supply chain security management – european views

More information: email [email protected] ; tel. +41-76-5890967 COPYRIGHT 2003-2007. Cross-border Research Association

Supply Chain Security Management – European Views

Supply Chain Risk Leadership CouncilCisco Office, LondonFebruary 22nd, 2007

Mr. Juha HintsaCross-border Research Association

Lausanne, Switzerland


Agenda

• Introduction to Cross-border Research Association (CBRA)

• Overview on Supply chain security management (SCSM) developments

• European responses to SCSM concerns• Case analysis approach to SCSM

certification projects at shippers and LSPs• Annexes


Cross-border Research Association

• Team of academic researchers in Lausanne, Switzerland; not-for-profit organization;– working since summer 2001 on cross-border and security research– started EU AEO pre-analysis work in summer 2005, as part of broader

supply chain security management (SCSM) studies• Mission: to innovate and execute various types of research,

analysis and case studies surrounding the broad field of supply chain security management programs, standards, measures, trade-offs and costs.

• Our research helps companies in international trade and logistics to better plan and prepare for the implementation of new supply chain security standards;– And it helps governmental administrations, mainly customs and

transportation agencies, to better understand the realities and constraints of international supply chains, while developing new security standards, public-private partnerships etc.


Cross-border Research Association

• Core industry research partnerships include sectors:– CPG; clothing/ retail; machinery/ construction.

• Core governmental research partnerships include: – World Customs Organization (WCO); European Commission DG

Transportation and Energy (DG TREN) & European Norms Committee (CEN)

• Other partnerships include:– BASC, IFCBA, WEPZA, Swiss Shippers Council; plus several academics

and individual experts world wide.• Main organizer of annual SCSM200x Conference in Vevey,

Switzerland• Funding coming from academic sources, from multinational

companies, and from governmental agencies and organizations– Seeking for couple of new member companies for 2007-2009


Agenda






Definition for Supply Chain Security Management, SCSM

• Supply Chain Security Management, SCSM, aims to minimize any type of crime at any stages of supply chains

• Individual security measures are typically one or more of the three: prevent – detect - recover

• Crime can be of „minor or major nature“• Crime can consist of „taking out and adding in“• Crime includes: theft, smuggling, counterfeit,

sabotage, terrorim


Supply ChainSecurity Initiatives

1. Global voluntary- ISO 28000/1/3/4- WCO SAFE- TAPA…

2. Global mandatory- ICAO- IMO/ISPS- ´Dangerous

goods´…

3. North Americavoluntary

- C-TPAT- CSI- ASIS- PIP (CA)…

4. EU voluntary- StairSec (SE)- Secure operator- EU AEO…

5. Latin America voluntary- BASC…

6. Asia Pacific- Accredited

client (AU)- Secure export

partnership, NZ- …

System

Various SCSM programs appearto contain similar securitymeasures, in 6 subgroups


Supply Chain Security Management Analysis Framework

Source CBRA: Gutierrez, Hintsa, Carvalho, 2005-2006


Four types of roots for SCS programs and standards

• Enhancing Customs administrations security control capacity,

• Reducing specific industry/geography vulnerabilities,

• Developing global security standards,

• Technology development and piloting.

Source: Hintsa J., Wieser P., Gutierrez X., Hameri AP., (2006). Supply Chain Security Management: An Overview.ILS 2006. The International Conference on Information Systems, Logistics and Supply Chain. Lyon, France. May 15-17, 2006.


Detailed comparison of Supply chain security measures in various programs

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Facility protection

Access/presence control processes and technologies

Personnel training process

Employee hiring / exit process

Protection of business information/data

Inspections during the shipping process

Data exchange with Customs administrations

Establishment of collaborative relationships with Customs admon.

Facility monitoring

Business partners evaluation system

Company security management system

Prevention, detection and reporting of shipping process anomalies

Exploitation of cargo and vehicle anti-tampering technical solutions

Information dissemination process

Warehouse/terminal layout design

Quality information/data management

Recordkeeping of shipping information for potential security audits

Inventory management and control

Organizational roles and responsibilities

Security culture development

Exploitation of cargo inspection technical solutions

Use of international standards for data management

Logistics system designed to reduce risks

Logistics system designed for quick eventual disaster/failure recovery

% of programs suggesting each security measure

• Total of 10 supply chain security intiatives analyzed on the frequency of 25 security measures

• 90-100%: Facility protection; Access control; Personnel training; Employee hiring; Data protection.

• 70-80%: Inspections; Customs data and relationships; Facility monitoring; Business partner evaluation; Security management system

• Remaining measures 60% or less

Source: Gutierrez X., Hintsa J. (2006). Voluntary Supply Chain Security Programs: A Systematic Comparison.ILS 2006. The International Conference on Information Systems, Logistics and Supply Chain. Lyon, France. May 15-17, 2006.


Four sample SCS (sub)paradigms

• Advance cargo information,

• ‘Known shipper’ and ‘authorised economic operator’,

• Secure trade corridor,

• Security “built into products and processes”.

Source: Hintsa J., Wieser P., Gutierrez X., Hameri AP., (2006). Supply Chain Security Management: An Introduction.ILS 2006. The International Conference on Information Systems, Logistics and Supply Chain. Lyon, France. May 15-17, 2006.


From Traditional “Single Point“to “End-to-End”

TraditionalImport

Intervention

Expanding toTransit PortIntervention

SecuringFull Transport

Legs

End-to-EndSupply Chain

Security Solution

Importer

locationPort of

loading

Transit port

Port of

unloading

Adding intervention at transit port – CSI type measures

Exporter location

Transit port

Port of

unloading

Single Point intervention by Customs at import location

Importer

location

Exporter location Port of

loading

Transit port

Port of

unloading

Securing the full maritime portion –ISPS type measures

Importer

location

Exporter location Port of

loading

Securing the entire supply chain from end-to-end – C-TPAT type measures

Transit port

Port of

unloading

Port of

loading

Importer

location

Exporter location

Paradigm shift in Supply chain security control

SOURCE: European R&D proposal (FP6), by CBRA, Cotecna and others


Defining the optimum balance between security rules and efficiencies

Securitycost fortrade &logistics

Security compliance levelLow High

III Total costof securitycompliance

I Cost forimplementing& operatingthe securitymeasures

II Cost for being“non-compliant”:penalties and“lost incentives”

III

III

Governments aiming to shift the complianceoptimum towards “full compliance”

Compliance optimum


SCSM Remains a Contraversial Topic

• There can never be 100% security, no matter how much we invest in it– Companies cannot become „government agencies“: how much can we expect them

to invest?– Needle in the haystack thing: do the SCSM programs really help to avoid the „big

hits“?– How can you calculate the ROI of SCSM, including „things that would not have

happened anyways“?• Lots of materials including SCSM guidelines, standards, vulnerability

assessments etc. are put out in public– Are we handing guidebooks for the bad guys?

• SCSM should not become burden nor barrier for trade– How can we facilitate „mutual recognition“ between various SCSM programs? – How can we avoid creating new grounds for future crime and terrorism?

• SCSM is as weak as the weakest link– How can we create and maintain a proper „level playing field“?– Could the weakest link sometimes be the authorities themselves, instead of

companies?


Agenda






Supply chain security management interests at the European Commission

• Directorate General for Customs: DG TAXUD• Directorate General for Transportation: DG TREN• Directorate General for Justice, Liberty and

Security: DG JLS• Others: DG Industry, DG Information Society etc.


European Union Authorized Economic Operator, EU AEO (1/3)

• Legislation based on voluntary program for EU27• Goal: to secure international end-to-end supply chain, for

EU imports, transit and exports• Actors: importers, exporters, freight forwarders, carriers

etc.• Three different AEOs: Trade facilitation; Security and

Safety; and both• Prepared by Directorate General for Taxation and

Customs, DG TAXUD• Launch date: 1.1.2008 official registration starts• Current status: 11 pilots; updating guidelines etc.



„Promised“ benefits for trade and logistics:• Recognition as safe and secure partner in

international trade – status as quality criterion• Lower risk score for risk analysis for safety and

security purposes• Less data to be provided for pre-arrival/pre-

departure declarations• AEO will have priority treatment for controls• Mutual recognition through international

agreements as major benefit and incentiveSource: DG TAXUD Presentation at SCSM2006 Conference, Vevey, Switzerland, Sep.28th, 2006



EC-U.S. Customs Co-operation - Results of the expert groups• CSI minimum requirements • Minimum control standards• Joint Threat Assessment• Joint Risk Rules• Common list of advanced cargo data elements• Transhipment pilot• Exchange of information• Posting of EU liaison officers at NTC• Study on AEO and C-TPAT• Research and development cooperation

Source: DG TAXUD Presentation at SCSM2006 Conference, Vevey, Switzerland, Sep.28th, 2006


European Union Secure Operator

• Legislation based on voluntary program for EU27• Goal: to secure land supply chain, intra-EU• Actors: warehouse keepers, freight forwarders, carriers,

shippers• Prepared by Directorate General for Transportation and

Energy, DG TREN• Opposition from European industries, especially SMEs• Currently put on hold, possibly to be included in EU AEO

at later stage• But what is the relation between Customs and intra-EU supply chain

security…?• How to establish secure interconnectivity within port areas..?


European Norms Committee, CEN (slide 1/2)

• Recommendation for CEN standard on operational SCS management, security measures and vulnerability assessment in line with the security levels of public authorities and their underlying risks assessments

• The objective is:– To define the most effective measures in relation to the three

different levels of risks; – To develop a method for supply chain vulnerability assessment by

operators in the supply chain;– To allow business the opportunity to develop tailor made and cost

beneficial security measures.

• „Security is Quality“


European Norms Committee, CEN (slide 2/2)

• The standard aims to enhance security in the supply chain, i.e. secure interconnectivity between the various transport modes, operators and public authorities taken account of possible vulnerabilities in (critical) infrastructure.

• The result is destined to be a toolkit that can be used by organizations of any size (particular attention to small and medium size companies) to evaluate the adaptability of their management and security measures to official security levels.

• In order to address the basic security needs in primary processes of the supply chain and allow for maximum transparency, the standard should be developed by representatives of the various operators in the chain and public authorities.

• The participation of transport operators and/or their representatives is crucial for the standardization process.

• Governmental participation in the process would also be highly useful, i.e. public-private –partnership approach is encouraged.

• Auditors and technology providers can only incidentally participate in the process.


European Commission R&D Programs – FP7 (2007-2013)

• Call for proposals under theme Security

• Port security management (in 2007)

• Border security management (in 2007)

• Supply chain security management (in 2008)

• Other interesting security management topics: test centers, economic impacts etc.


Agenda






Table of content for SCSM study report at CBRA Member Company (MC)

Executive summary

1. Introduction2. Literature review3. Study interviews4. SCSM (e.g. EU AEO) analysis - identification of any gaps5. Supply chain security management at MC - holistic view6. Conclusions and discussions

• Bibliography• Annexes


Security management models

• Shippers commonly lack the total view of security management within their supply chains

• This makes it difficult to recognize where the possible weaknesses and vulnerabilities are

• CBRA research approach:• Mapping all potential security measures over the complete

supply chain• In three categories of measures: prevent/protect vs.

detect/monitor vs. recover• Security measures consist of direct and indirect measures;

including security monitoring, quality inspections etc.

Source for slides 25-32: CBRA research work for one Member Company in year 2006;first published at SSC Airfreight Seminar in Interlaken, Jan.2007


Chain of custody models

• Long supply chains with numerous logistics handovers are vulnerable for security incidents and other business disruptions

• The „brand owner“ does not often have knowledge and/or visibility to all actors „touching“ their goods

• CBRA research approach:• Mapping of goods/cargo ownership at each stage• Mapping of goods/cargo operator at each stage• Mapping of goods/cargo responsible at each stage• Mapping of asset/infrastructure owner at each stage• E.g. at ports can be 4 different actors



Capacity management models

• As part of business continuity planning, shippers ought to have clear picture on the available capacity over the full supply chain, in case any type of disruptions occur

• CBRA research approach:• Mapping of case company dedicated capacity

• Mapping of shared capacity

• Mapping of alternative capacity of same/lower/higher quality and/or cost

• E.g. trucks, roads, warehouses.Source for slides 25-32: CBRA research work for one Member Company in year 2006;first published at SSC Airfreight Seminar in Interlaken, Jan.2007


Information management models

• It can be helpful for the overall supply chain security management process to visualize the key data and document processes in the supply chain

• CBRA research approach:• Identify the key actors and information management events

related to security management in the full supply chain• Look at specifically all data and documents interactions with

customs and other government agencies• Typically include Shipping instructions, Departure info,

Arrival notifications, Transport documents, Customs declarations etc.



Possible impacts, incentives, collateral benefits of SCSM (ROI)

A. Direct Benefits:

Anti-theftAnti-smugglingAnti-counterfeitAnti-lossAnti-damageetc.

B. Government Incentives:

Lower risk scores and inspection ratesSimplified cross-border requirementsConsultative relationships etc.

C. Other Benefits in Logistics etc.:

Better visibility and shipment trackingFaster material flowsHigher overall compliance etc.


Summary

• There is nothing (totally) new under the sun here with SCSM, we always had these concerns for international trade and logistics

• SCSM is a management system, that aims to reduce crime (prevent-detect-recover), but also to harmonize and stabilize supply chain management in general

• SCSM requires a strong multi-function & multi-enterprise approach• There appears to be strong connection with SCSM and supply chain

risk management• CBRA intends to continue as one of the active research institutes on

the field for years 2007-2010, as a „trusted research agent“ between trade and government, having a strong focus in 2007 on EU AEO preparations


Annexes

• Additional information on Cross-border Research Association

• Samples of existing research and consulting papers, and topics for future studies


Recent CBRA Research / Conference Papers

• Hintsa J., Wieser P., Gutierrez X., Hameri AP., (2006). Supply Chain Security Management: An Introduction. ILS 2006. The International Conference on Information Systems, Logistics and Supply Chain. Lyon, France. May 15-17, 2006.

• Gutierrez X., Hintsa J. (2006). Voluntary Supply Chain Security Programs: A Systematic Comparison. ILS 2006. The International Conference on Information Systems, Logistics and Supply Chain. Lyon, France. May 15-17, 2006.

• Velea I., Hintsa J., Hameri AP., (2006). Impacts of Recent Security Regulations in Port Operations and Strategies – Comparison of Three European Ports. ILS 2006. The International Conference on Information Systems, Logistics and Supply Chain. Lyon, France. May 15-17, 2006.

• Hintsa, J., Hameri, AP., Tsikolenko V. (2005). Impacts of New Supply Chain Security Regulations and Programs in International Trade and Cross-border Operations Automation Systems – A Preliminary Study. The First International Conference on Transportation Logistics, Singapore, 27-29 July 2005.

• Gutierrez, X., Hintsa, J., Wieser, P., Hameri, AP. (2005). New Roles for Customs Brokers in International Supply Chain. The First International Conference on Transportation Logistics, Singapore, 27-29 July 2005.


CBRA Invited Specialist Group participations

• WCO (2007), Think Tank on Supply Chain Security Management and Future Customs-Trade Partnership Programs. Jointly with Fedex, Microsoft, IBM, BP, MIT, Standford University and others.

• World Customs Journal (2006) and (2007). Invited member of journal founding group and founding editorial board. 1st journal to appear in 2007.

• CEN (2005) and (2006), Expert Group Member and Rapporteur for CEN BT/WG 161 'Protection and Security of the Citizen', Security of the Supply Chain, with EC DG TREN (CEN work likely to continue in 2007).

• GCSP (2005), Roundtable on Economic Terrorism, organized by Geneva Center for Security Policies, GCSP. Presentation on Supply Chain Vulnerabilities. Lausanne, Switzerland, July 2005.


CBRA Conference participations Sample January - April 2007

• Annual Airfreight Seminar, Swiss Shippers Council, Interlaken, Switzerland, 24-26.1.2007

• PICARD2007, 2nd Conference on WCO Research Network. Co-organizer of Supply Chain Security Management Track. Brussels, Belgium, March 27-28th, 2007.

• SMP, 13ème Congrès Romand du Management de Projet, Lausanne, Switzerland, April 11-12th, 2007

• RiskChain Forum 2007, Jacob Fleming Conferences, Sheraton Hotel Schipol, Amsterdam, Netherlands, April 23-24th, 2007


Samples of interesting recent scientific papers

• Lee, Hau L. and Wolfe, Michael, (2003). Supply Chain Security Without Tears, Supply Chain Management Review, January/February 2003.

• Rice, Jr., J. B. and Caniato F. (2003). Building a Secure and Resilient Supply Network, Supply Chain Management Review, September-October 2003.

• Christopher, M. and Peck, H (2004). Building the Resilient Supply Chain, International Journal of Logistics Management, Vol.15, No.2, 2004, pp1-14.

• Prokop, D. (2004). Smart and Safe Borders: The Logistics of Inbound Cargo Security. The International Journal of Logistics Management, Vol.15, Nr.2.

• Barnes, B. and Oloruntoba, R. (2005). Assurance of Security in Maritime Supply Chains: Conceptual Issues of Vulnerability and Crisis Management. Journal of International Management, Nr.11. pp. 519-540

• Tsai, M. (2005). Constructing a Logistics Tracking System for Preventing Smuggling Risk of Transit Container. Transport Research Part A.

• Orphan, V.J., Muenchau, E., Gormley, J., Richardson, R. (2005). Advanced gamma ray Technology for Scannig Cargo Containers. Applie Radiation and Isotopes, Nr.63, pp. 723-732.

• Leone, K. and Liu, R. (2004). The Key Design Parameters of Checked Baggage Security Screening Systems in Airports. Journal of Air Transport Management. Nr.11. pp. 69-78.


Samples of interesting whitepapers / technical reports etc.

• Rice Jr. J. B. and Spayd P. W., (2005). Investing in Supply Chain Security: Collateral Benefits, IBM Center for The Business of Government, May 2005.

• Willis, H.H. and Ortiz, D.S., (2004). Evaluating the Security of the Global Containerised Supply Chain, RAND Corporation, 31 pages.

• Shrader, R.W. and McConnell, M. (2003). Security and Strategy in the Age of Discontinuity – A Management Framework for the Post 9/11 World. BAH. 12 pages.

• Gould, W.S. and Beckner, C. (2005). Global Movement Management: Securing the Global Economy. IBM Business Consulting Services. 28 pages.

• UNISYS. (2005). Secure Commerce Roadmap – The Industry´s View for Securing Commerce. 22 pages.

• ATKEARNEY. (2003). Supply Chain in a Vulnerable, Volatile World. Executive Agenda, Vol.VI, Nr.3. 15 pages.

• EYEFORTRANSPORT (2005). Cargo and Supply Chain Security Trends 2005. eyefortransport Cargo & Supply Chain Security Report. August 2005.

• DELOITTE (2004) The Unfinished Agenda – Transportation Security Survey. 18 pages.


Further research topics in SCSM

• Operationally efficient security measures and standards• Cost of supply chain security• Operational and strategic benefits of security measures and

standards• Technologies for supply chain security• Risk management and supply chain security• Supply chain resilience management• Customs operations and supply chain security• Border security management• Port and airport security management• Trade policies and supply chain security• Legal systems and supply chain security

SOURCE (modified from): Hintsa 2006. Research Needs in SCSM. WCO PICARD Conference. March 1-3, 2006

supply chain security management – european views

Documents