Presentation is loading. Please wait.

Presentation is loading. Please wait.

® INTEL CORPORATION Securing the High-Tech Supply Chain Steve Lund Director of Corporate Security Intel Corporation.

Similar presentations


Presentation on theme: "® INTEL CORPORATION Securing the High-Tech Supply Chain Steve Lund Director of Corporate Security Intel Corporation."— Presentation transcript:

1 ® INTEL CORPORATION Securing the High-Tech Supply Chain Steve Lund Director of Corporate Security Intel Corporation

2 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 2 Agenda Intel’s Supply Chain Security model Creation and Evolution of TAPA Using standards and TAPA models to meet new threats of terrorism U.S. Customs Trade Partnership Against Terrorism (C-TPAT) Intel’s Threat Response and Emergency Management Program Drilling for Success

3 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 3 Why Develop Freight Security Requirements?

4 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 4 Intel’s Transportation Supplier Management Model For more than 10 years, Intel has embedded security requirements in freight transport contracts –Physical security of premises and equipment (e.g. trucks) –Procedural security (e.g. background investigations) –Contractually obligated, with established metrics and periodic performance evaluation With the introduction of the Pentium® product line, this program was further refined to achieve door to door security –Zero losses of Pentium® product in first quarter of shipping Intel’s model gained notice among other high-tech companies experiencing freight theft, which led to the formation of the Technology Asset Protection Association

5 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 5 What is TAPA? The Technology Asset Protection Association is an non-profit forum of security, insurance and logistics professionals representing high technology companies who have organized for the purpose of addressing the emerging cargo security threats common to the technology industry.

6 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 6 WHAT TAPA IS NOT Forum for “blacklisting” of suppliers –Information sharing is done on standards and BKM’s, not on any supplier performance issues Forum for comparison of industry/supplier losses –All discussion under NDA--$ = “don’t ask / don’t tell” Guarantor of business –Supplier compliance to standards gauged independently –Certified suppliers to be listed on limited access website-- non-certified locations not listed Unreasonable or cost-prohibitive

7 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 7 Evolution of TAPA 1997: Security professionals meet to address problem of high tech theft: –Global problem -- no one exempt from cargo theft –Demand for product peaking –Highly liquid components and demand on grey and black markets –Conclusion: Establish a forum dedicated to development of best known protective measures, benchmarking and global implementation – “A rising tide lifts all boats” : Development of Standards –Audit Criteria –Contractual Security T&C’s in form of Freight Security Requirements –Scoring Matrix –RFQ for Independent Auditors 1999: TAPA EMEA formed 2000: TAPA Asia formed, TAPA Worldwide Council developed 2001: Independent Audit program proliferated –Audit companies trained, three day course - Certification process begins –eTAPS developed in Europe 2002: Worldwide membership exceeds 450 –Benchmarked as best in class by Technology and Terrorism Committee, U.S. Senate –Pharmaceutical membership extended –Over 200 audits scheduled worldwide

8 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 8 Partnership = Leverage 450+ worldwide members Active organizations in Americas, Asia, EMEA Market Capitalization of member companies > $1.25 Trillion –In 2000, was $3.0 Trillion… Annual Sales of member companies > $750 Billion Uniform approach to problematic locations versus fragmented efforts Support of law enforcement investigations –Product, equipment, packaging, information Industry contacts worldwide - strong communication infrastructure Information and training on products and vulnerabilities Access to TAPA quarterly meetings –Presentation, Participation, Networking

9 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 9 Putting the Right Security Measures in Place Classification of facilities in 3 categories (A, B, C) depending on level of threat –Threat calculated by environmental and historical data and risk aversion level for individual company –Highest level classification requires highest level of security Applied to trucking operations as well as air operations Assessment protocol using qualitative score-- no weighting

10 VALUE VALUE VOLUME VOLUME VULNERABILITY VULNERABILITYV3 PHILOSOPHY

11 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 11 Freight Security Model Contractual Language Standard Assessment Protocol Freight Security Requirements Investigations Training Consequences

12 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 12 FREIGHT CARRIER / FORWARDER TAPA AUTHORIZED AUDITOR Independent Auditors: Move From This… …To This

13 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 13 TAPA Sub-Teams Insurance Team: –Leverage insurance industry influence on mandatory standards –Insurance premium analysis –Program proliferation Waiver Committee: –Review body for all supplier waivers Integrator/3 rd Party Logistics: –Standards development for inventoried product/outsourced warehousing –Work with Integrator market on program certification and standards

14 ® INTEL CORPORATION Post - 9/11 Threats Leveraging Existing Programs and Creating Models to Meet New Challenges

15 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 15 Positioned for Emerging Threats September 11, 2001 re-focused attention on the threat of terrorism to all operations, including supply chain –Employee safety and security – home, office, travel –Airline grounding in aftermath of attacks – alternative shipping lanes, managing product backlog –Contingency plans for design, manufacturing, distribution –Upstream and downstream impacts of direct attack or collateral impact – are suppliers and customers prepared? –Communications infrastructure vulnerabilities –Scarcity or unavailability of insurance The comprehensive nature of the supply-chain security measures established and proliferated through TAPA have shown ancillary benefits to anti-terrorism efforts

16 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 16 C ustoms T rade P artnership A gainst T errorism ( C-TPAT) Establishes Supply Chain Security requirements: Factory, Warehouse, Docks, Forwarder/Integrator Facilities Shared FSR’s, Audit Protocol, and Scoring Matrix with program management, best known methods to date USC agreement that TAPA security requirements fulfill supplier and manufacturer obligation if C-TPAT certified Several companies have been C-TPAT certified by implementing TAPA supply chain model –Intel certified September, 2002

17 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 17 C-TPAT Focus Areas “ Develop and implement a sound plan to enhance security procedures. These are general recommendations that should be followed on a case-by-case basis depending on the company ’ s size and structure and may not be applicable to all. ” Required Locations Supply Chain –Importer –Broker Manufacturer Warehouse Air / Sea /Land Carriers Required Elements Procedural Security Personnel Security Physical Security Education and Training Conveyance Security Access Controls Manifest Procedures

18 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 18 C-TPAT Membership Benefits A reduced number of inspections –Avoids delays in shipment and negative impact to customers More secure supply chain for employees, suppliers and customers Account Based Processing (bi-monthly/monthly submission of duties) Self policing and assessment Partnership with government against terrorism Membership in first worldwide supply chain wide security initiative Account Manager will be assigned Access to the list of other C-TPAT members

19 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 19 Threat Management Internal focus after 9/11/01 and anthrax mailings on emergency preparedness and business recovery / continuity –Developed a Security and Safety Task Force comprised of all major business groups Corporate Business Continuity program office an outgrowth of effort –Operational risk assessments to identify single points of failure and critical assets, with specific action plans to mitigate vulnerabilities Clear deliverables, timelines, and continuous review of progress –Response plans for various major or catastrophic scenarios Loss of facility Loss of supplier capability (equipment, transportation, services) Anthrax or other biohazard introduced into environment –Creation of a Corporate Emergency Operations Center to ensure an mechanism for top-level management of crises, enable effective communication and coordination of site responses

20 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 20 Arizona New Mexico Folsom Dupont Oregon Santa Clara Colorado Hudson India Ireland Israel Japan Malaysia Philippines China Costa Rica Utah Blue font = location of Site and Corporate EOC’s Intel Site Emergency Operations Centers (EOC’s) and Corporate Emergency Operations Centers (CEOC’s) England

21 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 21 Site EOC’s Located at each major site worldwide Locally managed, with EOC director from major business group, cross-functional participation: –Local business groups –Security –EHS –Public Affairs –Site Services Established location on-site, with equipment and procedures as required by Corporate Emergency Management program, including: –Response templates for various scenarios –Multiple computer connections –Media connection (e.g. satellite TV news) –Redundant communications PBX phone lines Dedicated copper phone lines Local channel radios Satellite telephones Ham Radio equipment / operators

22 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 22 Corporate EOC Multiple locations for redundancy and efficiency Membership at senior-level management –Core CEOC – Director, Coordinator, Security, EHS, Corporate Communications, CEOC Scribe –Extended CEOC – Legal, HR, Sales, Finance, other business groups Established rooms, fitted with all site EOC elements CEOC guidelines specific to CEOC operations –Controlled document, scheduled revisions Activation linked to existing Security or EOC escalation actions, or at discretion of core team members EOC CEOC EOC Intent to enable response at site level, coordinate communication between sites and senior management, and enable informed and effective internal and external messages by Executive Staff

23 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 23 Drills Corporate Emergency Management group, site EOC’s, and various business groups have historically utilized tabletop exercises and full drills – Corporate Drill Roadmap After September 11 th, some drill scenarios were added, and scope of drills increased to comprehend all operational elements –Anthrax response (based on existing plans) – included test kits, expanded communication, employee awareness (mail rooms) –Other biohazard scenarios –Aviation disaster response –Function-specific business recovery –CEOC and EOC emergency response capability –“Dirty bomb” scenario Typically separate drills per quarter –Designed and led by affected business group (IT, TMG, HR, etc.) –Site EOC and CEOC participation as warranted by scenario

24 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 24 Supply Chain Drills Business unit drills designed to include all potentially impacted elements of that group Clear and detailed drill scenarios outlined—including –Participants and their roles –Design of drill –Objectives of the exercise –In scope / Out of scope –Artificialities of the drill (assumptions) –Starting script Drills involve accelerated timelines, role-playing, simulated supplier engagement Key suppliers have been engaged in establishing Business Continuity and identifying gaps and focus areas Supply network rebalance/reset has become a key aspect of drills

25 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 25 Recent Drills Involving Supply Chain Q Scenario involved loss of key manufacturing facility in the Philippines All immediate emergency response elements assumed to be under control Impact to employees – managing casualties and communication Explored transportation and warehousing capability in first 72 hours, at 3-7 days, and at 7+ days following the incident Impacts to other sites Internal and External communications Q Scenario involved loss of production in Oregon due to massive earthquake All emergency response elements assumed under control Airport closure part of scenario Team worked through transportation and warehouse capabilities in first 24 hours, hours, 3-7 days, 8-14 days, 30 days, and 45 days after incident Prioritizing shipments, identifying alternative transportation methods and routes

26 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 26 Key Elements Effective supply chain management program, door to door –By starting with focus on security, have infrastructure in place to influence or manage the entire process Effective Risk Assessment protocol to identify single points of failure, critical focus areas, and mitigation strategies –Understand context of risks / threats, local flavors, key relationships with internal groups or suppliers, and how those relationships can be affected by a crisis Senior Management and Business Group commitment –Corporate-level processes and coaching, but need each group to leverage their expertise and experience to their functional area Integrated response capability –All business groups engaged in crisis management planning –Key service groups (Security, EM, EHS) linked to response and continuity efforts Drill, Drill, Drill

27 ® INTEL CORPORATION QUESTIONS?

28 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 28 Back Up

29 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 29 TAPA Partners The Infrastructure Security Partnership: –Cargo Security –Risk/Threat Assessments in Supply Chain Transportation Security Administration: –Partnership on development of FTL / LTL trailer load security requirements –TAPA Standards template for in transit cargo protection National Cargo Security Council

30 ® INTEL CORPORATION December 5 th, 2002Steve Lund – Intel Corporation 30 TAPA Independent Audit Firms


Download ppt "® INTEL CORPORATION Securing the High-Tech Supply Chain Steve Lund Director of Corporate Security Intel Corporation."

Similar presentations


Ads by Google