PRESENTATION TO THE

1
PRESENTATION TO THE SCLRC Supply chain
security and process management.
2
INTRODUCTION

• THREE PART PRESENTATION
• BACKGROUND - SOME COMMENTS AND OBSERVATIONS
• THE REAL TIME CURRENT SITUATION
• CASE STUDY D P WORLD AND DJIBOUTI

3
AIM

• The aim of this presentation is
• to address the practical supply chain security
  processes and procedures that use the dynamics of
  physical and procedural security to reinforce and
  manage supply chain business continuity.
• The objective being
• to identify how to create secure and resilient
  supply chains whilst at the same time meeting
  compliance requirements.

4
The Future Stealth Bomber

• Port and Container vulnerability inextricably
  linked and found
• At point of stuffing
• During trucking
• At terminal
• During loading
• In maritime transit
• During delivery
• At unloading

5
PART I - BACKGROUND

• Vulnerablities are clear and few deny the e2e
  supply chain is complex with multiple
  stakeholders
• But there are both Commercial drivers for change
  and Terrorist drivers for change
• A change management issue where management is
  shirking responsibility
• Has to be buy in by all stakeholders.
• Has to be buy in from top to bottom

6
MANY CHALLENGES

• Multiple Commercial Challenges
• Critical Blind Spots
• Multiple participants/stakeholders and
  chokepoints
• Individual security solutions
• Processes, personnel and facility security
• No integrated/continuous liability
• Requirements to reduce theft - 40Bn
• Cyber security is there?
• Terrorism

• Terrorist Challenges
• Deny opportunity deterrence
• Avoid overplaying risk m.o?
• But - opportunity exists
• Virtual absence of security
• Supply chain potential volume and velocity
• And - motivators
• Climate of collapse
• Traumatised general public
• Bring trade/economics to a halt.

7
The Supply Chain Conundrum how to secure the
container passing through the multitude of choke
points in the chain- as presented in the above
question?
8
THE PREPARED MINDSET IS IT SUFFICIENT ?
9
PART II - CURRENT SITUATION

• Plethora of initiatives lets remind ourselves
  of the Volumes of research and discussion

10

• Supply Chain
• Security Initiatives
• 1. Global voluntary
• ISO 28000/1/3/4
• WCO SAFE
• TAPA
• 2. Global mandatory
• ICAO
• IMO/ISPS
• Dangerous
• goods
• 3. North America
• voluntary
• C-TPAT
• CSI

Various SCS programs appear to contain similar
security measures, in 6 subgroups
System
11
PART II - CURRENT SITUATION

• Plethora of initiatives lets remind ourselves
  of the Volumes of research and discussion
• All outstanding in intention but do we have
  increased security in the SC? Do we
• So what are the common denominators
• Containers
• Ports
• Ships

12
(No Transcript)
13
POTENTIAL SOLUTIONS

• Procedural but ..
• Why are there buy in problems
• Compliance v Voluntary too much choice?
• Policing problems resources
• Technology but .
• Heightened expectations 21rst Century panacea?
• Peak of Expectation v Trough of dissilusionment
• The scapegoat? It is/should be the manufacturers
  dilemma the service provider not my problem
  syndrome of stakeholders.

14
SOLUTION PROBLEMS/ISSUES

• SC reliant on mature industry margins low
  highly competitive risk averse conservative
  privately owned.
• National and supranational suggestions some
  compliance driven but all voluntary too soft?
• Therefore only high volume high value logistics
  going to benefit
• Who is going to pay for the unwilling producer
  where no benefit perceived
• Little point in screening low risk participants.
• Crunch point comes at the Port/Terminal but again
  ask who will pay and why, for the technology?

15
THE PORT OPERATOR OPTIONS

• Do nothing or .
• Apply best business security practice as lessors
  and provide VFM added value.
• Take the lead practically intermodal hub that
  can not be disinvented.
• DPW have looked at security from a corporate
  perspective providing top down change
  management direction in security culture and
  implementation.
• Driving forward standardisation through common
  procedures and exploring a technology solution
  that adds value.

16
PART III - RADICAL CHANGE
17
INTRODUCTION OF ISO 28000

• Time for DP World to move beyond the reactive to
  the proactive and adaptive
• DP Worlds corporate security management system
  developed based upon the new international
  security standard for supply chains ISO/PAS
  280002005Designed to enable an organisation to
  manage its security effectively through ongoing
  assessment of risk and vulnerabilities within its
  operations.
• Culture of continuous monitoring and improvement
  aims to ensure effective preventative measures in
  the international supply chain..

18
WHAT IS ISO 28000?

• An overarching tool
• Provides SMS requirements for
• Establishing
• Implementing
• Maintaining
• Improving
• Applicable to all stakeholders in the supply
  chain
• Supranational, national and industry input
  co-operation
• Risk based follows other ISO e.g. 14001

19
WHAT ISO 28000 DOES

• This new management system specification provides
  a framework for organisations that operate or
  rely on any aspect of the supply chain.
• It can help all sectors of e2e industry assess
  security risks and implement controls and
  mitigating arrangements to manage potential
  security threats in the same way other
  fundamental business principles such as quality,
  safety and customer satisfaction are managed.
• The specification is a plan-do-check-act based
  management system that has been modeled on the
  well proven ISO 14001 standard. Organisations
  will be able to use a similar approach when
  analysing supply chain security risks and
  threats.
• For organisations working within, or relying on,
  the logistics industry, certification to the
  ISO/PAS 280002005 supply chain management
  standard, provides a valuable framework.
• It will minimise the risk of security incidents
  and help provide problem free 'just in time'
  delivery of goods and supplies.

20
A SECURITY MANAGEMENT SYSTEM

• Accountability
• Corporate direction
• International compliance
• Best business practice
• Through Non Conformance Reporting
• Non conformities
• Management responsibility at highest levels for
  Business Units and Corporate.
• Requirement to drive and substantiate continual
  improvement

21
DJIBOUTI

22
STRATEGIC IMPORTANCE ON A POSTAGE STAMP
23
PORT OF DJIBOUTI

• DP World managed since 2000
• Corporate security advisors Hart Maritime
  identify 2 Million saving
• At same time a need to stop loosing containers
• ISO 28000 to be root of service level
  agreements (SLA)
• Djibouti Management Contract in addition to
  implement
• 3rd World ISPS Plan to give 1rst World
  Credibility
• ISO 28000 to provide automatic verification of
  PFSA and PFSP as part of SMS.

24
ISO 28000

• Considered 20858 but this just ISPS verification
  and 28000 covers automatically
• Team acutely aware of supply chain interface
• Djibouti is also unique cargo stuffed in the
  main in the Port.
• Needed also to implement plan ISO 28000 the
  ideal and better vehicle and also to accredit
  implementation

25

• THOROUGH STRATEGIC REVIEW OF SMS
• Organisation, structure and processes
• Responsibility and authority for security
  management
• Security Policy and its implementation
• Threat and risk assessment and control measures
  for review
• Legal, strategic and other requirements
• Security management objectives, targets, and
  programmes
• Management review processes and audits

26

• REVIEW (CONT)
• Competence, training and awareness
• Communications
• SMS documentation and document and data control
• Emergency and incident procedures
• Performance measurement and monitoring
• Internal audits
• System evaluation
• Management review process
• Estimation of continual improvement performance

27
METHODOLOGY

• Two Phase Audit
• One month between each
• Non Conformance Identification
• Major
• Minor
• Requires Correction
• Scope for improvement

28
PRACTICAL LESSONS LEARNT

• Stakeholder accountability
• Truckers processes and procedures
• Times
• Gate passes
• Customs
• Freight Forwarders
• Cooli vetting
• Container stuffing declaration
• Lines
• ISPS Security declaration loopholes
• More rigorous inspections IMO Reg/SSC/SSP
• Port policing and support of agreements
• Acces control issues and commercial priorities
• Incident control
• Non conformity

29
ACCREDITATION SEPTEMBER 2006

• HAS LED TO USCG AND CBP INTEREST AS PORT BENCH
  MARK
• DPW WORLD INVOLVEMENT IN THE SFI
• INCREASED CREDIBILITY IN AN UNSTABLE REGION
• INCREASED BUSINESS (ZIM LINES TRANSHIPMENT HUB)
• HAS LED TO SIGNIFICANT INCREASE IN CORPORATE AND
  BUSINESS UNIT AWARENESS.
• HAS LED TO NEW SECURITY BUSINESS!

30

• OTHER DEVELOPMENTS
• ISO / PAS 20858
• -Published Uniform industry implementation of
  ISPS Code
• ISO / PAS 28001
• -In final draft, will be consistent with WCO
  Frameworkof Standards
• -Assist industry in Best practices for custody in
  supply chain
• ISO 28004
• -WorkingGroup convened 2006
• -Guidance for 28000, also Refers to 19011 17021
• ISO 28005
• -Under development Electronic Port Clearance
  (EPC)
• -Computer to Computer data transmission
• OTHER LOWER TIER -subsystems, components
  standards but ALL ISO driven recognition for
  global security standardisation

31
WAY AHEAD

• Continue to focus on practicalities AND actually
  implement potential solutions whatever they may
  be - they will reduce the risk environment if
  effectively implemented .
• Objective has to remain the flow of trade but not
  at the expense of security. Cost of failure is
  too high a risk.
• Lobby for ISO standardisation level playing
  field which focuses on the human and processes
  and procedures that provide for independant
  auditable security.
• Can then offer carrots rather than focus on
  sticks and buys time for the right technologies
  for the right reasons.
• Remember though the clock is ticking.

32
ANY
QUESTIONS?