16/4/2014 Presentation Outline SEMINAR ON ISO 28000 Objectives of - PDF document

16/4/2014 Presentation Outline SEMINAR ON ISO 28000 • Objectives of the Seminar on ISO 28000 SUPPLY CHAIN SECURITY • Overview of ISO 28000 – Supply Chain Security MANAGEMENT SYSTEM (SCSMS) Management System (SCSMS) • Other Supply Chain Security Requirements 16 TH APRIL 2014 at • Managing Organization’s Supply Chain Security Risks through the Implementation of ISO 28000 M SUITES HOTEL JOHOR BAHRU • Integration of SCSMS with other Management JOHOR DARUL TAKZIM Systems Objectives Supply Chain • A supply chain is a system of organizations, people, activities, information, and resources involved in moving • To increase awareness on the needs of Supply a product or service from supplier to customer. Chain Security Management System. • Supply chain activities transform natural resources, raw • To highlight main points in implementing Supply materials, and components into a finished product that Chain Security Management System and best is delivered to the end customer. practises. • In sophisticated supply chain systems, used products • To improve understanding of standard requirements may re-enter the supply chain at any point where in implementing Supply Chain Security Management System in managing the organization’s risks. residual value is recyclable. • Supply chains link value chains. Supply Chain Supply Chain Security • Supply chain security refers to efforts to enhance the security of the supply chain, the transport and logistics system for the world's cargo. • It combines traditional practices of supply chain management with the security requirements driven by threats such as terrorism, piracy, and theft. 1

16/4/2014 Supply Chain Security Supply Chain Security • Typical supply chain security activities include: • There are a number of supply chain security initiatives in the United States and abroad, including: • Credentialing of participants in the supply chain • The Customs Trade Partnership against Terrorism (C- TPAT), a voluntary compliance program for companies • Screening and validating of the contents of cargo being to improve the security of their corporate supply chains. shipped • The World Customs Organization (WCO) adopted the • Advance notification of the contents to the destination Framework of Standards to Secure and Facilitate Global country Trade in 2005, which consists of supply chain security standards for Customs administrations including • Ensuring the security of cargo while in-transit via the Authorized Economic Operator(AEO) programs. use of locks and tamper-proof seals • Inspecting cargo on entry Supply Chain Security Supply Chain Security • The Container Security Initiative(CSI), a program led by • Pilot initiatives by companies in the private sector to U.S. Customs and Border Protection in the Department track and monitor the integrity of cargo containers of Homeland Security focused on screening containers moving around the world using technologies such as at foreign ports. RFID and GPS. • The Global Trade Exchange, a DHS data-mining • The International Organization for Standardization have program designed to collect financial information about released a series of Standards for the establishment shipments, with the objective of determining safety of and management of supply chain security. cargo shipments are safe. • ISO 28000 Specification for Security Management • Efforts for countries around the world to implement and Systems for the Supply Chain , offers public and private enforce the International Ship and Port Facility Security enterprise an international high-level management Code (ISPS Code), an agreement of 148 countries that standard that enables organisations to utilise a globally are members of the International Maritime Organization consistent management approach to applying supply (IMO). chain security initiatives. Security Risk Security Risk • Security Risk describes employing the concept of risk • Security risk is often, quantitatively, represented as any to the security risk management paradigm to make a event that compromises the assets, operations and particular determination of security orientated events. objectives of an organisation. • Security risk is the demarcation of risk, into the security • ' Event' , in the security paradigm, comprises those silo, from the broader enterprise risk management undertaken by actors intentionally for purposes that framework for the purposes of isolating and analysing adversely affect the organisation. unique events, outcomes and consequences. • The role of the 'actors' and the intentionality of the 'events', provides the differentiation of security risk from other risk management silos, particularly those of safety, environment, quality, operational and financial. 2

16/4/2014 Security Risk Security Risk • Common Approaches to Analysing Security Risk • Factor Analysis of Information Risk deeply analyze different risk factors and measure security risk. • Some security professionals define security according to • There are a number of methodologies to analyse and one of the following formulas. manage security risk. • Risk = Threat × Harm • Usually after a cost benefit analysis a countermeasure is set to decrease the likelihood or the consequence of • Risk = Consequence × Threat × Vulnerability the threat. • Risk = Consequence × Likelihood • Security service is the name of countermeasure while transmitting the information. • Risk = Consequence × Likelihood × Vulnerability Security Risk ISO 28000 - Security Management System • Psychological Factors relating to Security Risk • ISO 28000:2007 ( Specification for security management systems for the supply chain ) is an International Organization for Standardization on • Risk in Psychology requirements of a security management system particularly dealing with security assurance in the supply • Given the strong influence affective states can play in chain. the conducting of security risk assessment, many papers have considered the roles of affect heuristic and • ISO 28000:2007 was developed to codify operations of biases in skewing findings of the process. security within the broader supply chain management system. • The PDCA management systems structure was adopted in developing ISO 28000:2007 to bring the elements of this standard in congruence with related standards such as ISO 9001 and ISO 14001 ISO 28000 - Security Management System • Improved risk management integration • The development of an international standard addressing security risk management improves the broader interface with existing enterprise risk management in a common integrated platform. • This integrated approach to risk management is often employed to better coordinate cross functional risk management mechanisms, improve performance measurement, ensure continual improvement and reducing misalignment of risk management objectives between silos. 3

16/4/2014 ISO 28000 - Security Management System ISO 28000 - Security Management System • Application • Adopting the ISO 28000 has broad strategic, organisational and operational benefits that are realized throughout supply chains and business practices. • ISO 28000:2007 was developed such that organizations • Benefits include, but are not limited to: of varying scale could apply the standard to supply • Integrated enterprise resilience chains of various degrees of complexity. • Systematised management practices • Enhanced credibility and brand recognition The general rational for organizations to adopt ISO 28000:2007 pertains to: • Aligned terminology and conceptual usage • developing a security management system, • Improved supply chain performance • internal compliance with objectives of a security • Benchmarking against internationally recognisable management policy, criteria • external compliance with best practice benchmarks, • Greater compliance processes • ISO accreditation. ISO 28000 - Security Management System ISO 28000 - Security Management System Supply Chain Security Management Systems (SCSMS) Supply Chain Security Management Systems (SCSMS) The benefits of SCSMS Certification - Demonstrate systematic Supply Chain Security management - Improve stakeholder confidence by demonstrating more robust an secure supply chain management. - Develops business cooperation along supply chain. - Enhances customer satisfaction by demonstrating - Shorten customs clearance time and reduce ability to meet their specific requirements. secondary inspection. - Make the organization a supplier of choice by - Facilitate compliance with other official trade and demonstrating the organization’s capability to manage supply chain processes, including the security issues within supply chain. 1. European Union’s Authorized Economic Operator (AEO) 2. US Customs and Boarder Patrol (CBP)’s Customs Trade Partnership Against Terrorism (C-TPAT). ISO 28000 - Security Management System The Needs of Security Management System • Accreditation From Terrorism Attacked • ISO 28000:2007 is a certifiable standard. 911 – 11 Sep 2001 – World Trade Center in USA  4 commercial passenger jet airlines hijacked  > 3000 death (attack by air) 5 Dec 2003 - Explosion of commuter train in Russia  > 46 death (attack by train) 12 Oct 2002 – Bombed by small craft  > 17 death, 39 injured (attack by sea) 4