PRESENTATION TO THE SCLRC

“Supply chain security and process management.”

INTRODUCTION

THREE PART PRESENTATION

1. BACKGROUND - SOME COMMENTS AND OBSERVATIONS

2. THE REAL TIME CURRENT SITUATION

3. CASE STUDY – D P WORLD AND DJIBOUTI

AIM

• The aim of this presentation is:– to address the practical supply chain

security processes and procedures that use the dynamics of physical and procedural security to reinforce and manage supply chain business continuity.

• The objective being: – to identify how to create secure and

resilient supply chains whilst at the same time meeting compliance requirements.

The Future Stealth Bomber

Port and Container vulnerability inextricably linked and found:•At point of stuffing•During trucking•At terminal•During loading •In maritime transit •During delivery•At unloading

PART I - BACKGROUND• Vulnerablities are clear and few deny the

e2e supply chain is complex with multiple stakeholders

• But there are both Commercial drivers for change and Terrorist drivers for change

• A change management issue where management is shirking responsibility

• Has to be “ buy in” by all stakeholders.• Has to be “buy in” from top to bottom

MANY CHALLENGES

Multiple Commercial Challenges:

• Critical Blind Spots• Multiple

participants/stakeholders and chokepoints

• Individual security solutions• Processes, personnel and

facility security• No integrated/continuous

liability• Requirements to reduce

theft - $40Bn• Cyber security – is there? • Terrorism

Terrorist Challenges:• Deny opportunity –

deterrence• Avoid overplaying risk –

m.o?• But - opportunity exists:

– Virtual absence of security

– Supply chain potential – volume and velocity

• And - motivators:– Climate of collapse – Traumatised general

public– Bring trade/economics to

a halt.

The Supply Chain Conundrum – how to secure the container passing through the multitude of choke points in the chain- as presented in the above question?

THE PREPARED MINDSET IS IT SUFFICIENT ?

PART II - CURRENT SITUATION

• Plethora of initiatives – lets remind ourselves of the Volumes of research and discussion

Supply ChainSecurity Initiatives

1. Global voluntary- ISO 28000/1/3/4- WCO SAFE- TAPA…

2. Global mandatory- ICAO- IMO/ISPS- ´Dangerous

goods´…

3. North Americavoluntary

- C-TPAT- CSI- ASIS- PIP (CA)…

4. EU voluntary- StairSec (SE)- Secure operator- EU AEO…

5. Latin America voluntary- BASC…

6. Asia Pacific- Accredited

client (AU)- Secure export

partnership, NZ- …

System

Various SCS programs appearto contain similar securitymeasures, in 6 subgroups

PART II - CURRENT SITUATION • Plethora of initiatives – lets remind

ourselves of the Volumes of research and discussion

• All outstanding in intention but do we have increased security in the SC? Do we ……

• So what are the ‘common denominators’ – Containers – Ports – Ships

POTENTIAL SOLUTIONS• Procedural but ……………..

– Why are there “buy in” problems– Compliance v Voluntary – too much choice? – Policing problems – resources

• Technology but ……………. – Heightened expectations – 21rst Century panacea? – Peak of Expectation v Trough of dissilusionment

• The scapegoat? It is/should be the manufacturers dilemma – the service provider “not my problem” syndrome of stakeholders.

SOLUTION PROBLEMS/ISSUES• SC reliant on mature industry – margins low – highly

competitive – risk averse – conservative – privately owned.

• National and supranational suggestions – some compliance driven but all voluntary – too soft?

• Therefore only high volume high value logistics going to benefit

• Who is going to pay for the unwilling producer where no benefit perceived

• Little point in screening low risk participants. • Crunch point comes at the Port/Terminal but again ask –

who will pay and why, for the technology?

THE PORT OPERATOR OPTIONS• Do nothing or …………………. • Apply best business security practice as lessors and

provide VFM “added value”. • Take the lead practically – intermodal hub that can not

be disinvented. • DPW have looked at security from a corporate

perspective – providing “top down” change management direction in security culture and implementation.

• Driving forward standardisation through common procedures and exploring a technology solution that adds value.

PART III - RADICAL CHANGE

INTRODUCTION OF ISO 28000

•Time for DP World to move beyond the reactive to the proactive and adaptive

DP World’s corporate security management system developed – based upon the new international security standard for supply chains ISO/PAS 28000:2005

Designed to enable an organisation to manage its security effectively through ongoing assessment of risk and vulnerabilities within its operations.

•Culture of continuous monitoring and improvement aims to ensure effective preventative measures in the international supply chain..

WHAT IS ISO 28000?

•An overarching tool •Provides SMS requirements for

•Establishing •Implementing•Maintaining •Improving

•Applicable to all stakeholders in the supply chain•Supranational, national and industry input co-operation• Risk based – follows other ISO e.g. 14001

WHAT ISO 28000 DOES • This new management system specification provides a framework

for organisations that operate or rely on any aspect of the supply chain.

• It can help all sectors of e2e industry assess security risks and implement controls and mitigating arrangements to manage potential security threats in the same way other fundamental business principles such as quality, safety and customer satisfaction are managed.

• The specification is a plan-do-check-act based management system that has been modeled on the well proven ISO 14001 standard. Organisations will be able to use a similar approach when analysing supply chain security risks and threats.

• For organisations working within, or relying on, the logistics industry, certification to the ISO/PAS 28000:2005 supply chain management standard, provides a valuable framework.

• It will minimise the risk of security incidents and help provide problem free 'just in time' delivery of goods and supplies.

A SECURITY MANAGEMENT SYSTEM

• Accountability– Corporate direction – International compliance – Best business practice

• Through Non Conformance Reporting – Non conformities – Management responsibility at highest levels for

Business Units and Corporate.

• Requirement to drive and substantiate continual improvement

DJIBOUTI

STRATEGIC IMPORTANCE ON A POSTAGE STAMP

PORT OF DJIBOUTI •DP World managed since 2000 •Corporate security advisors – Hart Maritime identify $2 Million savingAt same time a need to stop ‘loosing’ containers•ISO 28000 – to be root of service level agreements (SLA) •Djibouti – Management Contract in addition to implement •3rd World ISPS Plan to give 1rst World Credibility •ISO 28000 to provide automatic verification of PFSA and PFSP as part of SMS.

ISO 28000

• Considered 20858 but this just ISPS verification and 28000 covers automatically

• Team acutely aware of supply chain interface • Djibouti is also unique – cargo stuffed in the

main in the Port. • Needed also to implement plan – ISO 28000 the

ideal and better vehicle and also to accredit implementation

THOROUGH STRATEGIC REVIEW OF SMS

• Organisation, structure and processes• Responsibility and authority for security

management • Security Policy and its implementation • Threat and risk assessment and control

measures for review• Legal, strategic and other requirements• Security management objectives, targets,

and programmes• Management review processes and audits

REVIEW (CONT)• Competence, training and awareness• Communications• SMS documentation and document and data

control• Emergency and incident procedures• Performance measurement and monitoring• Internal audits • System evaluation • Management review process • Estimation of continual improvement

performance

METHODOLOGY

Two Phase Audit

One month between each

Non Conformance Identification

• Major

• Minor

• Requires Correction

• Scope for improvement

PRACTICAL LESSONS LEARNT • Stakeholder accountability

– Truckers processes and procedures • Times • Gate passes • Customs

– Freight Forwarders• Cooli vetting • Container stuffing declaration

– Lines • ISPS Security declaration loopholes• More rigorous inspections – IMO Reg/SSC/SSP

• Port policing and support of agreements – Acces control issues and commercial priorities – Incident control – Non conformity

ACCREDITATION SEPTEMBER 2006

•HAS LED TO USCG AND CBP INTEREST AS PORT BENCH MARK•DPW WORLD INVOLVEMENT IN THE SFI •INCREASED CREDIBILITY IN AN UNSTABLE REGION •INCREASED BUSINESS (ZIM LINES TRANSHIPMENT HUB)•HAS LED TO SIGNIFICANT INCREASE IN CORPORATE AND BUSINESS UNIT AWARENESS. •HAS LED TO NEW SECURITY BUSINESS!

OTHER DEVELOPMENTS

ISO / PAS 20858−Published; Uniform industry implementation of ISPS Code

ISO / PAS 28001−In final draft, will be consistent with WCO Frameworkof Standards−Assist industry in Best practices for custody in supply chain

ISO 28004−WorkingGroup convened 2006−Guidance for 28000, also Refers to 19011 & 17021

ISO 28005−Under development; Electronic Port Clearance (EPC)−Computer to Computer data transmission

OTHER LOWER TIER -subsystems, components standards but ALL ISO driven – recognition for global security standardisation

WAY AHEAD

• Continue to focus on practicalities AND actually implement potential solutions – whatever they may be - they will reduce the risk environment if effectively implemented .

• Objective has to remain the flow of trade but not at the expense of security. Cost of failure is too high a risk.

• Lobby for ISO standardisation – level playing field which focuses on the human and processes and procedures that provide for independant auditable security.

• Can then offer carrots rather than focus on sticks and buys time for the right technologies for the right reasons.

• Remember though the clock is ticking.

ANY

QUESTIONS?