ISO 28000: Using the International Standard in the ever deteriorating global security environment and its impact on the homeland security.

In his introduction to the National Strategy for Global Supply Chain Security, published on January 23, 2012, the President has clearly emphasized the United States commitment to ensuring “efficient and secure transit of goods through the global supply chain system”.  Any disruption to the supply chain can adversely affect the economy of our nation or for that matter any nation.  Our homeland cannot be safe if the global supply chain remains vulnerable.  Adopting the process-based management system (PBMS) approach to global supply chain security can guarantee the rejection of the misconception that security and efficiency are not possible together.

ISO 28000 is a generic security management standard based on the PDCA cycle (Plan, Do, Check, Act) already extensively employed by businesses globally to bring in efficiency, continual improvement and innovation using the international standard ISO 9001.  Companies, which are already compliant with the ISO 9001 standard, are in a ready state to incorporate the additional requirements of ISO 28000.  Where companies are not compliant with ISO 9001 and considering ISO 28000 as the initial standard to adopt the PBMS approach, they prepare themselves to benefit from the approach when they further widen their scope.  The adoption of the Customs and Borders Protection (CBP) initiative, C-TPAT by companies within the US and those trading with the US benefit as the C-TPAT initiative is based on the ISO 28000 standard and can therefore be implemented in a seamless manner.

Those companies which are considering a process-based approach to management for the first time, not only ensure the security of the global supply chain but also then prepare their systems for gaining the benefits of efficiency, continual improvement and innovation to their management systems.  Apart from C-TPAT, the other international initiatives similar to ISO 28000 include the World Customs Organization (WCO), which has adopted the Framework of Standards to Secure and Facilitate Global Trade, SAFE Framework security requirements, International Maritime Organization (IMO) / Safety of Life at Sea (SOLAS) security requirements (as included in Chapter XI-1 & 2) leading to the International Ship and Port Facility security requirements, EU Authorized Economic Operator
(AEO) security requirements.

At one time, just ensuring efficiency based on ISO 9001 was an option for companies to remain in business and to operate profitably.  However with time, to stay in business the companies had to take care of the risks, pollutants and adverse effects to the environment from the by-products of their processes.  ISO 14001 (Environmental Management System – EMS) took care of this.  However, following the tragedy of 9/11, this was not sufficient and protection of the business from security breaches became vital to ensure business continuity and profitability.  In 2001 – 2002 following the tragedy, it was the maritime community who realized their vulnerabilities and took the initiative to protect the maritime assets by adopting the IMO’s ISPS Code (International Ship and Port Facility).  This protection of the maritime assets, however, left the supply chain vulnerable to security breaches both upstream and downstream.  ISO 28000 fills this gap and brings the PBMS approach to the security of the entire global supply chain.

The supply chain globally connects the world economy today.  With the dependence on Middle East oil remaining a reality, global security of our supply chains is more critical than ever.  Terrorists and bad elements seeking to disrupt the supply chain can best be prevented by a system approach to security.  The dangers to our maritime assets in ports come from outside the ports, up and down the supply stream, so just protecting the ports is not sufficient.  The entire supply chain upstream and downstream needs planned protection using a fail-safe system.  One vessel destroyed in just the right location will affect a country’s economy for years.  One train with HAZMAT cargo destroyed in a vital location can cause great loss of life, cause mass hysteria and not only adversely affect the economy but also demoralize a nation.  Consider a remotely detonated nuclear device being exploded anywhere in the route of the long global supply chain and its impact.  In US neighborhoods, a lot of our trade from the North and South is carried out on trucks.  Securing the trucking routes can be a nightmare without a system approach.

Shipping unites the world by its complex intermodal transportation and is crucial to the world economy.  This then also makes it vulnerable to pirates and terrorists.  While the ISPS code ensures the requisite security of the maritime assets, these threats come into the ports and ships from outside.  Ninety-five percent of our imports are by sea.  The security of the ports upstream and downstream is a national necessity.  The United States also needs to consider the effects of the Panama Canal widening which will allow for new super carriers to come to our Eastern ports.  This will slow down the inspection process.  These implications will bring in nonconformities (NC) occurring over time as we receive this larger amount of shipping on our eastern shores.  Can the nation wait for the NCs to occur and then apply correction and corrective action, or should ISO 28000 be adopted across the supply chain to use the PBMS approach and ensure the security of the global supply chain?

Complexities of the supply chain cannot be managed without a system approach.  An end-to-end view of the entire operation needs to be the focus.  It will require coordination and protection carried out in a systematic manner.  The probability of a supply chain vulnerability causing harm by disruption will continue to grow without a system approach to the management of its security.  This risk can be mitigated by the adoption of the system approach fundamentals provided in this international standard .