assessment of risk and vulnerabilities within its operations.
•Culture of continuous monitoring and improvement aims to ensure effective preventative measures in the international supply chain..
WHAT IS ISO 28000?
•An overarching tool •Provides SMS requirements for
•Establishing •Implementing•Maintaining •Improving
•Applicable to all stakeholders in the supply chain•Supranational, national and industry input co-operation• Risk based – follows other ISO e.g. 14001
WHAT ISO 28000 DOES • This new management system specification provides a framework
for organisations that operate or rely on any aspect of the supply chain.
• It can help all sectors of e2e industry assess security risks and implement controls and mitigating arrangements to manage potential security threats in the same way other fundamental business principles such as quality, safety and customer satisfaction are managed.
• The specification is a plan-do-check-act based management system that has been modeled on the well proven ISO 14001 standard. Organisations will be able to use a similar approach when analysing supply chain security risks and threats.
• For organisations working within, or relying on, the logistics industry, certification to the ISO/PAS 28000:2005 supply chain management standard, provides a valuable framework.
• It will minimise the risk of security incidents and help provide problem free 'just in time' delivery of goods and supplies.
A SECURITY MANAGEMENT SYSTEM
• Accountability– Corporate direction – International compliance – Best business practice
• Through Non Conformance Reporting – Non conformities – Management responsibility at highest levels for
Business Units and Corporate.
• Requirement to drive and substantiate continual improvement
DJIBOUTI
STRATEGIC IMPORTANCE ON A POSTAGE STAMP
PORT OF DJIBOUTI •DP World managed since 2000 •Corporate security advisors – Hart Maritime identify $2 Million savingAt same time a need to stop ‘loosing’ containers•ISO 28000 – to be root of service level agreements (SLA) •Djibouti – Management Contract in addition to implement •3rd World ISPS Plan to give 1rst World Credibility •ISO 28000 to provide automatic verification of PFSA and PFSP as part of SMS.
ISO 28000
• Considered 20858 but this just ISPS verification and 28000 covers automatically
• Team acutely aware of supply chain interface • Djibouti is also unique – cargo stuffed in the
main in the Port. • Needed also to implement plan – ISO 28000 the
ideal and better vehicle and also to accredit implementation
THOROUGH STRATEGIC REVIEW OF SMS
• Organisation, structure and processes• Responsibility and authority for security
management • Security Policy and its implementation • Threat and risk assessment and control
measures for review• Legal, strategic and other requirements• Security management objectives, targets,
and programmes• Management review processes and audits
REVIEW (CONT)• Competence, training and awareness• Communications• SMS documentation and document and data
control• Emergency and incident procedures• Performance measurement and monitoring• Internal audits • System evaluation • Management review process • Estimation of continual improvement
performance
METHODOLOGY
Two Phase Audit
One month between each
Non Conformance Identification
• Major
• Minor
• Requires Correction
• Scope for improvement
PRACTICAL LESSONS LEARNT • Stakeholder accountability
– Truckers processes and procedures • Times • Gate passes • Customs
– Freight Forwarders• Cooli vetting • Container stuffing declaration
– Lines • ISPS Security declaration loopholes• More rigorous inspections – IMO Reg/SSC/SSP
• Port policing and support of agreements – Acces control issues and commercial priorities – Incident control – Non conformity
ACCREDITATION SEPTEMBER 2006
•HAS LED TO USCG AND CBP INTEREST AS PORT BENCH MARK•DPW WORLD INVOLVEMENT IN THE SFI •INCREASED CREDIBILITY IN AN UNSTABLE REGION •INCREASED BUSINESS (ZIM LINES TRANSHIPMENT HUB)•HAS LED TO SIGNIFICANT INCREASE IN CORPORATE AND BUSINESS UNIT AWARENESS. •HAS LED TO NEW SECURITY BUSINESS!
OTHER DEVELOPMENTS
ISO / PAS 20858−Published; Uniform industry implementation of ISPS Code
ISO / PAS 28001−In final draft, will be consistent with WCO Frameworkof Standards−Assist industry in Best practices for custody in supply chain
ISO 28004−WorkingGroup convened 2006−Guidance for 28000, also Refers to 19011 & 17021
ISO 28005−Under development; Electronic Port Clearance (EPC)−Computer to Computer data transmission
OTHER LOWER TIER -subsystems, components standards but ALL ISO driven – recognition for global security standardisation
WAY AHEAD
• Continue to focus on practicalities AND actually implement potential solutions – whatever they may be - they will reduce the risk environment if effectively implemented .
• Objective has to remain the flow of trade but not at the expense of security. Cost of failure is too high a risk.
• Lobby for ISO standardisation – level playing field which focuses on the human and processes and procedures that provide for independant auditable security.
• Can then offer carrots rather than focus on sticks and buys time for the right technologies for the right reasons.
• Remember though the clock is ticking.
ANY
QUESTIONS?