Keeping products in motion is key to protecting your global supply chain. Far from dragging down the process, security initiatives help companies pick up the pace.
It's a fact of life: once you release goods into a global supply chain, they're vulnerable. The longer it takes for them to reach their destination, the more opportunity there is for calamity or theft. Hence the old saying: "Freight at rest is freight at risk."
But mention "supply chain security" to some CEOs and COOs and they may groan, envisioning an interminable series of cargo inspections and paperwork examinations that strand products in vast dockside warehouses. In a world increasingly accustomed to just-in-time delivery, "your product can actually decline in price while it is sitting in port", says Dan Purtell, president of the supply chain security division for First Advantage, a global risk management firm.
Ken Wheatley, vice president of corporate security for Sony Electronics (a division of Sony Corporation of Japan), will admit that "some security measures inject time into the process because they add another handoff". But in general, according to Wheatley and other global logistics experts, supply chain security is one area where the CSO and the operations side of the house should be on the same page. The corollary to the old saying about freight is that the more efficiently goods move through the supply chain, the more secure they'll be.
Toward that end, here are seven best practices that help companies boost both speed and security.
Focus on Movement (Not Sheer Velocity)
Yes, speed itself can thrill. There's one nuance to that point, however. Wheatley cautions that focusing strictly on speed can be less secure - for example, choosing an air route that's less secure rather than going via a low-risk freight line. "Constant movement (not velocity) is what's important," he says.
Sony Electronics' business model depends on just-in-time shipment of its highly desirable consumer electronics goods. But line-of-business managers understand some situations warrant taking a step back or pursuing an alternate course that could add some time. "If we're aware of something that might disrupt our supply chain, they're all ears," says Wheatley. In these matters, the security and operations teams have to collaborate to weigh risks and rewards.
Use Safety in Numbers
Peter Regen is a vice president at Unisys, which offers supply chain security services and technology. Unisys tracks more than 25,000 air, land and sea conveyances per day in 50 countries for the US Department of Defence. Regen recounts that one client tried putting an armed guard at the front of its trucks in Latin America. This wasn't enough to stop roving bandits with machine guns. The client now moves its goods in that area via high-speed truck caravans.
A related idea is to put two drivers in each truck to ensure they won't have to take sleep breaks before reaching their destination.
Get in the Green Lane
Border crossings are the places where those much-feared, time-consuming inspections are most likely to happen. Avnet, a $US10.2 billion electronics distributor, serves 100,000 customers in 68 countries, shipping 15,000 orders per day via air and freight, even offering same-day delivery on much of its inventory. That adds up to a lot of stuff that has to get through customs - ASAP.
"Our customer demands very quick turnaround time on anything he buys from us," says Jim Smith, Avnet senior vice president of operations. To cut time spent in customs, Avnet became an early adopter of US federal "safe commerce" programs such as the Customs-Trade Partnership Against Terrorism (C-TPAT) and the Container Security Initiative (CSI). Companies that comply with these programs (which are currently voluntary) can get their goods into and out of the US faster than those that don't.
The concept behind both programs is that companies who consistently meet more stringent security requirements can have their stuff moved to the head of the line. For example, US Customs & Border Protection (CBP) will grant "green lane" status to importers that ship goods in "smart" containers (containers with high-tech tamperproofing and identification equipment) and can provide information about the shipments at least 24 hours in advance. In theory, this will allow low-risk shipments to enter the country more quickly. Another bonus: CBP assigns participating companies an account manager, someone to help solve problems if things slow down.
Sony Electronics participates in several federal initiatives, including C-TPAT, CSI and FAST (Free and Secure Trade, a program between the United States, Canada and Mexico). To comply with these programs, companies have to show they employ a wide range of countermeasures, including performing employee background checks, checking photo badges of workers onsite and inspecting container seals for tampering. In exchange, the companies get faster passage through certain checkpoints.
C-TPAT has endured its share of criticism - that the auditors aren't sufficiently trained, or that the budget allocated is insufficient, for example. Nevertheless, the new CSO at a Fortune 500 food industry company (who requested anonymity) says he thinks C-TPAT and similar programs are among the best homeland security initiatives undertaken in the United States. "There was an initial knee-jerk attempt to dictate matters [after 9/11]. But in particular, I would say customs has - in the last couple of years - done what they need to do while still showing an awareness of the realities of business," he says. "To date, I think [these initiatives] are working about as well as could have been expected."
Get Your Processes in Order
To take advantage of these programs, business processes often require revamp, experts say. "You'll have to re-engineer your processes to align with security. Otherwise, you won't get any return on your investment," says Regen.
A simple example: container seals. Traditionally, the seal's job was to indicate clearly if a box had been tampered with. But far too often, people at various stages of the supply chain either ignore the seal altogether or rubber-stamp the paperwork, says Michael Wolfe of the transportation and logistics division at North River Consulting Group. There are several process-centric ways to deal with that problem - instituting inspections to beef up accountability, for example. Wolfe likes a different option: electronic container seals that "take people out of the loop; the seal sends electronic information about itself automatically". That's a process change that enhances security and also reduces cost, time and human error.
The trade-off, of course, is that technology can present a steep initial investment hurdle. According to a report from analyst firm IDC (sponsored by Unisys), early adopters of "safe commerce" spend an average of $US3.7 million on everything from contingency planning systems and managed security services to secure access control systems and radio frequency identification (RFID) technology.
The "24-hour rule" is another CBP program that illustrates the confluent interests of business and security. Last year, CBP began requiring US importers to provide information on the contents of containerized goods 24 hours before the goods were loaded onto ships in foreign ports. Supply chain executives were leery of adding an extra layer of data collection onto their normal processes, even with the promise of getting through customs faster.
"There was lots of wailing about the cost and difficulty," says Wolfe. "A year later, senior executives have told me this has worked out really well; having complete information 24 hours in advance forces them to load more efficiently and effectively."
Having visibility of the product or shipment throughout the supply chain is an important security component, says Dick Germer, global security manager for UPS Supply Chain Solutions, in Atlanta. "We can 'see' the goods from point of origin to final destination. We can react more quickly if there is a delay."
For many companies, knowing the answer to three simple questions would be a step in the right direction: What's in each box - truck or train? How fast is it going? And how much is being lost each year to cargo theft? The aforementioned food industry CSO verifies that even at Fortune 500 companies, lost data is often not captured adequately. "One of the problems we face is that there's no historical data on what we've been losing," he says. "Now that we're being aggressive about tracking it, we're finding we've been losing a lot more than previously realized."
Get Partners on Board
Avnet hedges against occasional slowdowns by maintaining close partnerships with its carriers. Avnet evaluates each carrier on a 22-point checklist prior to entering a business relationship. Criteria include Web access to tracking data, en route tracking ability and GPS capability. Avnet also likes to see that the carrier is investing in the latest security technology, such as RFID tags. FedEx, UPS and DHL have made the grade. Avnet uses dozens of other carriers but describes trade as "virtually frictionless" with partners to which the company has granted special status.
Avnet also obtains as much data as possible from its suppliers (including part number, country of origin and other key elements), which again emphasizes the value of visibility. You have to have data to share data. Avnet's partner information comes in every format imaginable, from fax and e-mail to EDI and XML, depending on the supplier's technology sophistication. Although it was a major effort to accommodate that information, Avnet confirms that it pays off in additional product velocity throughout the supply chain.
Make the Business Case
As always, you'll need numbers to convince other executives of security's value. "It is critical to articulate the business benefits for security in hard dollar terms. This is a weak area for [security officers]," says Wolfe. "No one wants to say how much they lose, so it's tough to spell out the payoffs of better security."
Yet again, Wolfe's observation makes painfully obvious the need for good data. But the task is not impossible. For example, a company might install RFID tags to improve visibility into its containers and trucks, or monitor its trucks and trailers via satellite. "I can increase efficiency and serve customers better. And while I'm doing that, I can make sure no one is screwing with my stuff," says Wolfe. "Done right, security, speed and business benefits all roll up together."
Pain Or Gain
The numbers say supply chain security has a great positive - or negative - impact on the business as a whole
In a May 2004 IDC survey of 97 companies, more than half of the respondents cited each of the following supply chain security risks as a "major concern":
» Damage to company's brand or reputation » Compliance with governmental mandates
On the flip side, more than half of respondents also cited the following as "major benefits" of good supply chain security:
» Reduced cost » Preserved brand integrity » Improved supplier relationships » Increased supply chain velocityThe Cardinal Sin
When it comes to supply chain security, experts say the biggest mistake is taking compliance for granted. Just because you have worked long and hard to develop strong policies and procedures, don't assume they are actually being carried out.
"You have to check that they are being done and then go back and check again," says Dick Germer, global security manager for UPS Supply Chain Solutions, in Atlanta. Auditing is a way of life for anyone concerned with global supply chain security. You must audit employee behaviour, not just as an internal best practice, but to remain in compliance with federal initiatives such as the Customs-Trade Partnership Against Terrorism. And don't assume employees walk in the door knowing anything at all about security. Germer's company spells out several standard security practices as part of new-employee orientation. No one has to wait around for someone from the security division to deliver the message, either. "The operations and communications managers are taught to talk security as well," says Germer.