Upload
daniel-suchy-cpp-msyi
View
344
Download
2
Embed Size (px)
Citation preview
Public Information
Physical Security Management System
Security maturity model
Public Information2 1/18/2016
ON Semiconductor www.onsemi.com
A leading supplier of semiconductor based solutions driving energy efficient innovations.
• 2014 Revenue - $3.162 billion
• 3Q15 Revenue - $904.2 million
• 23000 employees
• 17 Manufacturing sites
• 32 Design centers
• Market segments
31% Automotive, 18% Communications, 13% Computing, 15% Consumer, 23% Industrial/Military/ Aerospace/Medical
Public Information3 1/18/2016
Great Baltimore Fire - 1904
1545
35000
1
600
30
1231
70
Public Information4 1/18/2016
Great Baltimore Fire – 1904 (cont.)
• Baltimore adopted a city building code
• The National Fire Protection Association
adopted a national standard for fire
hydrants and hose connections
• However, conversion was slow and still
remains incomplete (only 18 of the 48 most
populous American cities reported
compliance, 2004)
Public Information5 1/18/2016
Security Management System for the Supply Chain (ISO 28000).
Equivalent to 14001, 9001, 18001, 27000.
Ensures that we follow the same basic guidelines of Plan, Do, Check, Act as the other management systems.
Very familiar look and feel for
the executives.
Why to standardize Physical Security?
Public Information6 1/18/2016
Goal oriented
• Documented
• Repeatable
• Consistent
• Auditable
• Continual improvement
Public Information7 1/18/2016
Layered
Corporate System Manual
Corporate procedures
Site/Region level specifications
Records
Public Information8 1/18/2016
• Access Control (badging specs. included)
• Asset Control
• Precious metals & Scrap Security
• Training and Awareness
• Investigations
• Physical Security emergency planning
• Performance monitoring (KPIs)
• Travel Security
• Physical Security Risk Assessment
• Remote Sites Security
Corporate-wide
Public Information9 1/18/2016
Corporate-wide (cont.)
Level 1 DocumentCorporate System Manual
Level 4 DocRecords
Level 3 DocSite/Regional Specifications
Level 2 DocCorporateProcedures
Security Management System Manual
Risk Assessment and Performance Monitoring Procedure
Regional Security Assessment Specification
Security Risk Analysis
Training and Awareness Procedure
Site Training Specification
Training Record
Travel SecurityEmergency Plan
Procedure
Site Security Emergency Plan
Incident Lessons Learned Report
Incident Reporting Procedure
Site Incident Reporting
Specification
Global Incident Reports
SPOC
Access Control Procedure
Site Access Control Specification
Badging Specification
Asset Control Procedure
Site Property Control Specification
Scrap Security Spec
Security System Procedure
Site Security System Specification
Maintenance Plan
Public Information10 1/18/2016
Physical Security Maturity Model
InitialSite by site different approach. No success criteria set. Ad-hoc /reactive
approach.
DefinedCorporate and industry best practices gathered and translated into physical
security corporate goals and requirements.
RepeatableSet requirements formally documented and standardized. Site level gap
analyses and action plans.
Managed and MeasuredFormal PSMS which is measured and controlled. Reporting and auditing
system established.
OptimizedCorporate-wide physical security management system and aware work force.
Process improvement and performance measurement focused.
Public Information11 1/18/2016
• Conformance with global standards
• Continual improvement
Auditing
Public Information12 1/18/2016
• Consistency (documented, repeatable)
• Continual improvement (internal audit)
• Measurable results – KPIs, benchmarking
• Management commitment
• Enhancement of the organization's
performance
• Systematical risk identification
Benefits
Public Information13 1/18/2016
Questions
Public Information14 1/18/2016
Thank you