Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing the High-Tech Supply Chain

Similar presentations

Presentation on theme: "Securing the High-Tech Supply Chain"— Presentation transcript:

1 Securing the High-Tech Supply Chain
Steve Lund Director of Corporate Security Intel Corporation

2 Steve Lund – Intel Corporation
Agenda Intel’s Supply Chain Security model Creation and Evolution of TAPA Using standards and TAPA models to meet new threats of terrorism U.S. Customs Trade Partnership Against Terrorism (C-TPAT) Intel’s Threat Response and Emergency Management Program Drilling for Success December 5th, 2002 Steve Lund – Intel Corporation

3 Why Develop Freight Security Requirements?
December 5th, 2002 Steve Lund – Intel Corporation

4 Intel’s Transportation Supplier Management Model
For more than 10 years, Intel has embedded security requirements in freight transport contracts Physical security of premises and equipment (e.g. trucks) Procedural security (e.g. background investigations) Contractually obligated, with established metrics and periodic performance evaluation With the introduction of the Pentium® product line, this program was further refined to achieve door to door security Zero losses of Pentium® product in first quarter of shipping Intel’s model gained notice among other high-tech companies experiencing freight theft, which led to the formation of the Technology Asset Protection Association December 5th, 2002 Steve Lund – Intel Corporation

5 Steve Lund – Intel Corporation
What is TAPA? The Technology Asset Protection Association is an non-profit forum of security, insurance and logistics professionals representing high technology companies who have organized for the purpose of addressing the emerging cargo security threats common to the technology industry. December 5th, 2002 Steve Lund – Intel Corporation

6 Steve Lund – Intel Corporation
WHAT TAPA IS NOT Forum for “blacklisting” of suppliers Information sharing is done on standards and BKM’s, not on any supplier performance issues Forum for comparison of industry/supplier losses All discussion under NDA--$ = “don’t ask / don’t tell” Guarantor of business Supplier compliance to standards gauged independently Certified suppliers to be listed on limited access website--non-certified locations not listed Unreasonable or cost-prohibitive December 5th, 2002 Steve Lund – Intel Corporation

7 Steve Lund – Intel Corporation
Evolution of TAPA 1997: Security professionals meet to address problem of high tech theft: Global problem -- no one exempt from cargo theft Demand for product peaking Highly liquid components and demand on grey and black markets Conclusion: Establish a forum dedicated to development of best known protective measures, benchmarking and global implementation – “A rising tide lifts all boats” : Development of Standards Audit Criteria Contractual Security T&C’s in form of Freight Security Requirements Scoring Matrix RFQ for Independent Auditors 1999: TAPA EMEA formed 2000: TAPA Asia formed, TAPA Worldwide Council developed 2001: Independent Audit program proliferated Audit companies trained, three day course - Certification process begins eTAPS developed in Europe 2002: Worldwide membership exceeds 450 Benchmarked as best in class by Technology and Terrorism Committee, U.S. Senate Pharmaceutical membership extended Over 200 audits scheduled worldwide December 5th, 2002 Steve Lund – Intel Corporation

8 Partnership = Leverage
450+ worldwide members Active organizations in Americas, Asia, EMEA Market Capitalization of member companies > $1.25 Trillion In 2000, was $3.0 Trillion… Annual Sales of member companies > $750 Billion Uniform approach to problematic locations versus fragmented efforts Support of law enforcement investigations Product, equipment, packaging, information Industry contacts worldwide - strong communication infrastructure Information and training on products and vulnerabilities Access to TAPA quarterly meetings Presentation, Participation, Networking December 5th, 2002 Steve Lund – Intel Corporation

9 Putting the Right Security Measures in Place
Classification of facilities in 3 categories (A, B, C) depending on level of threat Threat calculated by environmental and historical data and risk aversion level for individual company Highest level classification requires highest level of security Applied to trucking operations as well as air operations Assessment protocol using qualitative score--no weighting Remember here that 1234 was dropped for trucking and now is aligned with ABC facilities. The current monetary guideline is set up by the individual company depending on how risk averse a company wishes to be. For us: A = $5M or greater B= $ 1-5M C= <$1M All pertain to monthly totals through a facility December 5th, 2002 Steve Lund – Intel Corporation

Steve's model, now TAPA's model on how to assess threats

11 Freight Security Model
Training Contractual Language Standard Assessment Protocol Consequences Investigations Freight Security Requirements December 5th, 2002 Steve Lund – Intel Corporation

12 Steve Lund – Intel Corporation

13 Steve Lund – Intel Corporation
TAPA Sub-Teams Insurance Team: Leverage insurance industry influence on mandatory standards Insurance premium analysis Program proliferation Waiver Committee: Review body for all supplier waivers Integrator/3rd Party Logistics: Standards development for inventoried product/outsourced warehousing Work with Integrator market on program certification and standards December 5th, 2002 Steve Lund – Intel Corporation

14 Post - 9/11 Threats Leveraging Existing Programs and Creating Models to Meet New Challenges

15 Positioned for Emerging Threats
September 11, 2001 re-focused attention on the threat of terrorism to all operations, including supply chain Employee safety and security – home, office, travel Airline grounding in aftermath of attacks – alternative shipping lanes, managing product backlog Contingency plans for design, manufacturing, distribution Upstream and downstream impacts of direct attack or collateral impact – are suppliers and customers prepared? Communications infrastructure vulnerabilities Scarcity or unavailability of insurance The comprehensive nature of the supply-chain security measures established and proliferated through TAPA have shown ancillary benefits to anti-terrorism efforts December 5th, 2002 Steve Lund – Intel Corporation

16 Steve Lund – Intel Corporation
Customs Trade Partnership Against Terrorism (C-TPAT) Establishes Supply Chain Security requirements: Factory, Warehouse, Docks, Forwarder/Integrator Facilities Shared FSR’s, Audit Protocol, and Scoring Matrix with program management, best known methods to date USC agreement that TAPA security requirements fulfill supplier and manufacturer obligation if C-TPAT certified Several companies have been C-TPAT certified by implementing TAPA supply chain model Intel certified September, 2002 December 5th, 2002 Steve Lund – Intel Corporation

17 Steve Lund – Intel Corporation
C-TPAT Focus Areas “Develop and implement a sound plan to enhance security procedures. These are general recommendations that should be followed on a case-by-case basis depending on the company’s size and structure and may not be applicable to all.” Required Elements Procedural Security Personnel Security Physical Security Education and Training Conveyance Security Access Controls Manifest Procedures Required Locations Supply Chain Importer Broker Manufacturer Warehouse Air / Sea /Land Carriers December 5th, 2002 Steve Lund – Intel Corporation

18 C-TPAT Membership Benefits
A reduced number of inspections Avoids delays in shipment and negative impact to customers More secure supply chain for employees, suppliers and customers Account Based Processing (bi-monthly/monthly submission of duties) Self policing and assessment Partnership with government against terrorism Membership in first worldwide supply chain wide security initiative Account Manager will be assigned Access to the list of other C-TPAT members December 5th, 2002 Steve Lund – Intel Corporation

19 Steve Lund – Intel Corporation
Threat Management Internal focus after 9/11/01 and anthrax mailings on emergency preparedness and business recovery / continuity Developed a Security and Safety Task Force comprised of all major business groups Corporate Business Continuity program office an outgrowth of effort Operational risk assessments to identify single points of failure and critical assets, with specific action plans to mitigate vulnerabilities Clear deliverables, timelines, and continuous review of progress Response plans for various major or catastrophic scenarios Loss of facility Loss of supplier capability (equipment, transportation, services) Anthrax or other biohazard introduced into environment Creation of a Corporate Emergency Operations Center to ensure an mechanism for top-level management of crises, enable effective communication and coordination of site responses December 5th, 2002 Steve Lund – Intel Corporation

20 Steve Lund – Intel Corporation
Intel Site Emergency Operations Centers (EOC’s) and Corporate Emergency Operations Centers (CEOC’s) Ireland England Dupont Oregon Hudson Colorado Japan Folsom Israel China Utah Santa Clara Malaysia New Mexico Philippines Arizona Costa Rica India Blue font = location of Site and Corporate EOC’s December 5th, 2002 Steve Lund – Intel Corporation

21 Steve Lund – Intel Corporation
Site EOC’s Located at each major site worldwide Locally managed, with EOC director from major business group, cross-functional participation: Local business groups Security EHS Public Affairs Site Services Established location on-site, with equipment and procedures as required by Corporate Emergency Management program, including: Response templates for various scenarios Multiple computer connections Media connection (e.g. satellite TV news) Redundant communications PBX phone lines Dedicated copper phone lines Local channel radios Satellite telephones Ham Radio equipment / operators December 5th, 2002 Steve Lund – Intel Corporation

22 Steve Lund – Intel Corporation
Corporate EOC Multiple locations for redundancy and efficiency Membership at senior-level management Core CEOC – Director, Coordinator, Security, EHS, Corporate Communications, CEOC Scribe Extended CEOC – Legal, HR, Sales, Finance, other business groups Established rooms, fitted with all site EOC elements CEOC guidelines specific to CEOC operations Controlled document, scheduled revisions Activation linked to existing Security or EOC escalation actions, or at discretion of core team members EOC CEOC Intent to enable response at site level, coordinate communication between sites and senior management, and enable informed and effective internal and external messages by Executive Staff December 5th, 2002 Steve Lund – Intel Corporation

23 Steve Lund – Intel Corporation
Drills Corporate Emergency Management group, site EOC’s, and various business groups have historically utilized tabletop exercises and full drills – Corporate Drill Roadmap After September 11th, some drill scenarios were added, and scope of drills increased to comprehend all operational elements Anthrax response (based on existing plans) – included test kits, expanded communication, employee awareness (mail rooms) Other biohazard scenarios Aviation disaster response Function-specific business recovery CEOC and EOC emergency response capability “Dirty bomb” scenario Typically separate drills per quarter Designed and led by affected business group (IT, TMG, HR, etc.) Site EOC and CEOC participation as warranted by scenario December 5th, 2002 Steve Lund – Intel Corporation

24 Steve Lund – Intel Corporation
Supply Chain Drills Business unit drills designed to include all potentially impacted elements of that group Clear and detailed drill scenarios outlined—including Participants and their roles Design of drill Objectives of the exercise In scope / Out of scope Artificialities of the drill (assumptions) Starting script Drills involve accelerated timelines, role-playing, simulated supplier engagement Key suppliers have been engaged in establishing Business Continuity and identifying gaps and focus areas Supply network rebalance/reset has become a key aspect of drills December 5th, 2002 Steve Lund – Intel Corporation

25 Recent Drills Involving Supply Chain
Q2 2002 Scenario involved loss of key manufacturing facility in the Philippines All immediate emergency response elements assumed to be under control Impact to employees – managing casualties and communication Explored transportation and warehousing capability in first 72 hours, at 3-7 days, and at 7+ days following the incident Impacts to other sites Internal and External communications Q4 2002 Scenario involved loss of production in Oregon due to massive earthquake All emergency response elements assumed under control Airport closure part of scenario Team worked through transportation and warehouse capabilities in first 24 hours, hours, 3-7 days, 8-14 days, 30 days, and 45 days after incident Prioritizing shipments, identifying alternative transportation methods and routes December 5th, 2002 Steve Lund – Intel Corporation

26 Steve Lund – Intel Corporation
Key Elements Effective supply chain management program, door to door By starting with focus on security, have infrastructure in place to influence or manage the entire process Effective Risk Assessment protocol to identify single points of failure, critical focus areas, and mitigation strategies Understand context of risks / threats, local flavors, key relationships with internal groups or suppliers, and how those relationships can be affected by a crisis Senior Management and Business Group commitment Corporate-level processes and coaching, but need each group to leverage their expertise and experience to their functional area Integrated response capability All business groups engaged in crisis management planning Key service groups (Security, EM, EHS) linked to response and continuity efforts Drill, Drill, Drill December 5th, 2002 Steve Lund – Intel Corporation


28 Steve Lund – Intel Corporation
Back Up December 5th, 2002 Steve Lund – Intel Corporation

29 Steve Lund – Intel Corporation
TAPA Partners The Infrastructure Security Partnership: Cargo Security Risk/Threat Assessments in Supply Chain Transportation Security Administration: Partnership on development of FTL / LTL trailer load security requirements TAPA Standards template for in transit cargo protection National Cargo Security Council December 5th, 2002 Steve Lund – Intel Corporation

30 TAPA Independent Audit Firms
December 5th, 2002 Steve Lund – Intel Corporation

Download ppt "Securing the High-Tech Supply Chain"

Similar presentations

Ads by Google