Security Along the Supply Chain

Apr 1, 2006 12:00 PM, By Ronald Greene


         Subscribe in NewsGator Online   Subscribe in Bloglines

WOULD THE COMPANY PASS A SUPPLY CHAIN SECURITY TEST? What level of security is sufficient to meet the minimum government program requirements? What level is sufficient to mitigate risks to an acceptable level? These are some of the questions companies are having to address as it becomes clearer that supply chain security is a necessary part of business operations.

The need for companies to secure global supply chains has moved to the front lines as the U.S. government works to close the gaps in the nation's security infrastructure. With millions of cargo shipments crossing the globe every day, there is clearly potential for the global supply chain to be used for malicious purposes. The U.S. government initiated the recent supply chain security push with Customs-Trade Partnership Against Terrorism (C-TPAT) program. Other world governments followed with support and by developing their own programs. When these programs are mature, they will help refine the best and most effective approach to global supply chain security.

Two underlying principles serve as a foundation for these programs:

  • Successful global supply chain security will require the public and private sectors to work together to take ownership and foot the bill.

  • Security programs must be fully incorporated and understood by all levels of an organization, from top executives to the individual workers who handle the freight.

Looking back on supply chain security

Many people outside certain industries do not realize that robust supply chain security programs were alive and well before the Sept. 11 attacks. The programs actually became prevalent in the 1990s, when there was a substantial increase in the amount of high-tech cargo (such as computers, cell phones and microprocessors) moving through the global supply chain. With high-value, easily-liquidated products being shipped around the world with little protective infrastructure, individual companies were losing tens of millions of dollars annually from supply chain theft. Thus, the evolution of supply chain security programs focused on loss prevention.

The development of government programs has created a shift in supply chain security to include anti-terrorism program compliance. Such changes in the goals of supply chains security programs have added complexity, but the approach and techniques are the same.

The global supply chain security challenge

The dynamics of the global supply chain requires that companies turn over their cargo to third-party freight forwarders and brokers — usually with little understanding of how, where and who is handling it, and who is responsible for delivery. It is possible that shipping cargo across the United States may involve several different companies and stops along the way.

Now consider the complexity of international shipments. Typical shipments change hands numerous times; transportation providers and the owners of the cargo rarely communicate or even know each other. The need for global supply chain security programs will force players in all facets of supply chain operations to address these issues, thus helping to ensure shipments are secure at all points in the supply chain.

Supply chain security test

Whether a company is in the initial stages of developing a supply chain security program or already has programs in place, conducting a simple internal test can provide a gauge of how well a supply chain is documented. As we have seen, most supply chains involve numerous vendors and partners supporting the movement of goods from the origin to the destination. Knowing who exactly is responsible for these activities is the first step in securing the supply chain. Completing the steps below can overcome one of the biggest hurdles in securing the supply chain.

The steps are targeted to an organization importing manufactured goods from operations outside of the United States. The same principles can be adjusted and applied to other types of supply chain scenarios.

Step One: Choose a subset of transportation lanes moving a company's product from the origin (manufacturing facility) to the end destination (retail or wholesale location). Typically, between four and six individual transportation lanes will be sufficient. Try to choose lanes that incorporate different countries and product categories.

A transportation lane is a single product type moving from a unique origin to a unique destination via the same geographical routing and mode(s) of transportation for all shipments.

Step Two: For each transportation lane, identify the exact routing and facilities the cargo moves through from origin to destination. An example of a transportation lane routing is illustrated in the example shown at top right.

The example may seem complicated at first glance, but it is really a simplistic example for full container shipment into the United States. If the product is moving as a consolidated or partial load (LTL) shipment, the complexity of the transportation routing could increase significantly. Also, the dynamic of rush orders or prototypes could significantly change the routing and modes of transportation.

Step Three: This is the most difficult step. Identify both the name and address of each company responsible for handling the cargo at each point throughout the transportation routing. This includes all ground transportation providers, freight forwarders, air carrier, sea and rail providers. In the example, there would most likely be two or more ground transportation providers in the manufacturing country, the freight forwarder, sea and rail providers and multiple ground transportation providers in the destination country.

If one can complete the above three steps with relative ease and a high level of confidence that the information is correct, the company has a well-documented supply chain. This is one of the first tasks to establish and assess supply chain security programs.

Cost-efficient supply chain security programs

Most experts agree that supply chain security management is here to stay. The risks are high and the potential cost of a company having an adverse security event within its supply chain is staggering. Whether a company is still developing its supply chain security program or has one already in place, there are two key concepts managers should incorporate into all aspects of their supply chain security program to increase efficiency and mitigate risks.

The first concept is simple — “avoid risk whenever possible.” One of the biggest factors affecting the level of supply chain risk is geographic location. Moving products through countries or regions known for high rates of cargo theft or regions with high anti-American sentiment increases risks to the supply chain exponentially. By avoiding high-risk locations, a company can reduce inherent supply chain risk. This is not always a feasible solution, but whenever the potential exists to route around and eliminate problematic locations from the supply chain, the resulting benefits should be considered.

The second concept that ensures security dollars are being used efficiently is to secure the supply chain by addressing regional risks and threats. Often when supply chain security programs are being developed, security measures are established and required on all supply chain components regardless of location or product. Another common technique is to copy a successful supply chain security program and apply it to a different supply chain component in another country or region.

These approaches are inherently flawed from both efficiency and cost standpoints, as they automatically establish a security program that will over-secure in low-risk areas and under-secure in high-risk areas of the supply chain. For example, such a program would secure raw materials with little or no value being shipped to a foreign factory, while similarly securing high-value finished goods in a region of the world known for high rates of cargo theft. Different supply chain components require different levels and approaches to security based on geographical risk and product type.

Quantifying supply chain risk

Another technique that is becoming more widespread in industry is the practice of quantifying supply chain risk and building a business case for security program spending. Traditionally, security departments within corporations are viewed as a financial drain, providing little return on investment to the corporation. Supply chain security programs provide an opportunity for security departments to communicate their benefit to the organization in terms of dollars and cents. Quantifying risk and finding the savings provided to the organization from reduction on supply chain losses and security breaches can be complicated, but will add substantial value to a organization. This typically requires a high-level understanding of supply chain exposures and mitigation techniques. The most accurate approach involves taking historical supply chain security data and analyzing the frequency of security breaches, methods used in the breach, defeated security infrastructure, product type, mode of transportation, as well as other supply risk factors. Once this analysis is complete, models can be developed providing a business case and accurate cost-benefit analysis for the supply chain security program.

The growth of the global supply chain over the past few decades — along with heightened and new threats from abroad — has focused attention on whether or not individual shipments are secure when entering the country through cargo terminals. The government and the private sector are addressing these issues, but only time will tell if they are moving fast enough to prevent an adverse supply chain event.

The methods described here can help to take control of an organization's supply chain security. While general strategies may be effective, a custom-made program based on an organization's activities and history is always the best way to ensure that freight is well-protected from the multiple hazards faced during international transportation.

ABOUT THE AUTHOR

Ronald Greene is a supply chain link analyst for First Advantage Corp., St. Petersburg, Fla., a developer of customized global supply chain security programs. Visit www.fadv.com/supplychain for more information.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

Today's New Product

Product 1 Image

Privaris Biometric Verification Software

In support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization.

To read more...


Govt Security

Cover

SUBSCRIBE

This month in Access Control

Latest Jobs

Popular Stories

Resources

Webinar

A Cost-Effective Framework For Total Security Integration

Join AC&SS and MAXxess as they review two different IP-framework applications
Wednesday, July 30, 2008 at 2:00pm ET/11:00am PT

Register Now!

Back to Top