An International Standard for Supply Chain Security Management.

An International Standard for

Supply Chain Security Management

1. What is DNV

2. Why did we do what we did

3. What did we do sofar

4. What will happen next

5. What else needs to happen

Ship Classification Society

Established 1864Independent FoundationNon-profit – Self owned – No shareholders

Objective

“To safeguard life, property and the environment”

DNV provides confidencea.o. by setting standards

and verifying compliance

Main industries

ProcessOil & Gas RailShipping AutomotiveProcessOil & Gas RailShipping AutomotiveProcessOil & Gas RailShipping AutomotiveProcessOil & Gas RailShipping AutomotiveProcessOil & Gas RailShipping Automotive

Revenue > 800 Million USDOther

2%Consultancy29%

Certification33%

Classific.36%

Europe 4,000

Asia and

Australia 1.000

Americas 700

International Network

Maritime Industry

• Authorised by 130 national maritime authorities

• Recognised

• 16% of world fleet

and competing on Quality

• Leading in IMO on “the Human Factor” (ISM & ISPS)

• Lowest Port State detention rate of all class societies

0

20

40

60

80

100

120

Class Societies’ market share

IACS Fleet Development 1965– 2002

LR ABS

NK

DNV

BV

GL

Mill

. G

rt.

Vessels > 100 grt. 50% dual class includedYear-end figures

Year

Training

Greenhouse Gas Services

Management System Certification

EBtrust

Product and Personnel Certificates

DNV Certification ServicesQuality

Safety

Environment

• One of the world’s leading Management System Certification bodies

• Over 80 accreditations in 21 industrialised countries

• More than 8% of the world’s market for management system certificates

DNV and Security

• Worked with IMO since the “Cole-incident”• Instrumental in developing ISPS code

– Adopted December 2002– In force 30th June 2004

• >150 of DNV’s best maritime auditors trained in security

• Appointed RSO by flag-states for > 80% of our fleet

DNV and Security

• Ships• Certification to ISPS-code

• Ports• Training of PSO’s etc.• Advisory work

• …………… but what about the rest of the international supply chain ??????

Supply Chain: Current Initiatives

• US (unilateral)– CT-PAT– BASC– Container Security Initiative – 24hrs Advanced Manifest Regulation etc.

• G7 WCO– Secure supply chain– Facilitate world trade

• IMO WCO– Efficiency and security of multi-modal cargo

UN-Counter Terrorism Committee

Security Taskforce

UNODCIAEAUNICRIOPCWOASAPECEU Multinationals

What is DNV’s concern?

• All these initiatives will lead to proliferation• Formal initiatives will take too long time• By July 2004 ISPS will be the only internationally

implemented security management standard• Loss of motivation could turn the ISPS-code from a

meaningful tool into an expense-only • In case of security breach our clients will be held liable

and ships will be detained• Not enough capacity to reveal security breach before

departure > 250 Mln. Boxes <2% inspected

Supply Chain Security

Factory

Truck

Barge

Ship

Final Destination

Truck

Container terminal

Container terminal

Storage area

Port Ship

Risk of breach

Port Ship

Container terminal

ShipContainer terminalISPS Code

Import

ConfidenceConfidence

Export

< 2% !!30th June 2004!

How to speed-up the process?

• Customs need increased trusted trader agreements (capacity?)

• Move from bi-lateral to multi-lateral acceptance (time?)• Evolving trade unions result in more supply chains

without custom intervention (multiple players)• Confidence in supply chain partners requires verification

(multiple assessments) of security management systems• Therefore trade is in need of:

– International security standards for each step in the chain– A certification scheme as risk-assessment tool for customs c.s– An quality standard for certification bodies

SelfSelfAssessmentAssessment

Reliable Reliable Business Syst.Business Syst.

AccountingAccountingStandardsStandards

ACIACIGuidelGuidel

RiskRiskManagementManagement

ExtendedExtendedIntelligenceIntelligence

Supply Chain Supply Chain Security standardSecurity standard

ElectronicElectronicCommunic.Communic.

UCRUCRNrNr

WCOWCOData ModelData Model

Compliance Compliance AgreementsAgreements

The complex house of the Trusted Traders

WCO is building the Customs-Business Partnership

Why shall Customs Support a Security Code?

A security Management Code needs support from Customs

• It shall cover all existing guidelines and security requirements

– US C-TPAT– US BASC– Swedish Stair-Sec– Canadian CSA– WCO requirements

• A certified secure supply chain shall get a “green lane” through customs

• Customs can focus on non-trusted traders

Why shall industry support a Security Standard?

• Increasing number of large industrial players develop(ed) their own “standard”

– To reduce direct losses– To protect their reputation– To select their suppliers

• Increasingly security threats need not to pass customs

– Increasing of trade unions (EU, APEC, GOST??)– After implementation of ISPS terrorist will “purchase”

in the region of “target”

A Draft Supply Chain Security Code

Developed by DNV in consultation with SE and NL Customs• A generic security management standard • For closed cargo transportation units. • Only four basic processes in the supply chain

– Loading (stuffing, consolidating, sealing)– Storage of cargo / closed CTU’s– Transport by

• Road• Rail• Inland Waterways

– Processing of information• Based on ISO 9000 series (multiple management systems)

ISO Management SystemFunctional RequirementsQualityEnvironmentSafetySecurity

• Therefore “easy” to implement by industry

• Seamless connected to the ISPS-Code

• One supply chain!• 3 security levels:

L1 Normal mode of operation (lowest hurdle for trade)L2 Increased security due to general terrorist threatL3 High Security due to specific and targeted terrorist threat

• Basic requirements (industry to find own solutions) for:• Procedural security• Human Resources Security• Physical Security• Access Controls

• Non-prescriptive i.e. operators shall analyse own risk.

Why a seamless connection with the ISPS Code

Our Definition of Security

Physical Security = absence of danger that the characteristics of cargo in a secure area or a CTU are illegally changed including measures taken to guard against sabotage, escape , attack, or other crime. This danger includes i.a.:

• infiltration with weapons or any other dangerous substances and devices intended to harm people, property or the environment and which are not authorized,

• infiltration with other unauthorised cargo or passengers or • theft of, or damage to cargoInformation Security = absence of danger that information in a

document (paper or electronic) is accessed, distributed or changed without proper authorization including measures taken to guard against espionage, sabotage or other crime.

The code and its appendices: Status

Supply Chain Security Code: 1st hearing round

• Appendix A: Pending Pilots

Guidelines and check lists:

• Appendix B: Draft ready

Requirements to certification Bodies

• Appendix C: Draft ready

Requirements to Auditors

Securing Robustness of the standard

To assure robustness of the standard: • Assure industry involvement and backing

– Cooperation with UN-ECE through ITPWG of UN/CEFACT– A high-level conference in November to harmonize standardization

initiatives (UN, WCO, IMO, etc.) 13th & 14th November– Involve industry representatives!– Take fast-track to make it ISO-standards (2004?)

• Pilot Projects– Test applicability of standards in different business and cultural

settings– Test validity of certification procedures– Reveal development needs with customs and/or industries

in different business environments and cultures

Why certification to an ISO Standard?

Transparent communications

Underpin trust and confidence between partners in the supply chain

Facilitate mutual acceptance of “secure traders”

One world wide level playing field for all players in the supply chain

Avoid multiple assessments

A clear and concise reference in contractual agreements

A risk-assessment tool for authorities and industry

A tool to select suppliers/sub-contractors

The appendices B and C to the code

• Appendices are just a suggestion, based on DNV’s best experience

• Multi-lateral acceptance between customs require a level playing field

• Who will be the custodian of the standard (and its appendices)??

• Who will be accrediting certification bodies?– Supra national, i.e. not NACB’s! (developing countries!)– A new task for WCO?– A separate body, established by the parties supporting the code?

Appendix B: Requirements to certification Bodies

Appendix C: Requirements to Auditors

Supply Chain Security

Factory

Truck

Barge

Ship

Final Destination

Truck

Container terminal

Container terminal

Storage area

Port Ship

Risk of breach

Port Ship

Container terminal

ShipContainer terminalISPS Code

ISO Supply ChainSecurity Standard