supply chain related standards for increasing resilience
DESCRIPTION
Supply Chain Related Standards for Increasing Resilience. Supply Chain Related Standards. ISO 31000: Risk Management PD 25222: Supply Chain Continuity ISO 28001: Supply Chain Security Management. ISO 31000 Risk Management Standard. - PowerPoint PPT PresentationTRANSCRIPT
Supply Chain Related Standards for
Increasing Resilience
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.2
Supply Chain Related Standards
1. ISO 31000: Risk Management2. PD 25222: Supply Chain Continuity3. ISO 28001: Supply Chain Security
Management
ISO 31000 Risk Management Standard
A risk assessment is performed when management needs to understand the organization’s potential to loss or vulnerabilitiesThe purpose of RM is to reduce the impact of the risks and exposures identified in the RA
Impossible to identify all threats and estimates of probability are often guesswork
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.3
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.4
Risk Management Outcomes
Identification and documentation of:Single points of failurePrioritized list of threats to the organization or to the specific business processes analyzedInformation for a risk control management strategy and action plan for risks to be addressedDocumented acceptance of identified risks that are not to be addressed
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.5
Management of Risk Increases Resilience
Increases the likelihood of achieving objectives;More aware of the need to identify and treat risk throughout the organization;Improves the identification of opportunities and threats;Complies with relevant legal and regulatory requirements and international norms;Improves mandatory and voluntary reporting and governance;Establishes a reliable basis for decision making and planning;Improves controls;Effectively allocates and uses resources for risk treatment;Improves operational effectiveness and efficiency;Enhances health and safety performance, as well as environmental protection;Improves loss prevention and incident management;Minimizes losses; andIncreases organizational resilience.
ISO 31000
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.6
Framework for Managing Risk
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.7
Risk Management Process
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.8
ISO 31000 Risk Management Process
What may happen and
why?What are the
consequences?
What is the probability?
How to mitigate or reduce
probability of the risk?
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.9
Drivers of Risk Management
ISO 31000
According to this graphic by the Institute for Risk Management (IRM), Supply Chain Risk Management falls under the category of managing external Infrastructure Risks.
It would be one aspect of the organization’s overall risk management strategy.
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.10
Risk Assessment Techniques
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.11
Risk Description
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.12
Risk Management Assignments
PD 25222: 2011Business Continuity Management – Guidance on Supply Chain Continuity
Goal: Obtaining assurance of suppliers’ own continuity arrangements.Audience: Supply procurement Focus on key suppliers & dependence on key customersUse of a risk-based approach
©2012 ICOR ALL RIGHTS RESERVED SCRM 2050.13
Promotes the Classification of Suppliers
Uses a “tier” approach
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.14
Tier 3
Tier 2
Tier 1
• Supplies to tier 2 supplier
• Supplies products and services to tier 1 suppler
• Direct contractual relationship
Scope of Standard
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.15
Critical
Activities Customers Suppliers Supplies
Potential Types of Supplier Relationships
Recurring product/service suppliers: Providing components, raw materials, financing, property rental, essential fixed asset maintenance, etc.One-off or infrequent product/service suppliers: Perhaps to provide a new piece of capital equipment.
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.16
Potential Types of Supplier Relationships
Outsourced or contracted out: Off-site service or business process providers, such as payroll bureau, IT services, contact centre, logistics or distribution).Strategic partners: Such as franchises, distributors and joint ventures.Cooperative relationships or interdependencies between suppliers.
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.17
Supply Chain Relationship Impact Factors
People: personal relationships;Formal agreements: contracts, work orders, service level agreements, operating level agreements, etc.;Information: electronic or paper; purchase orders, design specifications;Processes: workflow; product/service creation and delivery;Infrastructure: transportation systems, Internet;Culture: business networks, trading relationships; Environment: political, meteorological, economic (e.g. foreign exchange rates), etc.
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.18
Supplier & Contract Lifecycle
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.19
Who Owns the Risk?The organization owns the risk and must manage supply chain risk and respond to supply chain interruptions
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.20
Supply Chain Continuity Management
Key benefit of effective supply chain continuity management is the mapping of supply chain results provides a better understanding of where and how to improve the organization’s supplier management which should increase efficiency and reduce the likelihood and impact of supply chain disruptions.
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.21
Challenges1. Scale and complexity of supply chain2. Distance and visibility of suppliers3. Existing contractual relationships4. Lack of structured approach5. Lack of business case6. Lack of embedded responsibility
across stakeholder functions
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.22
Challenges7. Striking a balance between expense of risk
reduction & short term financial rewards8. Differences in risk tolerance/appetites9. International cultural and legal differences10.Lack of power for smaller suppliers11.Obtaining firm and meaningful service
commitments12.Difficulty identifying indirect impacts13.Difficulty understanding full cost of
disruption
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.23
Supply Chain Mapping
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.24
Impact of Loss of Critical Supplier
©2012 ICOR ALL RIGHTS RESERVED BCM 5000.1.25
BCM Assurance & the Risk Portfolio
To implement a BCM assurance programme, the following need to be defined.1. The organization’s criteria for the BCM
capability of each tier of suppliers.2. The organizational process from
procurement to business-as-usual operation, including BCM consideration at all stages of implementation.
3. The process of assurance itself, including management of subsequent remediation
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.26
ISO 28000Security Management Systems for the Supply Chain (October 2007)
Provides requirements and guidance for organizations in international supply chains to • Develop and implement supply chain security
processes• Establish and document a minimum level of
security with a supply chain or segment of a supply chain
• Assist in meeting the applicable authorized economic operator (AEO) criteria set forth in the World Customs Organization Framework of Standards and conforming to national supply chain security programs
©2011 ICOR ALL RIGHTS RESERVED 27
Security of CargoCargo Management – Protecting cargo during all steps of manufacturing, shipping and transport processes:
Efficient prevention, detection and reporting of shipping process anomalies (routes and schedules continuous review; alerts management)Adequate inspections during the shipping process (in points where liability changes, to packaging materials and vehicles before being in contact with cargo).
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.28
Security of FacilitiesFacility Management – Guaranteeing the security of the facilities where goods are manufactured and cargo is stored and handled.
Optimal warehouse/terminal layout design (entry/exit controllability; clearly marked control areas; sufficient light conditions)Efficient facility monitoring (24hr camera system, security guards, filming activities of loading containers, picking ).
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.29
Security of InformationInformation Management – Protecting critical business data and exploiting information as tool for detecting illegal activities and preventing security breaches.
High protection of business information/data (management procedures and storing methods designed to protect information from unauthorized access and usage).Accurate and complete recordkeeping of shipping information for potential security audits (improved recordkeeping methods; quality control of records, error correction).
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.30
Security of PersonnelHuman Resources Management – Guaranteeing trustworthiness and security awareness of all personnel with physical or virtual access to the supply chains.
Professional employee hiring / exit process (background checks; interviews for leaving or fired employees).Efficient information dissemination process (internal and external publication of the company security policies).
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.31
Security of Company
Company Management Systems – “Building security” into internal and external organizational structures and company management systems, including supplier, partner and client management processes.
Adequate business partners evaluation system (selection of low risk and high security compliant suppliers, clients and subcontractors).Complete company security management system (defined security processes, defined and controlled security indicators, internal and external audits).
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.32
Vulnerability Map
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.33
Mapping by Key Process Area & Readiness
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.34
SCRM Maturity Levels
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.35
In Summary1. Using the management system described
by ISO 31000 to manage risks across the supply chain can mitigate risks and minimize supply chain interruptions.
2. An organization’s procurement specialists need to understand the importance of different suppliers and provide assurance that contracted services can be provided even during a disruptive incident.
3. Supply chains also face risks related to security logistics. These also need to be managed.
©2013 ICOR ALL RIGHTS RESERVED SCRM 2050.36
Questions?
Lynnda NelsonPresident, ICOR
[email protected] North America+1630-705-0910 International
www.theICOR.org
©2013 ICOR ALL RIGHTS RESERVED 37