An International Standard for Supply Chain Security Management
Jan 16, 2016
An International Standard for
Supply Chain Security Management
1. What is DNV
2. Why did we do what we did
3. What did we do sofar
4. What will happen next
5. What else needs to happen
Ship Classification Society
Established 1864Independent FoundationNon-profit – Self owned – No shareholders
Objective
“To safeguard life, property and the environment”
DNV provides confidencea.o. by setting standards
and verifying compliance
Main industries
ProcessOil & Gas RailShipping AutomotiveProcessOil & Gas RailShipping AutomotiveProcessOil & Gas RailShipping AutomotiveProcessOil & Gas RailShipping AutomotiveProcessOil & Gas RailShipping Automotive
Revenue > 800 Million USDOther
2%Consultancy29%
Certification33%
Classific.36%
Europe 4,000
Asia and
Australia 1.000
Americas 700
International Network
Maritime Industry
• Authorised by 130 national maritime authorities
• Recognised
• 16% of world fleet
and competing on Quality
• Leading in IMO on “the Human Factor” (ISM & ISPS)
• Lowest Port State detention rate of all class societies
0
20
40
60
80
100
120
Class Societies’ market share
IACS Fleet Development 1965– 2002
LR ABS
NK
DNV
BV
GL
Mill
. G
rt.
Vessels > 100 grt. 50% dual class includedYear-end figures
Year
Training
Greenhouse Gas Services
Management System Certification
EBtrust
Product and Personnel Certificates
DNV Certification ServicesQuality
Safety
Environment
• One of the world’s leading Management System Certification bodies
• Over 80 accreditations in 21 industrialised countries
• More than 8% of the world’s market for management system certificates
DNV and Security
• Worked with IMO since the “Cole-incident”• Instrumental in developing ISPS code
– Adopted December 2002– In force 30th June 2004
• >150 of DNV’s best maritime auditors trained in security
• Appointed RSO by flag-states for > 80% of our fleet
DNV and Security
• Ships• Certification to ISPS-code
• Ports• Training of PSO’s etc.• Advisory work
• …………… but what about the rest of the international supply chain ??????
Supply Chain: Current Initiatives
• US (unilateral)– CT-PAT– BASC– Container Security Initiative – 24hrs Advanced Manifest Regulation etc.
• G7 WCO– Secure supply chain– Facilitate world trade
• IMO WCO– Efficiency and security of multi-modal cargo
UN-Counter Terrorism Committee
Security Taskforce
UNODCIAEAUNICRIOPCWOASAPECEU Multinationals
What is DNV’s concern?
• All these initiatives will lead to proliferation• Formal initiatives will take too long time• By July 2004 ISPS will be the only internationally
implemented security management standard• Loss of motivation could turn the ISPS-code from a
meaningful tool into an expense-only • In case of security breach our clients will be held liable
and ships will be detained• Not enough capacity to reveal security breach before
departure > 250 Mln. Boxes <2% inspected
Supply Chain Security
Factory
Truck
Barge
Ship
Final Destination
Truck
Container terminal
Container terminal
Storage area
Port Ship
Risk of breach
Port Ship
Container terminal
ShipContainer terminalISPS Code
Import
ConfidenceConfidence
Export
< 2% !!30th June 2004!
How to speed-up the process?
• Customs need increased trusted trader agreements (capacity?)
• Move from bi-lateral to multi-lateral acceptance (time?)• Evolving trade unions result in more supply chains
without custom intervention (multiple players)• Confidence in supply chain partners requires verification
(multiple assessments) of security management systems• Therefore trade is in need of:
– International security standards for each step in the chain– A certification scheme as risk-assessment tool for customs c.s– An quality standard for certification bodies
SelfSelfAssessmentAssessment
Reliable Reliable Business Syst.Business Syst.
AccountingAccountingStandardsStandards
ACIACIGuidelGuidel
RiskRiskManagementManagement
ExtendedExtendedIntelligenceIntelligence
Supply Chain Supply Chain Security standardSecurity standard
ElectronicElectronicCommunic.Communic.
UCRUCRNrNr
WCOWCOData ModelData Model
Compliance Compliance AgreementsAgreements
The complex house of the Trusted Traders
WCO is building the Customs-Business Partnership
Why shall Customs Support a Security Code?
A security Management Code needs support from Customs
• It shall cover all existing guidelines and security requirements
– US C-TPAT– US BASC– Swedish Stair-Sec– Canadian CSA– WCO requirements
• A certified secure supply chain shall get a “green lane” through customs
• Customs can focus on non-trusted traders
Why shall industry support a Security Standard?
• Increasing number of large industrial players develop(ed) their own “standard”
– To reduce direct losses– To protect their reputation– To select their suppliers
• Increasingly security threats need not to pass customs
– Increasing of trade unions (EU, APEC, GOST??)– After implementation of ISPS terrorist will “purchase”
in the region of “target”
A Draft Supply Chain Security Code
Developed by DNV in consultation with SE and NL Customs• A generic security management standard • For closed cargo transportation units. • Only four basic processes in the supply chain
– Loading (stuffing, consolidating, sealing)– Storage of cargo / closed CTU’s– Transport by
• Road• Rail• Inland Waterways
– Processing of information• Based on ISO 9000 series (multiple management systems)
ISO Management SystemFunctional RequirementsQualityEnvironmentSafetySecurity
• Therefore “easy” to implement by industry
• Seamless connected to the ISPS-Code
• One supply chain!• 3 security levels:
L1 Normal mode of operation (lowest hurdle for trade)L2 Increased security due to general terrorist threatL3 High Security due to specific and targeted terrorist threat
• Basic requirements (industry to find own solutions) for:• Procedural security• Human Resources Security• Physical Security• Access Controls
• Non-prescriptive i.e. operators shall analyse own risk.
Why a seamless connection with the ISPS Code
Our Definition of Security
Physical Security = absence of danger that the characteristics of cargo in a secure area or a CTU are illegally changed including measures taken to guard against sabotage, escape , attack, or other crime. This danger includes i.a.:
• infiltration with weapons or any other dangerous substances and devices intended to harm people, property or the environment and which are not authorized,
• infiltration with other unauthorised cargo or passengers or • theft of, or damage to cargoInformation Security = absence of danger that information in a
document (paper or electronic) is accessed, distributed or changed without proper authorization including measures taken to guard against espionage, sabotage or other crime.
The code and its appendices: Status
Supply Chain Security Code: 1st hearing round
• Appendix A: Pending Pilots
Guidelines and check lists:
• Appendix B: Draft ready
Requirements to certification Bodies
• Appendix C: Draft ready
Requirements to Auditors
Securing Robustness of the standard
To assure robustness of the standard: • Assure industry involvement and backing
– Cooperation with UN-ECE through ITPWG of UN/CEFACT– A high-level conference in November to harmonize standardization
initiatives (UN, WCO, IMO, etc.) 13th & 14th November– Involve industry representatives!– Take fast-track to make it ISO-standards (2004?)
• Pilot Projects– Test applicability of standards in different business and cultural
settings– Test validity of certification procedures– Reveal development needs with customs and/or industries
in different business environments and cultures
Why certification to an ISO Standard?
Transparent communications
Underpin trust and confidence between partners in the supply chain
Facilitate mutual acceptance of “secure traders”
One world wide level playing field for all players in the supply chain
Avoid multiple assessments
A clear and concise reference in contractual agreements
A risk-assessment tool for authorities and industry
A tool to select suppliers/sub-contractors
The appendices B and C to the code
• Appendices are just a suggestion, based on DNV’s best experience
• Multi-lateral acceptance between customs require a level playing field
• Who will be the custodian of the standard (and its appendices)??
• Who will be accrediting certification bodies?– Supra national, i.e. not NACB’s! (developing countries!)– A new task for WCO?– A separate body, established by the parties supporting the code?
Appendix B: Requirements to certification Bodies
Appendix C: Requirements to Auditors
Supply Chain Security
Factory
Truck
Barge
Ship
Final Destination
Truck
Container terminal
Container terminal
Storage area
Port Ship
Risk of breach
Port Ship
Container terminal
ShipContainer terminalISPS Code
ISO Supply ChainSecurity Standard