1 / 0

Supply Chain Related Standards for Increasing Resilience

Supply Chain Related Standards for Increasing Resilience. Supply Chain Related Standards. ISO 31000: Risk Management PD 25222: Supply Chain Continuity ISO 28001: Supply Chain Security Management. ISO 31000 Risk Management Standard.

gavan
Download Presentation

Supply Chain Related Standards for Increasing Resilience

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Supply Chain Related Standards for Increasing Resilience

  2. Supply Chain Related Standards ISO 31000: Risk Management PD 25222: Supply Chain Continuity ISO 28001: Supply Chain Security Management
  3. ISO 31000 Risk Management Standard A risk assessment is performed when management needs to understand the organization’s potential to loss or vulnerabilities The purpose of RM is to reduce the impact of the risks and exposures identified in the RA Impossible to identify all threats and estimates of probability are often guesswork
  4. Risk Management Outcomes Identification and documentation of: Single points of failure Prioritized list of threats to the organization or to the specific business processes analyzed Information for a risk control management strategy and action plan for risks to be addressed Documented acceptance of identified risks that are not to be addressed
  5. Management of Risk Increases Resilience Increases the likelihood of achieving objectives; More aware of the need to identify and treat risk throughout the organization; Improves the identification of opportunities and threats; Complies with relevant legal and regulatory requirements and international norms; Improves mandatory and voluntary reporting and governance; Establishes a reliable basis for decision making and planning; Improves controls; Effectively allocates and uses resources for risk treatment; Improves operational effectiveness and efficiency; Enhances health and safety performance, as well as environmental protection; Improves loss prevention and incident management; Minimizes losses; and Increases organizational resilience. ISO 31000
  6. Framework for Managing Risk
  7. Risk Management Process
  8. ISO 31000 Risk Management Process What may happen and why? What are the consequences? What is the probability? How to mitigate or reduce probability of the risk?
  9. Drivers of Risk Management According to this graphic by the Institute for Risk Management (IRM), Supply Chain Risk Management falls under the category of managing external Infrastructure Risks. It would be one aspect of the organization’s overall risk management strategy. ISO 31000
  10. Risk Assessment Techniques
  11. Risk Description
  12. Risk Management Assignments
  13. PD 25222: 2011 Business Continuity Management – Guidance on Supply Chain Continuity Goal: Obtaining assurance of suppliers’ own continuity arrangements. Audience: Supply procurement Focus on key suppliers & dependence on key customers Use of a risk-based approach
  14. Promotes the Classification of Suppliers Uses a “tier” approach
  15. Scope of Standard Critical Activities Customers Suppliers Supplies
  16. Potential Types of Supplier Relationships Recurring product/service suppliers: Providing components, raw materials, financing, property rental, essential fixed asset maintenance, etc. One-off or infrequent product/service suppliers: Perhaps to provide a new piece of capital equipment.
  17. Potential Types of Supplier Relationships Outsourced or contracted out: Off-site service or business process providers, such as payroll bureau, IT services, contact centre, logistics or distribution). Strategic partners: Such as franchises, distributors and joint ventures. Cooperative relationships or interdependencies between suppliers.
  18. Supply Chain Relationship Impact Factors People: personal relationships; Formal agreements: contracts, work orders, service level agreements, operating level agreements, etc.; Information: electronic or paper; purchase orders, design specifications; Processes: workflow; product/service creation and delivery; Infrastructure: transportation systems, Internet; Culture: business networks, trading relationships; Environment: political, meteorological, economic (e.g. foreign exchange rates), etc.
  19. Supplier & Contract Lifecycle
  20. Who Owns the Risk? The organization owns the risk and must manage supply chain risk and respond to supply chain interruptions
  21. Supply Chain Continuity Management Key benefit of effective supply chain continuity management is the mapping of supply chain results provides a better understanding of where and how to improve the organization’s supplier management which should increase efficiency and reduce the likelihood and impact of supply chain disruptions.
  22. Challenges Scale and complexity of supply chain Distance and visibility of suppliers Existing contractual relationships Lack of structured approach Lack of business case Lack of embedded responsibility across stakeholder functions
  23. Challenges Striking a balance between expense of risk reduction & short term financial rewards Differences in risk tolerance/appetites International cultural and legal differences Lack of power for smaller suppliers Obtaining firm and meaningful service commitments Difficulty identifying indirect impacts Difficulty understanding full cost of disruption
  24. Supply Chain Mapping
  25. Impact of Loss of Critical Supplier
  26. BCM Assurance & the Risk Portfolio To implement a BCM assurance programme, the following need to be defined. The organization’s criteria for the BCM capability of each tier of suppliers. The organizational process from procurement to business-as-usual operation, including BCM consideration at all stages of implementation. The process of assurance itself, including management of subsequent remediation
  27. ISO 28000 Security Management Systems for the Supply Chain (October 2007) Provides requirements and guidance for organizations in international supply chains to Develop and implement supply chain security processes Establish and document a minimum level of security with a supply chain or segment of a supply chain Assist in meeting the applicable authorized economic operator (AEO) criteria set forth in the World Customs Organization Framework of Standards and conforming to national supply chain security programs
  28. Security of Cargo Cargo Management – Protecting cargo during all steps of manufacturing, shipping and transport processes: Efficient prevention, detection and reporting of shipping process anomalies (routes and schedules continuous review; alerts management) Adequate inspections during the shipping process (in points where liability changes, to packaging materials and vehicles before being in contact with cargo).
  29. Security of Facilities Facility Management – Guaranteeing the security of the facilities where goods are manufactured and cargo is stored and handled. Optimal warehouse/terminal layout design (entry/exit controllability; clearly marked control areas; sufficient light conditions) Efficient facility monitoring (24hr camera system, security guards, filming activities of loading containers, picking ).
  30. Security of Information Information Management – Protecting critical business data and exploiting information as tool for detecting illegal activities and preventing security breaches. High protection of business information/data (management procedures and storing methods designed to protect information from unauthorized access and usage). Accurate and complete recordkeeping of shipping information for potential security audits (improved recordkeeping methods; quality control of records, error correction).
  31. Security of Personnel Human Resources Management – Guaranteeing trustworthiness and security awareness of all personnel with physical or virtual access to the supply chains. Professional employee hiring / exit process (background checks; interviews for leaving or fired employees). Efficient information dissemination process (internal and external publication of the company security policies).
  32. Security of Company Company Management Systems – “Building security” into internal and external organizational structures and company management systems, including supplier, partner and client management processes. Adequate business partners evaluation system (selection of low risk and high security compliant suppliers, clients and subcontractors). Complete company security management system (defined security processes, defined and controlled security indicators, internal and external audits).
  33. Vulnerability Map
  34. Mapping by Key Process Area & Readiness
  35. SCRM Maturity Levels
  36. In Summary Using the management system described by ISO 31000 to manage risks across the supply chain can mitigate risks and minimize supply chain interruptions. An organization’s procurement specialists need to understand the importance of different suppliers and provide assurance that contracted services can be provided even during a disruptive incident. Supply chains also face risks related to security logistics. These also need to be managed.
  37. Questions? Lynnda Nelson President, ICOR Lynnda@theicor.org 866-765-8321 North America +1630-705-0910 International www.theICOR.org
More Related