Disruptions to supply chain services can adversely affect a country's economy and security. Supply chain organizations, however, can mitigate these vulnerabilities by adopting the International Standard ISO 28000. If implemented correctly, this standard can contribute to U.S. safety while enhancing a company's service levels.
In his introduction to the national strategy for global supply chain security, published earlier this year, President Obama emphasized the United States' commitment to ensuring "efficient and secure transit of goods through the global supply chain system."
Adopting the process-based management system (PBMS) approach to global supply chain security can eliminate the misconception that security and efficiency are at odds by providing a systematic approach for continual improvement that maximizes results while cutting waste and unnecessary costs.
A system approach to the security of the global supply chain ensures methodical implementation, where non-conformities (NCs) are recorded and after making the immediate quick fix, the processes for root cause analysis (RCA) carried out. RCA prevents recurrence of the NC thanks to the CA (corrective actions) taken. Once closed these NCs become data points. Analysis of information gauged from the data then provides management with trends and the ability to predict potential NCs. Once the security management team can predict potential NCs, preventive actions can be taken to ensure system integrity.
Intro to ISO
ISO 28000 is a generic security management standard flexible enough to be adopted by organizations of any size. It uses the PDCA cycle (Plan, Do, Check, Act) employed by businesses globally to bring in efficiency, continual improvement and innovation using the international standard ISO 9001.
Companies already compliant with the ISO 9001 standard are ready to incorporate the additional benefits of ISO 28000 which include an assessment of security risk and implementation controls to manage potential security threats.
Companies which created operational efficiency using a process approach can now use ISO 28000 to remove the vulnerabilities of the global supply chain. An efficient profitable business compliant with quality and environmental requirements (ISO 9001 and ISO 14001), should be confident to move forward. In today's world terrorism can take many forms, and security plays a vital role in an organization's ability to ensure business continuity.
Companies considering ISO 28000 as the initial standard to adopt the PBMS approach widen their service scope. They also adhere to the Customs and Borders Protection (CBP) initiative, C-TPAT. That means they ensure the security of the global supply chain while preparing their management systems to gain the benefits of efficiency, continual improvement and innovation.
Apart from C-TPAT, the other international initiatives similar to ISO 28000 include:
- The World Customs Organization (WCO), which has adopted the Framework of Standards to Secure and Facilitate Global Trade, SAFE Framework security requirements;
- International Maritime Organization (IMO) / Safety of Life at Sea (SOLAS) security requirements (as included in Chapter XI-1 & 2) leading to the International Ship and Port Facility security requirements; and
- EU Authorized Economic Operator (AEO) security requirements.
At one time, just ensuring efficiency based on ISO 9001 was the option for companies to remain in business and to operate profitably. However, today staying in business requires taking care of the risks, pollutants and adverse environmental effects from the by-products of their processes. Those factors fall under ISO 14001 (Environmental Management System – EMS).
Meet Danger Apart from Ports
Following the tragedy of 9/11, even these ISO standards weren't sufficient as businesses scrambled to protect their supply chains from security breaches. The maritime community recognized these vulnerabilities and took the initiative to protect maritime assets by adopting the IMO's ISPS Code (International Ship and Port Facility).
But even with the adoption of this code there was still no way of ensuring that the cargo coming into or out of the ports would be tamper-proof. After all, often the cargo to be shipped (e.g., in a container) is cleared in the factory premises or a warehouse by the shipping countries' customs officials. It may then travel by train, truck, and barge before it actually arrives at an ISPS compliant port. Without the ISO 28000 upstream and downstream of the maritime protection, cargo remains vulnerable.
The global supply chain connects the world economy. Terrorists and individuals with malicious intent seeking to disrupt the supply chain can best be prevented by a system approach to security. The dangers to our maritime assets in ports come from outside the ports, upstream and downstream, so simply protecting the ports is not enough. A fail-safe system is needed to protect the global supply chain.
These measures are not limited to, but may include, better traceability of cargo using bar codes and biometric codes for humans to track intermodal transportation changes. Global supply chains are complex, offering bad elements opportunities to tamper with cargo at various points along the supply chain.
What could happen if security is breached? One vessel destroyed in just the right location could affect a country's economy for years. One train with HAZMAT cargo destroyed in a vital location can cause great loss of life, cause mass hysteria and not only adversely affect the economy but also demoralize a nation.
Consider a remotely detonated nuclear device exploding anywhere in the global supply chain and its impact. In U.S. neighborhoods, trucks carry a lot of our trade from the North and South. Securing the trucking routes can be a nightmare without a system approach. The implementation of ISO 28000 would plug loopholes in the supply chain and help prevent such catastrophes.
The security assessment matrix would give confidence that security plans have systematically considered all aspects of an issue. If the subsequent use of the supply chain reveals flaws (NCs) these would be taken care of by the procedures and correction (quick fix) and CA carried out. The data collected would ensure and avoid future recurrence based on management studying the inputs during periodic reviews.
A Global Effort
While the ISPS code ensures the security of maritime assets, these threats come into the ports and ships from outside the United States. Ninety-five percent of our imports are by sea. The security of the ports upstream and downstream is a national necessity.
Planned initiatives that will impact the supply chain make it even more important for logistics companies to adopt ISO 28000. The United States will surely be impacted by the Panama Canal widening, which will allow new super carriers to enter our eastern ports. This situation could easily slow down the inspection process and bring in NCs over time as we receive greater volumes on our eastern shores.
ISO 28000 should be adopted across the supply chain and the PBMS approach applied to ensure the security of the global supply chain. Without the relevant data, no predictions on the potential NCs can be objectively made to enable managers to plan ahead and prepare their security organization in a systematic manner. Data collected haphazardly would lead to bad decisions. The use of ISO 28000 would ensure a system approach where gathering of proper data would offer useful information upon which management could act.
Such a systematic approach will lead to better security and business performance.
Inderjit Arora is president & CEO at QMII, a global management systems consulting, auditing and training firm. He is also a lead instructor and consultant for security of the global supply chain using ISO 28000, C-TPAT and ISPS Code and a member of the American Society for Quality. A free-recorded webinar on this topic is now available from ASQ with registration via Intro to ISO 28000 - Security of the Global Supply Chain.