|
||||||
Developing a Cross-Industry Risk
Management and Resiliency Standard Dr.
Marc Siegel, Commissioner, Global Standards Initiative, ASIS International,
explains the importance of developing international, cross-industry standards One of the
primary goals of the Supply Chain Risk Leadership Council is to draw on member
expertise to assist in the development of recognized, cross-industry standards
on effective risk management and resiliency, as certified by the International Organization
for Standardization (ISO),
the world’s largest developer and publisher of international standards for
businesses, governments and society. Dr.
Marc Siegel, Commissioner of the ASIS International Global Standards Initiative,
has been a driving force in the creation of standards specifically dealing with security and resilience management in the
supply chain. Q: Why is it important to create ISO standards around supply chain
security and resilience? A: The creation and acceptance of an international
standard levels the playing field. It means everyone is working from the same playbook.
This is particularly important for companies that have global operations, such
as shipping companies. This way, you don’t have one set of rules for the These standards are a kind of generic framework.
Rather than providing a prescriptive approach, or saying ‘This is what you must
do,’ standards give companies who want to develop a resilience program, the
basic components: how to organize activities, processes, functions, and
management systems, as well as benchmarking that will aid in determining how to
measure success. Q: Don’t most enterprise companies already have ERM policies in
place? A: A lot of companies have elements of a resilience management
program, but they don’t always put those elements together to create a
comprehensive systems-based approach. The creation of ISO standards give
companies an overview of how these parts interrelate and work as a whole. Q: How will businesses benefit from the creation of such
standards? A: Through the standards, companies and other
organizations will have a framework to build a more resilient organization, as
well as a way to demonstrate to business partners that they have a system in
place. For companies at the top of the supply chain, a
standards-based approach means a lot less ambiguity. Today, in order to
evaluate a supply-chain partner’s preparedness, you’re generally looking at a
custom-designed solution. There’s no real way to verify how effective that
solution will ultimately be. But in those companies who adopt the ISO standards,
you have a framework to verify that effective systems are in place, and you can
train auditors to know what to look for in evaluating a supply chain partner’s
resiliency program. Ultimately, this
makes it easier to have confidence in your supply chain. Q: Who contributes to the development of these standards? A: The ISO is comprised of groups of technical committees
who work in different areas of expertise. This standard will be developed by a
technical committee that specifically deals with resilience in the supply
chain, with feedback from delegates from a variety of countries and
organizations—the same people who will implement them and be impacted by them. Once a consensus is reached on the draft standard, it
is put to a vote. Q: What’s the timeline
for development and ratification? When can we expect to see ISO 28002 SCM
standards published? A:
It can take anywhere from a year and a half to three years for a standard to reach
consensus and ratification, but barring unforeseen circumstances, I think we’ll
see certification on these standards relatively quickly. For one thing, we’re
working from existing standards—the ANSI American Standard for Organizational
Resilience (ASIS
SPC.1:2009), which gives us a solid foundation from which to develop the international
standards. Q: What role is the
SCRLC playing in helping to develop the ISO 28002 standards? A:
SCRLC members have been helping to review the current document as a starting
point, specifically by looking at that document to see how it needs to be
changed to address supply chain management. In addition, members are making
suggestions for the development of an annex to help companies at different
levels and tiers to better apply the standards. For
example, what should manufacturers consider? What should you look at if you’re
focusing on security? What criteria are particularly important in evaluating
risk? These annexes will give advice and best practices for industries and companies
across the supply chain. |
||||||