CSCMP's Supply Chain Quarterly
October 24, 2018

It's your supply chain — secure it!

IBM's top supply chain security executive makes the case for industry/government partnerships and for global supply chain security standards. We are all responsible for securing global supply chains, he says.

Thanks to technological innovation and changes in sourcing and supply chain strategies, business management has become a global game that is more prone to risk than ever before. The ongoing threat of terrorism has dramatized the vulnerability of global supply chains, requiring companies to take action to strengthen their security, resilience, and continuity.

Although it may seem natural to depend on government to protect global supply chains, industry needs to take the lead in shaping the future direction of supply chain security. Our supply chains are the ones that will be affected in the event of a terrorist act, and our supply chains are the ones that will be slowed by the onerous government mandates that are likely to follow an attack. Industry leaders must be at the table, working with governments worldwide to balance security and trade facilitation; advocating common, global supply chain security requirements and customs-clearance data and processes; and promoting voluntary participation in security efforts that provide collateral benefits for companies that get involved.

Article Figures
[Figure 1] Supply chain security drives business value
[Figure 1] Supply chain security drives business value Enlarge this image

Industry can also show governments around the world that countries that develop a skilled work force, provide a secure environment, and create efficiencies that allow businesses to reduce costs will grow their economies. Governments that partner with industry to develop secure, efficient cross-border processes will accomplish these objectives sooner than those that do not.

IBM's perspective
As a large, globally integrated enterprise doing business in more than 170 countries, IBM values a secure, compliant, and efficient supply chain. That's why at IBM supply chain security begins with executive commitment and extends throughout our global processes. It affects not only manufacturing, fulfillment, and logistics but also information management, procurement, and even employee education and human resources.

Within IBM, supply chain security is defined as the protection of products, facilities, equipment, information, and personnel from theft, damage, or terrorism as well as preventing the introduction of unauthorized contraband, people, or weapons. This is very different than trade facilitation, which is the enhancement of supply chain efficiency and predictability by reducing supply chain costs related to customs-clearance time, inspections, and inefficient or country-specific customs processes. Yet both supply chain security and trade facilitation are necessary to keep the global economy running efficiently and effectively.

IBM maintains that industry should play a significant role not only in securing trading networks but also in shaping supply chain security and tradefacilitation initiatives around the globe. It is our belief that both security and trade facilitation can be achieved through mutually beneficial government/industry partnerships—partnerships that deliver meaningful, measurable benefits to both parties. As documented in recent academic studies, these partnerships can make a difference when it comes to visibility, speedto- market, inventory levels, and efficiency. (For a look at the results of one of those studies, conducted by Stanford University for The Manufacturing Institute of the National Association of Manufacturers, see the sidebar titled "Security really does pay.")

Industry leaders that are proactive in this regard participate in voluntary programs such as the United States Customs-Trade Partnership Against Terrorism (C-TPAT) and the Singapore Secure Trade Partnership (STP) program. They also are involved in industry groups that develop and promote standards and best practices. One example is the Business Alliance for Customs Modernization (BACM), which does informal benchmarking with other companies to identify best practices and audit business units for compliance with corporate policies.

In general, there are three ways companies can make strides in the areas of supply chain security and trade facilitation: taking ownership of securing their supply chains; advocating and adopting common, global security standards; and partnering with governments to manage risks.

Taking ownership
The fact that a company may not survive a significant breach in supply chain security should be incentive enough to assess its vulnerability and close any identified security gaps. To accomplish that, it is no longer sufficient to simply evaluate the security of your facilities, people, and information flows. Today, a company must assess security across its entire supply chain, and it must ensure that each partner and hand-off prevents the introduction of unauthorized materials and people.

In a business environment that increasingly depends on outsourcing, therefore, particular attention should be paid to qualifying suppliers of supply chain services before awarding them any business. This requires ensuring that new suppliers have security practices in place that meet or exceed established requirements and can validate their execution. It is equally important to work with existing suppliers to assess and address actual and potential security deficiencies. For those reasons, IBM routinely includes supply chain security language in its supplier contracts and conducts on-site security inspections of some of its suppliers' facilities.

IBM has learned that securing the supply chain outside the four walls of the corporation is no easy task, but it is crucial to success. Why expend so much time, effort, and expense to validate a supplier's security practices? If your outsourced supply chain is compromised, it's your bottom line that will be affected.

At the same time, companies have to make sure that they focus their efforts and investments in a way that will provide sufficient payback. Regardless of size, they inevitably have limited resources and need to determine which security investment will provide the biggest benefit.

There are times when doing that may require an innovative solution. That was the case when IBM needed to eliminate a unique risk in a specific transportation channel. The goods were traveling internationally under the control of a single driver, but the need to make IBM-approved drop-offs en route to the final destination discouraged drivers from using standard high-security truck seals. After evaluating the cost and effectiveness of several solutions, IBM equipped a small number of dedicated trucks in that channel with electronic door seals. This technology records the global positioning system (GPS) location, date, and time whenever a cargo door is opened or closed. Door openings and closures are monitored, and activity at unauthorized locations is reviewed and checked to make sure it was warranted. The technology was expensive but we determined that the benefits justified the cost.

It is important for companies to "baseline" (document current performance) in problem areas before making any changes, and then track performance following implementation of new or enhanced security practices. The ability to demonstrate quantified and/or collateral benefits will also help secure funding for future security investments. In particular, quantifying the benefits of participating in voluntary governmentsponsored supply chain security programs—both internally and by obtaining benefit statements from the sponsoring agency—is one way to confirm the payback from investments in supply chain security.

Advocating for global standards
Industry leaders are not just working with their supply chain partners to improve supply chain security; they also are promoting common, global supply chain security standards. Such standards can reduce the burden and complexity of dealing with multiple, potentially conflicting regulations between countries, thus enabling companies to develop internal processes that are global in nature and can be executed more efficiently.

There are so many other benefits to be derived from pursuing common standards on a global basis. For example, a common set of data elements for export and import purposes could be used to produce both export clearance and import declarations. These data sets could be electronically transmitted once to customs authorities (or to another designated agency) and then shared electronically. Doing so would eliminate the need for repetitive data transmittals to multiple government agencies, thus reducing delays, expense, administrative effort, and inconsistencies in data. Regulations could be applied quickly and consistently across all ports in a country or region.

Because both the sending and receiving countries would use the same set of data, information regarding high-risk shipments could quickly and easily be shared among the appropriate authorities. It would be easier to train industry personnel, as they would have to learn only one common set of government requirements. This would also greatly improve compliance levels. Without country-unique requirements driving local trade processes, moreover, a company could implement its best practices everywhere in the world, leading to greater efficiency and lower costs.

As a truly global company, IBM understands the value of global trade and supply chain security standards. An important initiative in that area that IBM supports is the Framework of Standards to Secure and Facilitate Global Trade, known as the "SAFE Framework." In June 2005, the World Customs Organization (WCO) unanimously adopted this global strategy for safeguarding supply chains and facilitating trade.

The SAFE Framework seeks to reduce complexity and country-unique requirements by establishing a common set of supply chain security and customs standards. It also introduced the concept of the Authorized Economic Operator (AEO). AEOs are parties involved in international trade (such as importers and carriers) that have implemented required security standards and best practices. In return for their security investments, AEOs will receive benefits such as expedited processing of their goods by customs authorities and a reduction in risktargeting assessments and inspections.

Perhaps of greatest significance to industry, the SAFE Framework allows mutual recognition. In other words, customs authorities in one country will be able to recognize a company's Authorized Economic Operator status in another country, and they will be able to accord benefits to the company based on its AEO status.

In June 2006, the WCO adopted the international guidelines for Authorized Economic Operator status. More than 140 WCO members have indicated their intention to implement the SAFE Framework, and the WCO has completed more than 100 assessments to determine what local customs organizations would need in order to implement the guidelines.

Some indications of the progress of the SAFE Framework and AEO programs include the May 2007 launch of Singapore's Secure Trade Partnership (STP) program, the successful AEO proof-of-concept program concluded earlier this year in Australia, and the June 2007 publication of the United Kingdom's AEO Questionnaire. These and other governments that understand the value of secure supply lanes are encouraging investment in their countries and pursuing mutual recognition by other countries. However, much work remains to be done by customs authorities worldwide before the SAFE Framework will be implemented globally.

Common AEO program requirements and mutual recognition are important concepts to deploy in a global economy, as they provide benefits for companies doing business in many countries. For example, harmonization of security partnership programs in different countries will prevent conflicting requirements and unnecessary inefficiencies in a global supply chain. The ability to become certified as an AEO in one country and to be so recognized in another reduces the need to undergo a resource-intensive certification process in every country.

Because the Authorized Economic Operator designation is a worldwide program, it provides companies with an opportunity to globally identify and implement best practices, address known and newly detected deficiencies, and enhance collaboration with trading partners. It's likely, too, that a company's AEO status as a trusted partner will represent a competitive advantage when governments allow the resumption of trade activities after a security-related incident such as a terrorist attack.

Opportunity for partnership
Supply chain security and trade facilitation are not mutually exclusive, but it's not easy to support both equally. Governments today face complex challenges when attempting to create policies that maintain economic opportunities while mitigating risks. At the same time, companies are encouraged to do business in countries that facilitate trade, yet they must also ensure that shipments from those countries meet the security standards that are now being established worldwide. In IBM's view, the SAFE Framework currently provides the best way to balance these two forces.

Nevertheless, the ultimate goal of achieving both global supply chain security and trade facilitation can only be accomplished through government/industry partnerships. Governments need to assure the security of their countries; meanwhile, industry needs to be heard when governments are debating and deciding security policies.

Companies should work with governments to accelerate the implementation of the WCO SAFE Framework, establish government/industry consultation groups to drive adoption of the AEO aspects of the framework, and begin to pilot programs with trusted partners and major trading countries. IBM, for example, identified the 20 countries that are most important to our asset-based supply chain, and I have personally visited high-level customs authorities in those countries. IBM also is participating in pilot security programs based on the SAFE Framework in the Asia-Pacific region and in the European Union.

As discussed earlier in this article, innovative and proactive companies stand to reap many benefits from investing in and advocating for supply chain security initiatives. These benefits should not be limited to Fortune 500 companies. To encourage small and medium-sized enterprises to participate in security programs—after all, they face the same kinds of business risks that large companies confront— governments should provide measurable benefits in return for these companies' investments in supply chain security.

Governments also should encourage their counterparts in other countries to implement the WCO SAFE Framework, provide mutual recognition of new Authorized Economic Operator programs, and establish public/private consultation groups to drive adoption of the AEO aspects of the framework. Innovative governments can demonstrate leadership by developing pilot programs with trusted industry partners and major trading countries to show the value of supply chain security and the corresponding benefits, such as the job creation and increased tax revenues that will result from more cargo entering a port.

A voluntary partnership approach will provide governments with greater visibility of international trade, and it will encourage companies to increase trade security while enhancing their competitive positions. Companies prefer voluntary programs that provide tangible business benefits over enforcement by governments that take a strict regulatory approach. The latter may fall short of expectations; authorities will find that many of the transactions they need to control are beyond their sovereign reach, and they may end up creating a costly regulatory environment that is neither the most effective nor the most efficient way to mitigate risk.

The old adage that a chain is only as strong as its weakest link is certainly true when it comes to supply chain security. Global security requires every stakeholder to be engaged and strongly linked—not only to its private-sector predecessor and successor in the supply chain, but to government as well. We all win or we all lose together.

Theo Fletcher is vice president, import compliance and supply chain security, for IBM Corporation.

Join the Discussion

After you comment, click Post. If you're not already logged in, you will be asked to log in or register.

Want more articles like this? Sign up for a free subscription to Supply Chain Executive Insight, a monthly e-newsletter that provides insights and commentary on supply chain trends and developments. Click here to subscribe.

We Want to Hear From You! We invite you to share your thoughts and opinions about this article by sending an e-mail to ?Subject=Letter to the Editor: Quarter 2007: It's your supply chain — secure it!"> . We will publish selected readers' comments in future issues of CSCMP's Supply Chain Quarterly. Correspondence may be edited for clarity or for length.

Want more articles like this? Subscribe to CSCMP's Supply Chain Quarterly.