Supply Chain Risk Leadership Council


Developing a Cross-Industry Risk Management and Resiliency Standard

 

 

 

Developing a Cross-Industry Risk Management and Resiliency Standard

Dr. Marc Siegel, Commissioner, Global Standards Initiative, ASIS International, explains the importance of developing international, cross-industry standards

 

One of the primary goals of the Supply Chain Risk Leadership Council is to draw on member expertise to assist in the development of recognized, cross-industry standards on effective risk management and resiliency, as certified by the International Organization for Standardization  (ISO), the world’s largest developer and publisher of international standards for businesses, governments and society.

 

Dr. Marc Siegel, Commissioner of the ASIS International Global Standards Initiative, has been a driving force in the creation of standards specifically dealing with security and resilience management in the supply chain.

 

Q: Why is it important to create ISO standards around supply chain security and resilience?

 

A: The creation and acceptance of an international standard levels the playing field. It means everyone is working from the same playbook. This is particularly important for companies that have global operations, such as shipping companies. This way, you don’t have one set of rules for the US, one for Europe, and one for Asia, for example.  

 

These standards are a kind of generic framework. Rather than providing a prescriptive approach, or saying ‘This is what you must do,’ standards give companies who want to develop a resilience program, the basic components: how to organize activities, processes, functions, and management systems, as well as benchmarking that will aid in determining how to measure success.

 

Q: Don’t most enterprise companies already have ERM policies in place?

 

A: A lot of companies have elements of a resilience management program, but they don’t always put those elements together to create a comprehensive systems-based approach. The creation of ISO standards give companies an overview of how these parts interrelate and work as a whole.  

 

Q: How will businesses benefit from the creation of such standards?

 

A: Through the standards, companies and other organizations will have a framework to build a more resilient organization, as well as a way to demonstrate to business partners that they have a system in place.  

 

For companies at the top of the supply chain, a standards-based approach means a lot less ambiguity. Today, in order to evaluate a supply-chain partner’s preparedness, you’re generally looking at a custom-designed solution. There’s no real way to verify how effective that solution will ultimately be.

 

But in those companies who adopt the ISO standards, you have a framework to verify that effective systems are in place, and you can train auditors to know what to look for in evaluating a supply chain partner’s resiliency program.  Ultimately, this makes it easier to have confidence in your supply chain.

 

Q: Who contributes to the development of these standards?

 

A: The ISO is comprised of groups of technical committees who work in different areas of expertise. This standard will be developed by a technical committee that specifically deals with resilience in the supply chain, with feedback from delegates from a variety of countries and organizations—the same people who will implement them and be impacted by them.

 

Once a consensus is reached on the draft standard, it is put to a vote.

 

Q: What’s the timeline for development and ratification? When can we expect to see ISO 28002 SCM standards published?

 

A: It can take anywhere from a year and a half to three years for a standard to reach consensus and ratification, but barring unforeseen circumstances, I think we’ll see certification on these standards relatively quickly. For one thing, we’re working from existing standards—the ANSI American Standard for Organizational Resilience (ASIS SPC.1:2009), which gives us a solid foundation from which to develop the international standards.  

 

Q: What role is the SCRLC playing in helping to develop the ISO 28002 standards?

 

A: SCRLC members have been helping to review the current document as a starting point, specifically by looking at that document to see how it needs to be changed to address supply chain management. In addition, members are making suggestions for the development of an annex to help companies at different levels and tiers to better apply the standards.

 

For example, what should manufacturers consider? What should you look at if you’re focusing on security? What criteria are particularly important in evaluating risk? These annexes will give advice and best practices for industries and companies across the supply chain.