recent trend of certification related to security - … · 25 aeo c-tpat isps code iso 28000...
TRANSCRIPT
Presenter: Park, Moon-Kyu General manager of System Certification Center Korean Register of Shipping(KR)
2011. 09. 29
Recent Trend of
Certification related to Security
2
• Movement to Security
• Scope of Security Systems
• ISPS Code
• C-TPAT
• AEO
• ISO 28000
• Benefits of ISO 28000
• Prospect
• Comparison of Security Systems
Contents
3
Movement to Security
ISPS
Code
C-TPAT
Customs-Trade
Partnership
Against
Terrorism
AEO
Authorized
Economic
Operators
ISO 28000
Others
4. Singpore-STP(Secure Trade
Partnership)
Japan-AEO
Canada-FAST(Free and Secure Trade)Program Australia-Frontline
New Zealand-SEP(Secure Exports
Partnership)
TAPA(Technology Asset Protection
Association)
5. ISO : 2007. 9. 15
1. IMO : 2004. 7. 1
2. USA:C-TPAT
(2001.11) -CSI(Container
Security Initiative)
-24hours rule
3. EU -
EC Regulation
648/2005
(2005.04)
AEO
Authorized
Economic
Operators
6. WCO - SAFE Frame
Work (2005.06)
4
ISO 28000
ISPS (International Ship & Port Security Code)
CSI (Container Security Initiative)
C-TPAT (Custom-Trade Partnership Against Terrorism)
24 Hours Advance Manifest Rule
Manufacturer Warehouse Transport Airport
Seaport At sea
On Air Airport
Seaport
Transport &
warehouse Customer
WCO Framework (AEO)
Scope of Security Systems
5
To prevent terrorist acts on ships
such as LNG & LPG carrier, and port
facilities.
1 July 2004: ISPS in the SOLAS
Chapter XI-2 came into force.
ISPS CODE
ISPS Code : International Code for the
security of ships and of port facilities
6
Abt 700 Korean Flag Ships certified
ISPS CODE in Korea
- Korean Government has certified relevant
facilities to meet Korean regulation based on
ISPS Code since 2004.
- KR is expected to be authorized as RSO(Recognized
Security Organization) by Korean Government
from 2012.
SHIPS
PORT FACILITIES
7
C-TPAT
In order to strengthen all supply chains security
related to cargo transportation if they become
C-TPAT partners, prompt customs clearance and
loading/unloading service are provided.
Customs-Trade Partnership Against Terrorism
USA, 2001.11
8
AEO 1/2
Authorized Economic Operator
WCO(World Customs Organization), 2005.6
The AEO concept is one of the main
building blocks within the WCO SAFE
Framework of Standards to secure
and facilitate Global Trade (SAFE).
9
AEO 2/2
An AEO is defined as: “a party involved in the
international movement of goods in whatever
function that has been approved by or on
behalf of a national Customs administration as
complying with WCO or equivalent supply chain
security standards. Authorized Economic
Operators include inter alia manufacturers,
importers, exporters, carriers, consolidators,
intermediaries, ports, airports, terminal
operators, integrated operators, warehouses
and distributors” (Wikipedia)
10
ISO 28000
Specification for security management systems
for the supply chain
ISO(International Organization of Standardization)
2007. 9. 15
11
ISO 28000 series broadly focuses on
the overall security in the supply
chain. Globally, ISO 28000 represents
itself as an umbrella standard that
incorporates the requirements of all
major international supply chain
initiatives.
What is ISO 28000 ?
Umbrella Standard
12
ISO 28000-certification enables companies
and businesses regardless of industry, size or
type of business, to determine and assess all
possible elements of risk, preventing losses
to the business and at the same time assure
compliance with all global security
management standards.
What is ISO 28000 ?
Regardless of Industry, size or type
13
- ISO/PAS 28000 (2005.11.15) → ISO 28000 (2007.09.15)
- ISO/PAS 28001 (2006.09.01) → ISO 28001 (2007.10.15)
- ISO/PAS 28003 (2006.10.01) → ISO 28003 (2007.08.01)
- ISO/PAS 28004 (2006.09.01) → ISO 28004 (2007.10.15)
※ PAS: Public Available Specification
ISO 28000 Series
Issue of ISO Standards
14
- KS V ISO 28000 (2007.11.30)
- KS V ISO 28001 (2007.12.27)
- KS V ISO 28003 (2007.12.27)
- KS V ISO 28004 (2007.12.27)
Korean Version of ISO 28000
Korean Standards
15
Elements of ISO 28000
15
Implementation
& operation
4.4
Checking &
corrective action
4.5
Security risk Assessment &
planning
4.3
Policy
4.2
Security
Management
System
Management
Review
4.6
4.2 Security management policy
4.3 Security risk assessment &
planning
4.4 Implementation & operation
4.5 Checking & corrective action
4.6 Management review
Continual
Improvement
16
ISO 28000 Certification in Korea
The certification scheme began from
April 1, 2008
when KR was accredited as the
certification body by Korean Agency
for Technology and Standards.
17
Accreditation
Body
(KATS)
Certification
Body
(KR) Report
Certification
s
Accreditation
KS V ISO 28003
Rules of KATS
List of certified company
(new, invalid, suspended, etc)
Company
Notice of
changes
Audit
KS V ISO 28000
ISO 28000 Certification System
18
ISO 28000 Overseas
DP World(UAE)
- First certification
- 49 terminals of 31 countries
Port of Houston Authority(USA)
- First certified port authority
YCH Group(Singapore)
- First certified logistics company
TNT Express(Singapore)
- First certified express integrator
19
YCH India(India)
- Logistics company
DB Schenker(Singapore)
- World’s second-largest forwarder
CTS Logistics(China)
- Logistics & manufacturing company
Banner Plasticard(Philippines)
- Electronic Card Maker
ISO 28000 Overseas
20
ISO 28000 Certification in Korea
Busan New Port
2008. 4 First certification in Korea
(ISO 28000, AEO and ISPS Code combined system)
2011. 4 Recertified
POSCO, Gwangyang
2010. 2 Certified
Hanjin
2010. 9 First certified logistics company in Korea
PANTOS
2010. 10 Certified
21
ISO 28000 Certification in Korea
ACE Express
- 2010.11 Certified
CJ GLS
- 2010.12 Certified
DTC
- 2010.12 Certified
DSV Air & Sea
- 2011.8 Certified
Hanaro TNS
- 2011.10 ISO 28000 certification to be expected as
an AEO certified company
22
Uplift of the company image as a professional
partner to customers and even law enforcement
authorities and investors
Organizations maintaining AEO, ISPS Code or ISO
9001 certification can easily seek ISO 28000 certification
ISO 28000 system can be easily combined with
other management system standards such as
ISO 9001, ISO 14001 and OHSAS 18001.
Benefits of ISO 28000 1/2
23
Increase of efficiency in transport and visibility in
supply chain management
Optimization of processes for a disruption-free
supply chain
Prevention of unnecessary losses through risk
analysis
Complying with global supply chain security
requirements such as AEO guidelines and ISPS
Code
Benefits of ISO 28000 2/2
24
Certification of ISO 28000 will be more
increased because ISO 28000 is an
international standard which provides
user-friendly tool.
Support of Interested Parties is needed
to promote ISO 28000.
Prospect
25
AEO C-TPAT ISPS CODE ISO 28000
Leading Agency WCO, Custom Service
Agencies CBP IMO, Contracting government
ISO, Accreditation Body,
Certification Body
Time of Implement 2008. 01 2002. 04 2004. 7. 1. 2007. 09
(2008. 04, Korea)
Participants
Economic operators specified in
Customs law among Supply
Chains
All Supply Chains(except exporters) Ships, Port Facilities All Supply Chain
Legal binding Voluntary Voluntary Compulsory Voluntary
Legal ground Regulation(EC) No 648/2005
Korea : Customs Law Safe Port Act 2006 SOLAS Ch. XI-2
ISO 28000:2007
Korea : Rules of KATS
Certification Overseas : 502(’08.12)
Korea : 111(’11. 03. 15) 9,128(’09.3)
All applied ship and port
facilities
Overseas : Est. 17(’09.4)
Korea : 8(’11. 08. 31)
Benefits
Cost cutting of audit, inspection
and transport, Quick custom
clearance(A, AA, AAA, three
levels)
Tier 1 : less inspections, quick
clearance
Tier 2 : less inspection than Tier 1,
priority in inspecting
Tier 3 : less inspection than Tier 1,
most priority in inspecting
Meeting international mandatory
regulations
- Internationally certified
-prevention of unnecessary
losses thru risk analysis
- uplift of the image of the
company to customers and
even law enforcement
authorities and investors
Comparison of Security Systems 1/2
26
AEO C-TPAT ISPS CODE ISO 28000
Maintenance Effective for three years
Report annually
Effective for three years
Invalidated when faults found Effective for three years
Effective for three years
two surveillance audits and a
recertification audit
MRA necessary necessary Not necessary Not necessary
Requirements
Trader information, compliance
history, internal control systems,
financial solvency, Safety and
security requirements (A, AA,
AAA, three levels)
Partner requirement,
container/vehicle/physical access
control, personnel, procedure,
training and threat awareness,
physical facility, IT((Tier 1,2,3)
ISPS CODE, SOLAS XI-2,
Contracting government’s rules
4.1General requirements
4.2 Security management
policy
4.3 Security risk assessment
and planning
4.4 Implementation and
operation
4.5 Checking and corrective
action
4.6 Management review and
continual improvement
Comparison of Security Systems 2/2