Supply chain security (SCS) - Good practice guide for small and medium sized operators

This Technical Report aims to provide Small and Medium sized Enterprises (SMEs) basic knowledge about how to manage and mitigate the risk of criminal and terrorist activities. This is a shared objective for the private and public sector*.  For the private sector, companies have gained experience on measures, which can assist in preventing security breaches from happening, to protect against supply chain interruption. Also some business standards have been developed identifying measures, which companies can execute in order to obtain labels which certify business operations and reward them with a security quality label. The public sector has developed security legislation which companies should either mandatory or voluntary apply into their business operations.
This Guide provides an easy-to-read overview on:
1)   How SMEs can apply a supply chain security approach to their operations (Clause 2).
2)   The main crime types in the supply chain including some measures to fight these crime types from occurring (Clause 3).
3)   Supply chain security legislation and programs, with their respective compliance requirements (Clause 4).
*In the context of this guide, "supply chain security" covers risk management, crime prevention, security procedures and technologies, as well as security regulations and programs.  The overview and examples in this book are based on recent academic work and interviews with experts in the field, including CEN SCS Feasibility Study (2010); EU FP7-LOGSEC Roadmap (2011) and interviews with CEN TC/379 experts.

Sicherheit von Lieferketten - Handbuch für bewährte Praktiken für kleine und mittlere Unternehmen

Sûreté de la chaîne d'approvisionnement - Guide de bonnes pratiques pour les petites et moyennes entreprises

Le présent rapport technique vise à apporter aux petites et moyennes entreprises (PME) des connaissances de base sur la façon de manager et de limiter les risques liés aux activités criminelles et terroristes. Il s'agit d'un objectif commun au secteur privé et au secteur public.  En ce qui concerne le secteur privé, les entreprises ont acquis de l'expérience dans le domaine des mesures pouvant contribuer à prévenir l'apparition de failles dans la sûreté pour se prémunir contre une rupture de la chaîne d'approvisionnement. De plus, quelques normes professionnelles ont été élaborées, identifiant les mesures que les entreprises peuvent mettre en œuvre en vue d'obtenir des labels certifiant leurs opérations commerciales et se voir récompensées par un label qualité sûreté. Le secteur public a élaboré une législation de la sûreté qu'il convient que les entreprises appliquent, de manière obligatoire ou facultative, dans leurs opérations commerciales.

Varnost oskrbovalne verige - Navodilo z dobrimi praksami za male in srednje velike dobavitelje

Cilj tega tehničnega poročila je malim in srednje velikim podjetjem zagotoviti osnovno znanje o nadzoru in zmanjšanju tveganja kriminalnih in terorističnih dejanj. To je skupni cilj za zasebni in javni sektor. 1. Za zasebni sektor velja, da so podjetja pridobila izkušnje o ukrepih, ki lahko pomagajo pri preprečevanju kršitev varnosti in tako zagotavljajo zaščito pred prekinitvami oskrbovalne verige. Razvili so se tudi nekateri poslovni standardi, ki opredeljujejo ukrepe, ki jih podjetja lahko izvajajo z namenom pridobitve oznak, ki potrjujejo poslovne postopke, in jim dodelijo oznako kakovosti na področju varnosti. Javni sektor je razvil zakonodajo za področje varnosti, ki bi jo podjetja morala na zavezujoči ali prostovoljni ravni uporabljati za svoje poslovanje. V tem priročniku je enostaven pregled naslednjih tem:
1.) Kako lahko mala in srednje velika podjetja uporabijo pristop varnosti za oskrbovalno verigo za svoje postopke (točka 2).
2.) Glavne vrste kriminalnih dejanj v okviru oskrbovalne verige in nekateri ukrepi za njihovo preprečevanje (točka 3).
3.) Zakonodaja in programi s področja varnosti oskrbovalne verige ter njihove zahteve glede skladnosti
(točka 4). 1. V tem priročniku »varnost oskrbovalne verige« zajema obvladovanje tveganja, preprečevanje kriminala, varnostne postopke in tehnologije ter varnostne predpise in programe. Pregled in primeri v tej knjižici temeljijo na nedavnem akademskem delu in pogovorih s strokovnjaki na tem področju, vključno s študijo izvedljivosti Evropskega odbora za standardizacijo na področju varnosti preskrbovalne verige iz leta 2010 (CEN SCS Feasibility Study, 2010); EU FP7-LOGSECRoadmap (2011) in pogovori s strokovnjaki odbora CEN TC/379.

General Information

Status
Published
Publication Date
04-Sep-2012
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
05-Sep-2012
Due Date
21-Oct-2013
Completion Date
05-Sep-2012

Buy Standard

Technical report
TP CEN/TR 16412:2012
English language
22 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-november-2012
Varnost oskrbovalne verige - Navodilo z dobrimi praksami za male in srednje
velike dobavitelje
Supply chain security (SCS) - Good practice guide for small and medium sized operators
Logistik - Handbuch für bewährte Praktiken für die Sicherheit von Lieferketten
Sécurité de la chaine d'approvisionnement - Guide de bonnes pratiques pour les petites
et moyennes entreprises
Ta slovenski standard je istoveten z: CEN/TR 16412:2012
ICS:
03.100.10 Nabava. Dobava. Logistika Purchasing. Procurement.
Management of stock
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL REPORT
CEN/TR 16412
RAPPORT TECHNIQUE
TECHNISCHER BERICHT
September 2012
ICS 03.100.10
English Version
Supply chain security (SCS) - Good practice guide for small and
medium sized operators
Sécurité de la chaîne d'approvisionnement - Guide de Sicherheit von Lieferketten - Handbuch für bewährte
bonnes pratiques pour les petites et moyennes entreprises Praktiken für kleine und mittlere Unternehmen

This Technical Report was approved by CEN on 13 August 2012. It has been drawn up by the Technical Committee CEN/TC 379.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2012 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TR 16412:2012: E
worldwide for CEN national Members.

Contents Page
Foreword .3
1 Scope .4
2 Recommended Supply Chain Security Approach .5
3 Crime prevention in supply chains .7
3.1 Introduction .7
3.2 Cargo theft .7
3.3 Counterfeit goods .8
3.4 Terrorism in supply chains .9
3.5 Sabotage in supply chains . 10
3.6 Cross-border duty and tax fraud . 11
3.7 Smuggling of prohibited and restricted goods . 12
3.8 People smuggling . 13
3.9 Document fraud . 13
3.10 Bogus companies . 14
3.11 Cyber crime . 15
4 Supply chain security regulations and programs . 17
4.1 Introduction . 17
4.2 Import Control System (ICS) and Export Control System (ECS) in the EU . 17
4.3 Maritime Security Legislation, ISPS Code in the EU . 18
4.4 Aviation Security Legislation, Air Cargo Supply Chains in the EU . 18
4.5 European Union Authorized Economic Operator (EU AEO) . 19
4.6 Regulated agent, Known consignor and Account consignor in the EU . 20
4.7 ISO 28000 Series of Standards on Supply Chain Security Management Systems . 21
4.8 Transported Asset Protection Association (TAPA) in Europe . 21

Foreword
This document (CEN/TR 16412:2012) has been prepared by Technical Committee CEN/TC 379 “Supply
Chain Security”, the secretariat of which is held by NEN.
Supply chains move huge quantities and values of products and services between businesses and between
businesses and consumers throughout Europe and between Europe and countries in other continents. These
movements present enormous opportunities for organized crime and terrorists. The intrusion of crime and
terrorist activity has become a major risk in doing business for the majority of operators within the supply
chain, i.e.:
 cargo owners;
 shippers;
 forwarders;
 terminal operators;
 transporters.
1 Scope
This Technical Report aims to provide Small and Medium sized Enterprises (SMEs) basic knowledge about
how to manage and mitigate the risk of criminal and terrorist activities. This is a shared objective for the
private and public sector. For the private sector, companies have gained experience on measures, which can
assist in preventing security breaches from happening, to protect against supply chain interruption. Also some
business standards have been developed identifying measures, which companies can execute in order to
obtain labels which certify business operations and reward them with a security quality label. The public sector
has developed security legislation which companies should either mandatory or voluntary apply into their
business operations.
This Guide provides an easy-to-read overview on:
1) How SMEs can apply a supply chain security approach to their operations (Clause 2).
2) The main crime types in the supply chain including some measures to fight these crime types from
occurring (Clause 3).
3) Supply chain security legislation and programs, with their respective compliance requirements
(Clause 4).
In the context of this guide, “supply chain security” covers risk management, crime prevention, security procedures and
technologies, as well as security regulations and programs. The overview and examples in this book are based on recent
academic work and interviews with experts in the field, including CEN SCS Feasibility Study (2010); EU FP7-LOGSEC
Roadmap (2011) and interviews with CEN TC/379 experts.

2 Recommended Supply Chain Security Approach
How to integrate supply chain security into your business? Various ways are possible and being explored by
companies. Existing guidelines and best practices often refer to the exploitation of risk management
approaches. However, the practical application of these approaches is often difficult to understand and apply
in practice for SMEs. Hence, in this guide a concrete step-by-step approach is explained, with examples of
practical security measures to mitigate specific crime risks, and to comply with specific security regulations
and standards. In this guide, the following six steps are recommended :

FIRST, define the context for your supply chain, crime prevention and security management activities. The
major questions being:
 Which business are you in, and how “security sensitive” is it?
 Which geographies and transport modes are included?
 Who are the customers, suppliers, insurance providers, governmental agencies and other key
stakeholders your supply chain operates with?
As an outcome, you create the context before moving on to the next considerations.

There is no guarantee that a certain security measure brings a sustainable, positive outcome.
SECOND, perform a threat and vulnerability analysis, when it comes to actual criminal and terrorist threats
in your supply chain. The major questions being:
 Where are the risks of failing today, i.e. where are the gaps calling for enhanced security?
 Which crime types are of particularly high risk in your supply chain? Use statistical sources, if
available, while carrying out such risk assessments.
 What are the realized and/or potential consequences of one or more crime incidents?
THIRD, consider regulatory and program aspects. The major questions being:
 Which regulations are required for you to operate successfully in your defined business environment,
and which programs could support achieving your business objectives?
 What do your customers expect from you? What about your suppliers?
 Have your insurance providers established any requirements?
 What about relevant governmental authorities, including customs and police?
FOURTH, create an overarching security plan for your company and/or supply chain, where you consider a
variety of security management aspects, taking into consideration the outcomes of your business context;
threat and vulnerability; as well as security program and regulatory aspects analysis (steps one, two and three
above). The aspects you should take into consideration are:
 Physical security (facilities, vehicles, containers, shipments etc.);
 Data security (in particular systems with supply chain data);
 Human resources security (including selection, training, and exit procedures); - Business partner
security (including selection, and auditing); and
 Process control and monitoring of deviations.
FIFTH, choose the combination of concrete security measures – investments in technologies,
procurement of services, in-house solutions and so forth – and implement them into practice. Embed security
procedures and technologies as much as feasible into daily operations, as part of your overall supply chain,
logistics, and transport management functions.
SIXTH, monitor and measure the security performance and feedback to the planning cycle. Take
corrective actions. Increase security at weak spots, and reduce in the areas where overinvestment has taken
place. Pay attention to the dynamics and changing situations when it comes to criminal focus areas and
“criminal portfolios”; technical and operational improvements - both licit and illicit aspects - and legislative
requirements, and consequences, both for the licit and illicit actors.

Clause 2 helps to increase understanding the types of threats one could be subject to and do something about.
Clause 3 provides an overview of key regulation and programs.
3 Crime prevention in supply chains
3.1 Introduction
Ten relevant crime types have been chosen fallen under the following five categories:
1) Property theft: Cargo theft; Intellectual property violations.
2) Targeted damage: Terrorism; Sabotage.
3) Cross-border duty and tax fraud
4) Illegitimate transporting / importing and/or exporting: Smuggling of prohibited and restricted
goods; People smuggling.
ϱͿ Crime facilitation: Document forgery; Bogus companies; Cyber crime.
For each crime type, the
 issue (What are the main characteristics and what are the typical products / sectors involved?),
 scope of the problem (Why is it a problem?) and
 actions to take (How to mitigate the risks?)
are being elaborated on. 
3.2 Cargo theft
Cargo theft can be defined as “.any theft of shipment committed during its (surface) transportation or
within a warehouse.” . This covers straightforward theft, hijacking, robbery, fraudulent pick-up, and load
diversions, etc. . The value of a single load can be anything from a few thousand to few dozen million Euros.
On the other hand, in case of getting caught, cargo crimes often result only in minor legal punishment.
Valuable commodities, which have high demand on the after-market and are easily transportable, are quick to
sell and particularly vulnerable for cargo theft . These commodities include consumer electronics, cigarettes,
food, alcohol, brand apparels, precious metals and prescription drugs. Cargo crime incidents can occur in any
part of a supply chain, but truck stops and unsecured parking lots are the most vulnerable spots in the chain
(NICB 2010).
In addition to the high financial losses estimated to be over 8 billion Euros in Europe in 2009 , the human
suffering caused by threats and violence involved in cargo theft is huge. From the private sector perspective,
cargo theft is commonly considered the most frequent crime threat in supply chains today. All operators can
be usual victims of cargo theft. Manufacturers face material shortages due to theft incidents, resulting in
production downtime, missed deliveries and lost sales . For the logistics sector, cargo theft causes liability
and insurance problems, lower customer satisfaction and so on. For the public sector, cargo theft is a cost
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.