Feature Article : Why Your Supplier’s Security Matters
When evaluating potential or existing suppliers, many organizations fail to consider security as a decision making variable. However, the benefits of being proactive with factory security are notable.
Organizations that are proactive in evaluating supplier security note a reduction in their overall cargo risk evaluation. This means fewer instances of examinations at ports, thus decreasing supply chain disruptions. The result is also a greater ability to predict lead-time. In addition, reduced costs often occur with insurance rates and fewer penalties.
In addition to reduced time and cost, organizations taking steps to ensure supplier security also have the added benefit of marketability. Involvement in a program such as C-TPAT reinforces an organization’s brand, mission and values.
What is C-TPAT?
“C‐TPAT (Customs-Trade Partnership Against Terrorism) seeks to safeguard the world’s vibrant trade industry from terrorists, maintaining the economic health of the U.S. and its neighbors. The partnership develops and adopts measures that add security but do not have a chilling effect on trade, a difficult balancing act.”
According to U.S. Customs and Border Protection, C-TPAT started in 2001 with just seven major importers as members. Today, more than 10,000 certified partners that span the gamut of the trade community have been accepted into the program. These include U.S. importers, U.S./Canada highway carriers; U.S./Mexico highway carriers; rail and sea carriers; licensed U.S. Customs brokers; U.S. marine port authority/terminal operators; U.S. freight consolidators; ocean transportation intermediaries and non‐operating common carriers; Mexican and Canadian manufacturers; and Mexican long‐haul carriers. These 10,000‐plus companies are cited as accounting for over 50 percent (by value) of what is imported into the United States.
Programs like C-TPAT have expanded globally and are attracting significant Mutual Recognition Partners. “Through Mutual Recognition, international industry partnership programs are linked so that together they create a unified and sustainable security posture that can assist in securing and facilitating global cargo trade.”
Mutual Recognition occurs when two Customs Administrations agree that the security requirements or standards of one program, as well as its validation or audit procedures, are equivalent to those of the other program, leading both Customs Administrations to recognize the validation findings of each other’s programs.
Seven Mutual Recognition Arrangements (MRA) are listed below, most of them with the U.S. top trading Partners:
1. New Zealand – 2007 – Secure Export Scheme
2. Canada – 2008 – Partners in Protection
3. Jordan – 2008 – Golden List
4. Japan – 2009 – Authorized Economic Operator
5. Korea – 2010 – Authorized Economic Operator
6. European Union – 2012 – Authorized Economic Operator
7. Taiwan – 2012 – Authorized Economic Operator
How do you evaluate supplier security?
The Five Step Resource Guide is published by the U.S. Border Patrol and Customs. The five steps discussed are quoted as follows:
1. Mapping Cargo/Data Flow and Control and Identifying Business Partners (whether directly or indirectly contracted) and how cargo moves throughout the supply chain to include modes of transportation (air, sea, rail, or truck) and nodes (country of origin, transit points).
2. Conducting a Threat Assessment focusing on Terrorism, Contraband Smuggling, Human Smuggling, Agricultural and Public Safety Threats, Organized Crime, and conditions in a country/region which may foster such threats, and ranking those threats.
3. Conducting a Vulnerability Assessment in accordance with the C-TPAT Minimum Security Criteria. A vulnerability assessment includes identifying what the Partner has that a terrorist or criminal might desire. For brokers this might be data; for importers, manufacturers, and exporters, this might be access to cargo and company information. Then, identifying weaknesses in company procedures that would allow a terrorist or criminal to gain access to these processes, data, or cargo.
4. Preparing a Written Action Plan to Address Vulnerabilities. This includes mechanisms to record identified weaknesses, who is responsible for addressing the issues, and due dates. Reporting results to appropriate company officials and employees on completed follow up and changes is also essential.
5. Documenting the Procedure for How Risk Assessments are Conducted, to Include Reviewing and Revising the Procedure Periodically. The process itself should be reviewed and updated as needed at least annually, and a Risk Assessment should be conducted — and documented — at least annually, more frequently for highway carriers and high risk supply chains
Pro QC conducts regular on-site security audits and evaluates key points noted in the C-TPAT requirements. The agenda when our auditor visits a supplier includes the following:
• Opening Meeting
• Initial Factory Tour
• General Information (Size of the factory, number of employees, hours of operations, shift details, etc.)
• Business Partner Requirements (Status as C-TPAT member, contracted carriers, etc.)
• Container / Trailer Requirements (Procedures to verify physical integrity, storage, seals, etc.)
• Personnel Security (Pre-employment verification, criminal background checks, identification, etc.)
• Procedural Security (Procedures, accuracy, delivery, etc.)
• Physical Security (Schedule, protective barriers, building construction, inspections, logs, alarms, etc.)
• Information Technology Security (Automated systems, passwords, policies, training, etc.)
• Security Training & Threat Awareness (Programs, frequency, confidentiality, etc.)
• Closing Meeting (Review)
Detailed reports are generated that provide a compliance score and recommendations for improvement.
Improvement plans include:
• Detailed description of action plan.
• Name of person responsible for improvement activity.
• Date when the improvement will be completed.
Security audits review all aspects of the manufacturer’s security management system and provides invaluable feedback that's helpful in sourcing decisions.