Supply Chain Security Management for Business Continuity ...virgilpopa.com/articole/5th IEEE 1-3 June 2016/IEEE INCALT 2016... · Supply Chain Security Management for Business Continuity

Supply Chain Security Management for

Business Continuity Management.

Case study: Steel Industry

Profesor Virgil Popa Ph.D. Valahia University of Targoviste

5th IEEE International Conference on Advanced Logistics and Transport

1-3 June 2016, Krakow, Poland

Symposium on Logistics & Supply Chain Management

© IEEE INCALT Conference 2016 Virgil Popa 1

AGENDA

1. Introduction

2. Supply Chain Security Management

3. Business Continuity Management

4. Case study. Steel Industry

5. Conclusions and Proposals


It appears that everywhere in the world where we meet leaders of the business and political world, practically everybody feels that this age is different…

…A NEW TYPE OF NORMALITY: CHAOTICS

Source: Chaotics – Management si Marketing in Era Turbulentelor, P.Kotler, J.A. Caslione, 2009


Blue ocean strategy challenges companies to break out of the red ocean of bloody competition by creating uncontested market space that makes the competition irrelevant. Instead of dividing up existing

– and often shrinking – demand and benchmarking competitors, blue ocean strategy is about growing demand and breaking away from the competition.

W. Chan Kim, Renée Mauborgne - Ocean Strategy – How to Create Uncontested Market Space and

Make Competition Irrelevant,


1. Introduction


1987 1996 1999 2002 2005

ISO

9001

OHSAS

18001

ISO

27000

ISO

22000

ISO

14001

© IEEE INCALT Conference 2016 Virgil Popa

Evolution of organization

risk standardization

6

2007 2008 2012 2012

ISO

28000

ISO

31000

ISO

22301

ISO

22313

Evolution of organization

risk standardization


The issue of risk management standards concerned national organizations, associations and companies from various industries and ISO.

If initial ISO 9000 specifications have not occurred standards of risks ISO 14000 environmental risks resolved then and human risks in the workplace ISO 18000.


© IEEE INCALT Conference 2016

Virgil Popa

HACCP ISO 22000 standard developed for food safety and traceability ISO 27000 information security problem solved Finally ISO 31000 raised the issue of standardization in terms of risk management in the organization ISO 28000 for SC questioned the safety realization. Although he defines what the organization must do, member of the chain moves from solving internal processes and processes up-stream and down stream.

9

ISO 22301 and ISO 22313 put business continuity issue by creating a resilient organization.

We think like ISO 28000 are focused on risk management and does not solve security through planning and sharing responsibility for the entire product traceability / main raw material as it does ISO 22000


Along with updating the 9000 edition of ISO 2015 puts a hard problem to

solve Risk


6.1 Actions to address risks and opportunities

6.1.1 When planning for the quality management system, the organization shall consider the issues

referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that

need to be addressed to:

a) give assurance that the quality management system can achieve its intended result(s);

b) prevent, or reduce, undesired effects;

c) achieve continual improvement. © IEEE INCALT Conference 2016 Virgil Popa 12

6.1.2 The organization shall plan:

a) actions to address these risks and opportunities;

b) how to:

1) integrate and implement the actions into its quality management system processes (see 4.4);

2) evaluate the effectiveness of these actions.

Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.


Supply chain risk : the negative

deviation from the expected value

of a certain performance measure,

resulting in negative consequences

for the focal firm.


Supply chain disruption : a supply chain disruption is an unintended, untoward situation, which leads to supply chain risk. For the affected firms, it is an exceptional and anomalous situation in comparison to every-day business .


Typical Disruption Framework


Supply chain vulnerability

• Bjørn Egil Asbjørnslett and Marvin Rausand in 1997 [1] define the vulnerability concept as it is applied to the production systems:

“A strong and resilient system is able to support without perturbation or absorb a catastrophic failure and persist”.

• Martin Cristopher, in [3], gives the following definition of supply chain vulnerability:

"an exposition to serious perturbations, deriving by risks inside the supply chain, as well as to risk outside the supply chain".


• Reducing the impact of disruptions to the supply chain by Rob Handfield

Supply chain management (SCM) is the

integration and management of supply

chain organizations and activities through

cooperative relationships, effective

business processes, and high levels of

information sharing to create high-

performing value systems that provide

member organizations a sustainable

competitive advantage.


18

2. Supply Chain Security Management


Supply Chain Security Management

Security of the supply chain has always been a concern of transport, logistics and manufacturing companies. Concerns about theft, damage and shipment integrity intensify as the value per pound of cargo increases. Add the threat of organized crime, piracy and terrorism, and security of the supply chain becomes critical to business survival.

Security, its demands and constraints, constitute obstacles (logical and physical barriers) in the flow of supply and distribution.


By SCSM, we mean enhancing and embedding the traditional security management aspects into holistic management of integrated supply chains, especially within a global context.

Since 2001 governments, Customs administrations, international organizations, researchers, and businesses have carried out diverse actions, and delivered different types of reports, and articles on the topic.

The first pure SCSM paper was published at MIT (Sheffi, 2001), a few months after the infamous terrorist attacks in September 2001.


Other ways of developing involvement

SCSM is that of Lee & Wolfe 2003), Supply chain Management and Supply chain risk and vulnerability (i.e. Christopher & Peck, 2004).


Supply chain security (SCS) Good Practices

As stated by Menzer et al (2008), “Supply

Chain encompasses the planning and management of all activities involved in sourcing and procurement, conversion, demand creation and fulfillment, and all logistics activities”.

.


The White House

Washington

January 23, 2012

“Through the National Strategy for Global

Supply Chain Security, we seek to strengthen

global supply chains in order to protect the

welfare and interest of the American people and

secure our Nation*s economic prosperity.”

Barak Obama


National Strategy for Global Supply Chain

Security (the Strategy)

Through the National Strategy for Global Supply

Chain Security (the Strategy), we articulate the United

States Government’s policy to strengthen the global

supply chain in order to protect the welfare and

interests of the American people and secure our

Nation’s economic prosperity. Our focus in this

Strategy is the worldwide network of transportation,

postal, and shipping pathways, assets, and

infrastructures by which goods are moved from the

point of manufacture until they reach an end

consumer, as well as supporting communications

infrastructure and systems. © IEEE INCALT Conference 2016 Virgil Popa 25

BUILDING RESILIENCE IN SUPPLY CHAINS – 2013

REPORT

The World Economic Forum’s Supply

Chain Risk Initiative first started exploring

systemic risks and vulnerabilities to global

supply chains and transport networks in

2011. The initiative’s phase I report, New

Models for Addressing Supply Chain and

Transport Risk, launched at the World

Economic Forum Annual Meeting 2012 in

Davos-Klosters, examines the systemic

supply chain risk landscape and the

possibility of these risks causing serious

disruptions to global supply chains.


Joint statement on supply-chain security –

EU

The European Union and the United

States face similar challenges and share a

common approach to the security of the

supply-chain.

We have witnessed several incidents,

such as the October 2010 foiled sabotage of

a U.S.-bound plane, where international cargo

was used to attempt terrorist attacks. Our

vigilance must be constant.


ISO 28001

28001:2007 – Best practices for implementing supply chain security, assessments and plans – Requirements and guidelines. ISO 28001 is intended to assist organizations in establish reasonable levels of security and make better risk-based decisions for protection of the supply chain.


SECURITY MANAGEMENT SYSTEM ELEMENTS

There are five key elements that are critical to the development of a Security Management System (SMS):

- Security Management Policy

- Security Planning

- Implementation & Operation

- Checking & Corrective Action

- Management Review & Continual Improvement


3. Business Continuity Management


BCM is a management process with the goal of detecting serious risks that endanger the survival of an organization early and to implement safeguards against these risks. To ensure the operability, and therefore the survival, of a company or government agency, suitable preventive measures must be taken to increase the robustness and reliability of the business processes as well as to enable a quick and targeted reaction in case of an emergency or a crisis.

Business Continuity Management (BCM)


4. Case study. Steel Industry

The owner: SAMSUNG DEUTSCHLAND GmbH - a branch of SAMSUNG CORPORATION


Steel Supply Chain

Integrated Facility

Primary & Finishing

Raw Materials

Suppliers

Cold Rolling / Finishing Facility

Fabrication Facility 1

Automotive

Customers

Consumer

packaging

Industrial

Customers

DC

DC

Source Make

Deliver

Plan

33


The XYZ Steel Company

Integrated Facility 2

Primary & Finishing

Cold Rolling / Finishing

Facility 1

North America DC

North Europe DC

South Europe DC

Automotive

Customers

Cold Rolling / Finishing

Facility 2

Integrated Facility 1

Primary & Finishing

Slab Supplier

MRO Supplier



Packaging

Customers

Industrial

Customers

MRO Supplier

Raw Materials

Suppliers

Raw Materials

Suppliers

Product Flow

Returns Flow


The company has implemented several best

management practices including: 5S, Six Sigma,

Kaizen. It is currently implementing Lean

Manufacturing and prepares strategic base for

operations excellence EFQM award. The company

has developed a risk management system which is still

based on ISO 31000, but it is a good start in terms of

internal good practices, taking into consideration all the

risk sources for ISO 28001.

The company was argued before the classic

approach - identifying organizational risk, based on ISO

31000 and quality management instrumental in FMECA,

and especially for domestic incidents. The literature and

practice management deepens and environmental risks

suppliers (up-stream) and customers (down-stream) and

business environment.


Virgil Popa

35

In our paper-based on the organization studies determines us to go towards what ISO 28000/28001 is based - event risk in organization and processes upstream and downstream with the processes in the value chain of the organization's component supply chain management (Source - Make - Delivery). Incident management through a plan of urgent and truer reactive plan is proposed below for example an action plan and reaction plan.


Virgil Popa

36

No Identified emergency

situations

Preventive actions Responsible Preventive

actions

Emergency actions Responsible Emergency actions

1 Extreme weather

phenomena: a.

Thunderstorms, heavy

rain, tornadoes

b. Floods caused by

extreme weather

production (Events may

cause damage to building

roofs, rainwater pipes,

clogged sewers, flooding

of technological lines,

basements of buildings or

hydraulic cellars, electrical

rooms, etc.)

- Personnel training in order to

know the color codes for weather

alerts and warnings and to take

preventive measures ;

- Preventive inspection of the

condition of rainwater pipes and

collection pipes;

-Check the condition of sewers and

clean them

-Establish the areas / locations

where the water infiltration may

occur due to various cases,

determine the drainage ways and set

the "action plans in case of

emergency";

SU responsible/ Chiefs of

workplaces

Chief of Administrative

Team/ Chiefs of workplaces

Chief of Energy team and

utilities

Chiefs of plants / Chiefs of

work places

Chiefs of work places

-Announce the chief of plant and the

duty officer;

-Announce the management of the

company;

- Personnel from the affected line in

collaboration with the maintenance

staff (under the command of the

chief of the workplace) initiate

measures to limit the consequences

and to remove the event, according

to the "Action plans in case of

emergency’ ;

-By case it is also requested the help

of firemen team.

Chiefs of the workplaces (foremen /

team chiefs)

Duty officer / Chief of plant Chief

of workplace

Chief of plant/ Chief of workplace

2 Extreme weather

phenomena:

a. Thunderstorms, heavy

rain, tornadoes

b. Floods caused by

extreme weather

production (Events may

cause damage to building

roofs, rainwater pipes,

clogged sewers, flooding

of technological lines,

basements of buildings or

hydraulic cellars, electrical

rooms, etc.)

- Personnel training in order to

know the color codes for weather

alerts and warnings and to take

preventive measures ;

- Preventive inspection of the

condition of rainwater pipes and

collection pipes;

- Check the

condition of sewers and clean them

- Establish the

areas / locations where the water

infiltration may occur due to

various cases, determine the

drainage ways and set the "action

plans in case of emergency";

SU responsible/ Chiefs of

workplaces

Chief of Administrative

Team/ Chiefs of workplaces

Chief of Energy team and

utilities

Chiefs of plants / Chiefs of

work places

Chiefs of work places

-Announce the chief of plant and the

duty officer;

-Announce the management of the

company;

- Personnel from the affected line in

collaboration with the maintenance

staff (under the command of the

chief of the workplace) initiate

measures to limit the consequences

and to remove the event, according

to the "Action plans in case of

emergency’ ;

-By case it is also requested the help

of firemen team.

Chiefs of the workplaces (foremen /

team chiefs)

Duty officer / Chief of plant Chief

of workplace

Chief of plant/ Chief of workplace

Emergency Plan (Examples) Failure Mode, Effects and Criticality Analysis


3 Exceptional

situations:

a. War

b. Embargo

c. Revolution

(Probability of such

events is very low.)

- Maintenance

of the alarm sirens, of the

ALD shelter in functioning

state

- Ensuring

safety lighting (in plants

and buildings);

- Maintenance

of telephone lines;

- Set working

instructions in case of war;

- Train the

personnel regarding the

usage of warning signals ;

-Establishing the

evacuation assembly points

and conducting evacuation

exercises with the

employees.

Chief of maintenance

Chief of Maintenance

Chief of

Administrative

General Director

ES Responsible/

Chiefs of workplaces

- Turn on the

electric sirens (after

receiving the notification

and turn on agreement from

local authorities );

-Taking the decision to

evacuate the personnel on

site;

- Telephone

announcement about the

evacuation of the

employees at the site

(following the decision of

the General Director).

Duty officer / Chief of

Administrative

General Director

HR

Director/Chief s of

workplaces


Potential situations that may result to

nonconformities

Emergency actions taken Responsible

1. Raw material defects:

Failure to comply with the quality

requirements of raw materials

identified in various stages of

processing in the production flow with

repercussions concerning fulfilling in

time the orders.

1. Failure to satisfy capability conditions,

variations in product characteristics

1. Analyzed distribution characteristics

does not meet customer requirements /

standard values

- it is blocked the nonconformity coil that presents defects from raw

material; - in case of blocking of at least 3 raw material coils in over 24 hours

that comes from the same supplier and shows the same type of defect is prepared and sent an RNAC to the supplier;

- in the next 24 hours the stocks of raw materials from the supplier

involved is analyzed by QC & CS and Processes Programming

&Control teams and in consequential the coils that may have the

same problem are blocked and isolated;

- are requested information from supplier about quality of raw

material in stock;

- if the answer of the supplier imposes this, is requested the

emergency replacement of raw materials affected.

- products that do not meet customer requirements, or are not within

the OTELINOX standard value are blocked;

- the nonconforming product are 100% inspected and it is decided the

way it can be handled according to the “Nonconformities control”

procedure, code …;

- there are established corrective actions for all non-compliant

products in order to eliminate the causes that generated

nonconformities;

- all records of non-compliant products are kept within QC & CS

team;

- for all non-compliant products management staff of the department

from where are generated is informed.

QC inspector QC engineer

responsible for complaints of

raw material

QC engineer & Processes

Programming &Control QC

engineer responsible for

complaints of raw material

Operator QC inspector

Plant chief QC engineer

Reaction Plan (Examples)


Following the approach of the Balanced Scorecard strategic management sistem can be seen that there is some performing explained by KPI of this approach started by identifying internal risks (mostly) and external ones. By preparing a response plan can also determine business continuity management.


BALANCED SCORECARD


• Making a resilient chain / safe driving can generate a system of goals and Key Performance Indicators to be monitored and managers in dashboard. The organization had enough major incidents which resulted in a managerial proactive


Name of

process

No. Performance

Indicator

Indicator value

2013 year

Indicator value

2014 year

Indicator

value 2015

year

Target 2016

Client support 1 Orders for analysis: up

to 4 days for at least

98% of total

commands

99.20% 99.40% 99.60% Minimum

99.95%

2 For analysis

applications offer: up

to 13 working hours

for minimum 95% of

applications offer

91.72% 93.30% 93.70% Minimum

95%

3 The first response to

receiving a complaint:

working for up to 6

hours

99,5% of complaints

96.18%

99.24%

99.50%

Minimum

99,5%

4 The final response to

receipt of all

necessary details

investigate by a

maximum of 36 hours

for 99,5% of

complaints

96.40%

99.31%

99.50%

Minimum

99,5%

Delivery 1 Delivery date fixed x 99.03% 98.71% 98%

Raw material

supply

…………………

…………...

…………………

1 Ensuring raw material

for the second rolling

mill of the first and the

third rolling mill.

94% 132% 115.60% 100%

Comparative analysis of Key Performance Indicators for 2013-2015

from Balanced Scorecard of Steel Company


Virgil Popa

43

5. Conclusions and Proposals


Risk sources in the supply chain


Christopher

No Emergencies identified Preventive actions Responsible actions

prevention

1 Situations assimilated Force

Majeure

a. Strike

b. Situations conflict violent

(The probability of such

events is very low).

Signing contracts

(Orders

supply) with minimal

two main suppliers

simultaneously for the same

type

material and at least one

secondary provider.

CEO

Commercial Director

Director of Resources

2 Destructive phenomena

geological origin

a. Earthquakes

b. Mudslides land


events is low

several areas simultaneously)

Signing contracts

(Orders


two main suppliers

simultaneously for the same

type

material and at least one

secondary provider.

Commercial Director

Head Outlets

1. Procurement strategies


3 Extreme weather

a. downpours,

tornadoes,

thunderstorms

b. Floods

(Probability producer

of

phenomena is low

multiple geographies

simultaneous)

Signing contracts

(Orders


two main suppliers

simultaneously for the

same type

material and at least

one

secondary provider.

Commercial Director

Head Outlets

4 Emergencies

a. Special War

b. Embargo

c. Revolution

(probability of such

events is low)

Signing contracts

(Orders


two main suppliers


same type


one

secondary provider.

Commercial Director

Head Outlets


47

5 Amendment Act

Government

Signing contracts

(Orders


two main suppliers


same type


one

secondary provider.

Commercial Director

Head Outlets

6 a. strike

b. Situations

conflict

violent

c. Measures taken

government or

other authorities


events is low)

Signing contracts

(Orders


two main suppliers


same type


one

secondary provider.

Commercial Director

Head Outlets

Auto Manager


No Emergencies identified Preventive actions Responsible actions

prevention

1 Situations assimilated

Major Force

a. Strike

b. Situations conflict

violent


events is very low).

Not provided actions

special.

CEO

Commercial Director

Director of Resources

2 Destructive phenomena

geological origin

a. Earthquakes

b. Mudslides

land


events is low

several areas

simultaneously)

Ensure fulfillment orders

in stocks of safety.

Commercial Director

Head Outlets

2. STRATEGY OF SELLING


49

3 Extreme weather

a. downpours,

tornadoes,

thunderstorms

b. Floods

(Probability producer of

phenomena is low

multiple geographies

simultaneous).

Ensure fulfillment

orders by public

transportation

alternatives

the contracts with

transport companies.

Commercial Director

Head Outlets

4 Emergencies

a. Special War

b. Embargo

c. Revolution

(probability of such

events is low).

Not provided actions

special.

Commercial Director

Head Outlets


5 Amendment Act

Government

Not provided

actions

special.

Commercial Director

Head Outlets

6 a. strike

b. Situations

conflict

violent

c. Measures taken

government or

other authorities

(The probability of

such

events is low)

Ensure delivery

means of

conveyance

alternatives which

are not

affected by

situations

treated as Major

Force.

Commercial Director

Head Outlets

Auto Manager

Ensure safety stock for finished product.


We have some advices!


Win-lose

Working

together


To develop discussions with main suppliers and customers (Integrated in the Supply Chain) to achieve a system of security management throughout the chain of organizations that are coordinated from Germany's Korean subsidiary Samsung


Virgil Popa

54

16 Virgil Popa

Supplier

Plan

Client Client

Supplier

Make Deliver SoSour

sw urce

Make Make Deliver Make Source Deliver Source Deliver

Intern orExtern Intern orExtern

Company

Source

SCOR Model

Return Return Return Return Return Return Return Return

Processes

Best Practice

Measurement

Technology


1. Supply chain collaboration

A high level of collaborative working across

supply chains can help significantly to mitigate risk.

The challenge is to create the conditions in which

collaborative working becomes possible.

Traditionally supply chains have been

characterized by arms-length, even adversarial,

relationships between the different players.



Virgil Popa

There has not been a history of sharing information either with suppliers or customers. More recently however there have been encouraging signs that a greater willingness to work in partnership is emerging in many supply chains. In the fast moving consumer goods (FMCG) industry there is now significant collaboration between manufacturers and retailers in the form of Collaborative Planning, Forecasting and Replenishment (CPFR) initiatives.

57

The PRECISION Case

A good example is if a customer needing greater precision steel coils has led the company to achieve Steel Company analyzed a large investment in a new process with a special feature section PRECISION. This is evidence of a very good collaboration.


Virgil Popa

58

Supply Chain Security Measures - The Business

Perspective (Magdalena Jażdżewska-Gutta)

It became obvious that due to long-term

trends of globalization and outsourcing the supply chains became more vulnerable to any disruptions.

Due to the character of supply chains, the consequences of a disruption can be more serious than we expect, as the single threats to any company involved in the flow of goods sum up along the supply chain. It is thus important that companies attach enough importance to implementing supply chain security measures.


Vulnerabilies – fundamental factor that make an enterprise/organization suscetible to disruptions


Capabilities attributes that enable an enterprise/organization to anticipate and overcome disruptions.

Capabilities can be defined as the combination of an organization”s people, practices, technology and infrastructure that collectively reprezents that organization”s ability to create value for its stakeholders through a distict part of its operations.


Some incidents that cause us to warn the

organization implement ISO 28000 for

Generate a continuity of the entire business SC.

Default organization will benefit from the security and

safety stakeholders who have invested and have long-

term expectations.

1. The case with Chinese company (which take

about 24% of the production of stainless steel sheet and

strip) who discontinued collaboration activity by about

one month (too little time to find other customers) will

"compel" the company OTELINOX begin to generate a

security plan integrated downstream with the first three

customers who have a share in sales of about 30%;

© IEEE INCALT Conference 2016 Virgil

Popa

62

Also, but more urgently, it is the company to

do an integrated upstream especially as the first supplier (in Italy) depends on the supply of hot-rolled sheet at a rate of 30-40% and of second (Finland) and third (Spain) on which 15% each.

This plan joint / integrated is even more pressing because the supplier in Italy in 2014 there was a general strike which the outlet of Targoviste (Otelinox) found out about 2 weeks before.


Another example, this year, collaborative management in the security chain is given on waste (packaging in coming rolls of wood and paper / cardboard particular) is incident when the certified organization to manage 5 companies collectors (OTR - organization transfer of responsibilities?! - a kind of organization 4PL) ordered (based on very tough legislation regarding environment) amend them. Fines generated extremely large their bankruptcy and effect billiards coup occurred.



Virgil Popa

Business Intelligence: Group of Germany where headquarter site in Europe - Samsung Deutchland which coordinates all the ins and outs of Steel Company find out the month before and generated a growth stock and temporary demand relationship Finland and Spain.

65

Another such case is the change of

ownership in a company that has decided to

close its French led to the loss of a customer

about 10% this year.

The organization is under risk of closure / decrease production if the Romanian government not to grant facilities to the methane - very high consumption after cold rolling passes to achieve flatness board.


Vulnerability factor

Definition

Sub-factors

1. Turbulence

Environment characterized by frequent changes

in external factors

1.1.Natural disasters 1.2. Geopolitical disruptions 1.3.Unpredictability of

demand 1.4. Fluctuations in currencies and prices 1.5.Technology failures

2. Deliberate threats

Intentional attacks aimed at disrupting

operations or causing human or financial harm 2.1. Labor disputes 2.2. Special interest groups *

3.External pressures

Influences, targeting the firm, that create

business barriers

3.1. Competitive innovation 3.2. Political/Regulatory change, 3.3. Corporate responsibility ** 3.4. Environmental change

4. Resource limits

Constraints on output based on availability of

the factors of production

4.1.Supplier, production and distribution capacity

4.2. Raw material and Utilities availability**

4.3. Human resources

5. Sensitivity

Importance of carefully controlled conditions for

product and process integrity

5.1.Product purity 5.2.Restricted materials 5.3. Fragility*** 5.4. Reliability of equipment 5.5. Visibility to stakeholders 5.6. Symbolic profile of brand 5.7. Concentration of capacity

6. Connectivity

Degree of interdependence and reliance on

outside entities

6.1. Scale of network 6.2. Degree of outsourcing 6.3. Import and Export channels

7.Supplier/Customer

disruptions

Susceptibility of suppliers and customers to

external forces or disruptions

7.1. Supplier reliability

7.2. Customer disruptions

2. Table : Vulnerability Factors (adapted on Pettit)


3. Table : Capability Factors (adapted on Pettit)

Capability Factor Definition

Sub-Factors

1. Flexibility in

sourcing

Ability to quickly change inputs or

the mode of receiving inputs

1.1. Supplier contract flexibility

1.2.Multiple sources

1.Flexibility in order

fulfillment

Ability to quickly change outputs

or the mode of delivering outputs

2.1. Alternate distribution channels 2.2. Risk pooling/sharing, 2.3.. Multi-sourcing 2.4. Inventory management 2.5. Re-routing of requirements

1. Capacity Availability of assets to enable

sustained production levels

3.1. Reserve capacity

3.2. Backup energy sources and communications 1.Efficiency

Capability to produce outputs with

minimum resource requirements

4.1. Waste elimination

4.2. Asset utilization,

4.3. Failure prevention 1.Visibility

Knowledge of the status of

operating assets and the

environment

5.1. Business intelligence gathering 5.2. Information technology 5.3. Product, equipment and people visibility 5.4. Information exchange

1.Adaptability

Ability to modify operations in

response to challenges or

opportunities

6.1. Fast re-routing of requirements

6.2. Lead time reduction 6.3. Learning from experience *, **


1.Anticipation

Ability to discern potential future events or

situations

7.1. Monitoring early warning signals 7.2. Forecasting 7.3. Risk management 7.4. Business continuity/preparedness planning 7.5. Recognition of opportunities

1. Recovery Ability to return to normal operational state

rapidly

8.1. Crisis management

8.2. Resource mobilization

8.3. Communications strateg

8.4. Consequence mitigation

1.Dispersion

Broad distribution or decentralization of

assets

9.1. Location- specific empowerment

9.2. Dispersion of markets

10. Collaboration

Ability to work effectively with other entities

for mutual benefit 10.1. Collaborative forecasting 10.2. Customer management 10.3.Risk sharing with partners

11.Organization

Human resource structures, policies, skills

and culture

11.1. Creative problem solving 11.2. Cross- training, 11.3. Substitute leadership/empowerment 11.4. Learning/benchmarking

12. Market position

Status of a company or its products in

specific markets

12.1. Customer loyalty/retention market share

12.2. Customer relationships

11.3. Customer communications

13. Security

Defense against deliberate intrusion or attack 13.1. Access restrictions

13.2. Employee involvement

13.3. Collaboration with governments

13.4. Cyber-security

13.5. Personnel security

14. Financial strength Capacity to absorb fluctuations in cash flow 14.1. Insurance

14.2. Financial reserves and liquidity ***

14.3. Price margin


69

4. SELF-ASSESSMENT QUESTIONNAIRE SUPPLY CHAIN SECURITY MANAGEMENT through ISO 28001

SCORECARD

SECTION/ SUBSECTION / ACTIVITY Standard took into account 0% 25% 50% 75% 100%

1. INFORMATION SECURITY SECTION 100

1.1. SUBSECTION - PROCEDURES FOR

PERFORMING BACK-UP, RECOVERY,

REINTRODUCTION AND STORAGE OF RECORDS

100

1.1.1. Your organization has researched upon control

procedures for performing back-up copies, recovery,

reintroduction and storage of own records and

implementation of such actions.

ISO 9001:2015

ISO 17799:2005; ISO 27001:2005

ISO for standards in cybersecurity

X

1.2.SUBSECTION - SECURITY INFORMATION -

PROTECTION SECURITY SYSTEM 100

1.2.1. Your organization has researched upon control for

internal software and ERP (Enterprise Resource Planning)

against unauthorized access to the system and

implementation of such actions.

ISO 17799:2005

ISO 27001:2005

ISO/PAS 28001:2006

X

1.3. SUBSECTION - SECURITY INFORMATIONS -

SECURITY DOCUMENTATION

100

1.3.1. Your organization has researched upon control

procedures security document

ISO/PAS 28001:2006

ISO 17799:2005

ISO 27001:2005

X


70

2. SECTION - SECURITY REQUIREMENTS 0% 25% 50% 75% 100%

2.1. SUBSECTION - OWN ASSESSMENT ON

SECURITY MEASURES 89,29

2.1.1. You performed a self-sssesment on security

and safety

ISO/PAS 28001:2006

ISO 9001:2015

ISPS Code *

X

2.1.2. Your organization has researched upon

security and safey measures

ISO/PAS 28001:2006

ISO 9001:2015

ISPS Code *

X


registering and reporting procedures about

security issues

ISO/PAS 28001:2006 ISPS

Code *

X

2.1.4. In your organization there are specific

safety and security requirements for import

/export / reexport goods

ISPS Code *

X

2.1.5. You performed an own asessment on your

activity, regarding the potential dangers for safety

systems.

ISO/PAS 28001:2006

ISPS Code *

X

2.1.6. Insurances you have concluded comprises

specific security and safety requirements ISPS Code * X

2.1.7. Some of your customers have imposed you

security requirements ISPS Code * X


2.2. SUBSECTION - PHYSICAL SECURITY 9687,

2.2.1. Indicate if limits of external parameters of

your locations are safe

ISO/PAS 28001:2006

(Section A 3.3.)

X

2.2.2. Your organization has researched upon the

control procedures about acces through all points

and gateways to your locations. ISO/PAS 28001:2006

X

2.2.3. Apply security measures / closing to the

doors, windows and gates, both to the ones in

the inside and in the outside

ISO/PAS 28001:2006

X

2.2.4. Your organization has researched upon the

safekeeping procedures of keys to access points.

ISO/PAS 28001:2006

X


procedures to ensure that only authorized

personnel have access to parts of your locations

ISO/PAS 28001:2006

ISPS Code *

X

2.2.6. Your organization has researched

regarding on procedures to protect your premises

against unauthorized access by personal

vehicles. X


procedures applicable in cases of unauthorized

access or intrusion.

ISO/PAS 28001:2006

ISPS Code *

X


regarding on procedures for maintaining the

security of buildings and external boundaries

ISO/PAS 28001:2006

X


72

2.3. SUBSECTION - UNITS OF

TRANSPORTATION OF GOODS 70,0

2.3.1. You are the owner of cargo

transportation meanss used in your activity X

2.3.2. You have experience in conducting

inspections for cargo transportation units

and vehicles

ISO/PAS 28001:2006

X


upon control procedures regarding

monitoring the security of cargo

transportation units used in your business as

long as they are under your responsibility

ISO/PAS 28001:2006

ISPS Code *

X


upon applicable procedures to solve

incidents regarding unauthorized access and

wrong/harmful handling of your cargo

transportation units.

ISO/PAS 28001:2006

X

2.3.5. In case maintenance activity and

repair of cargo transportation units are

performed externally, specify if you have

researched upon surveillance procedures of

cargo transportation units at their return,

before loading

ISO/PAS 28001:2006

X


73

2.4. SUBSECTION LOGISTICS PROCESSES 75,0

2.4.1. Indicate in the next cells what kinds of transport are

normally used by your business X

2.4.2. Indicate in the next cells if transport is performed on

your expense or through an external contractor. X

2.4.3. Indicate in the next cells if where transport is carried

out by an external contractor, the relation is based on a simple

agreement or understanding to provide services, or rely on

contracts that include responsibilities and procedures for

ensuring safe transport of your goods X

2.4.4. Indicate in the next cells, in case if you do not use a

regular contractor, how do you ensure safety and security of

your goods X

2.5. SUBSECTION - ENTRY OF GOODS 95,33

2.5.1. Your organization has researched upon the procedures

regarding security and safety required for goods entered your

ocations.

ISO 9001:2015

ISO/PAS 28001:2006

ISO/PAS 17712; ISO 9001:2015

X

2.5.2. Your organization has researched on procedues

applicapble to solve the situations if incoming goods breach

security and safety arrangements agreed with suppliers.

ISO/PAS 28001:2006

X

2.5.3. You ensure that goods are received only in a supervised

places.

ISO/PAS 28001:2006

X

2.5.4. Your organization has researched on the procedures to

be followed to ensure that staff are informed of procedures

and measures for safety and security.

ISO/PAS 28001:2006

X

2.5.5. Your organization has researched on the procedures for

the receipt of goods which pose a risk to security and safety. ISO 9001:2015

X

2.5.6. The fees to be paid are separate on different activities,

as are orders of goods, receipt it, goods registration in the

accounts and pay bills. X


Virgil Popa

74

2.6. SUBSECTION - STORAGE OF GOODS 100

2.6.1. Your organization has researched on

procedures regarding the security and safety issues

needed to enclosure the place of goods storage .

ISO 9001:2015

ISO/PAS 28001:2006

ISPS Code * Certificat TAPA

X

2.7. SUBSECTION PROCESSING OF GOODS 100


procedures on security and safety needed to

enclosure the place of the processing of goods.

ISO/PAS 28001:2006

X

2.8. SUBSECTION - LOADING OF GOODS 100


physical and documentary procedures to control the

loading of goods.

ISO/PAS 28001:2006

ISO/PAS 11712: 116 ;ISO/PAS

17712

ISPS Code *

X


security and safety measures required by your

customers at the time of loading.

ISO/PAS 28001:2006

X

2.9. SUBSECTION - SAFETY REQUIREMENTS

FOR SUPPLIERS 100

2.9.1. You have procedures estabilited with your

suppliers regarding implementation of security and

safety measures. X


2.10. SUBSECTION - SECURITY

PERSONNEL 100

2.10.1. Your organization has

researched procedures on personnel

policy that takes into regarded the

security requirements of your

activity.

ISO/PAS 28001:2006

X

2.10.2. You train your staff

regarding security and safety

requirements.

ISO/PAS 28001:2006

X

2.10.3. You have security

requirements aplicable of staff

employed temporarily.

ISO/PAS 28001:2006

X

2.11. SUBSECTION - EXTERNAL

SERVICES 100

2.11.1. You have security

requirements included in contracts

with external suppliers such as, for

example those applicable security

guards, cleaning, maintenance

ISO/PAS 28001:2006

X

ISPS Code is the International Code for the Security of Ships and Port Facility provided

in Government Decision no. 248 of 26.02.2004.


CONCLUSION ON SELF-ASSESSMENT QUESTIONNAIRE

on compliance with ISO 28001 and ISO 27001

1. INFORMATION SECURITY SECTION 100%

2. SECTION - SECURITY REQUIREMENTS 93,33%

TOTAL (SIMPLE MEAN) 94,75%


5. The Process Classification Framework

Valahia University, ECR Department 78

APQC (American Productivity and Quality Center) © IEEE INCALT Conference 2016

Virgil Popa

Calculations AHP

SCORECARD Total

scor

Activities 0

%

25

%

50

%

75

%

100

%

10.1. Manage enterprise risk

(17060)

53.33

%

10.1.1.Establish the enterprise

risk framework and policies

(16439)

55

%

10.1.1.1.Determine risk tolerance for

organization (16440)

X

10.1.1.2.Develop and maintain enterprise

risk policies and procedures (16441)

X

10.1.1.3.Identify and implement enterprise

risk management tools (16442)

X

10.1.1.4.Coordinate the sharing of risk

knowledge across the organization (16443)

X

10.1.1.5.Prepare and report enterprise risk

to executive management and board (16444)

X

Proposal for risk measurement system aggregate of

organizations and alliance SC based on APQC’s Process

Classification Framework (PCF)


Virgil Popa

79

10.1.2. Oversee and coordinate

enterprise risk management activities

(16445)

45.83

%

10.1.2.1. Identify enterprise level

risks (16446)

X

10.1.2.2. Assess risks to determine

which to mitigate (16447)

X

10.1.2.3. Develop risk mitigation

and management strategy, and

integrate with existing performance

management processes (16448)

X

10.1.2.4. Verify business unit and

functional risk mitigation plans are

implemented (16449)

X

10.1.2.5. Ensure risks and risk

mitigation actions are monitored

(16450)

X

10.1.2.6. Report on risk activities

(16451)

X


80

10.1.3. Coordinate business unit and

functional risk management activities

(16452)

62,5

%

10.1.3.1. Ensure that each business

unit/ function follows the enterprise

risk management process (16453)

X

10.1.3.2. Ensure that each business

unit/ function follows the enterprise

risk reporting process (16454)

X


10.1.4. Manage business unit and

function risk (17462)

50

%

10.1.4.1. Identify risks (16456) X

10.1.4.2. Assess risks using

enterprise risk framework policies and

procedures (16457)

X

10,.1.4.3. Develop mitigation plans

for risks (16458)

X

10.1.4.4. Implement mitigation

plans for risks (16459)

X

10.1.4.5. Monitor risks (16460) X

10.1.4.6. Analyze risk activities and

update plans (16461)

X

10.1.4.7. Report on risk activities

(16462)

X

Total X © IEEE INCALT Conference 2016

Virgil Popa

82

6. Working All Together (WAT) for Supply Chain

Excellence

Information flow

Reverse Logistics

Supplier Manufacturer Retailer 3PL 3PL

Products/Services Flow

Reverse Factoring (A/P)

Bank of retailer

Bank of manufacturer

Bank of supplier Factoring (A/R)

Factoring financial institution

Factoring financial institution

Cash Flow

4PL 4PL 4PL


A new solution for the win-win approach is: Reverse Factoring As the name reveals, reverse factoring solutions are based on factoring – a transaction in which suppliers sell receivables to factors for immediate cash.


A recommended solution: Factoring

Factoring classic and normal financial collaboration between manufacturer-retailer is made by commercial credit. Factoring is a new comprehensive finance business including commerce financing, credit survey, receivables administration and credit risk guarantee.


A new solution for the win-win approach is: Reverse Factoring As the name reveals, reverse factoring solutions are based on factoring – a transaction in which suppliers sell receivables to factors for immediate cash



http://www.northwestern.edu/standards

-management/topics/supply-

chain/papers.html

GLOBAL STANDARDS

FOR SUPPLY CHAIN

MANAGEMENT IN

CONSUMER

PACKAGED GOODS

INDUSTRY

http://www.northwestern.edu/standards-management/topics/supply-chain/papers.html





2. The Data Pool registers a product

in the GS1 Global Registry and sends

very basic information about the

item.

3. The GS1 Global Registry holds this

basic information about all items and

the location of each items’ source Data

Pool.

1.A manufacturer will:

- Align data internally

- Prepare data for

external publication in

line with EAN.UCC

Standards

- Publish item

information to the

source Data Pool

- Synchronize changes

to this date

- Approve retailer

requests to subscribe

to date.

4. A retailer will:

-Search the GS1

Global Registry, via a

selected Data Pool, for

an item (by GTIN or by

description) – the

Registry returns the

details of the items to the Data Pool

- Request subscription

to manufacturer data

- Receive data and any subsequent changes

- Align data with

internal data.

5. The trading

partners

synchronise the

item information

between their

respective Data

Pools.

6. The same process

applies for

synchronising Party

information, published

by manufacturer or

retailer, based on the

GLN.

Registry Manufacturer

Retailer

Data Pool

Data Pool

Global Data Synchronization network on the Electronic Product Code Network

Thank you for your attention!


Contact: Professor Virgil Popa Ph. D.

www.virgilpopa.com

www.scm-journal.com www.ecr-uvt.ro

[email protected] [email protected]


http://www.virgilpopa.com/

http://www.virgilpopa.com/

http://www.scm-journal.com/



http://www.ecr-uvt.ro/



mailto:[email protected]

mailto:[email protected]

Documents

Supply Chain Security Management for Business Continuity ...virgilpopa.com/articole/5th IEEE 1-3 June 2016/IEEE INCALT 2016... · Supply Chain Security Management for Business Continuity