Before You Begin: Assign Information Classification
Download
Report
Transcript Before You Begin: Assign Information Classification
Meeting Agenda
Day 2 - Tuesday (May 18)
Day 3 - Wednesday (May 19)
Time
Topic
8:00 AM
Welcome/Intros
Glen Meskimen 8:00 AM
8:10 AM
Agenda Review
Keynote:
Who Is Applied Materials
Lance Solomon 8:45 AM
8:15 AM
8:45 AM
Member Spotlight:
John Deere
9:30 AM
Break
9:45 AM
Update on ISO 31000 Survey
10:00 AM
12:00 PM
1:00 PM
2:30 PM
2:45 PM
4:30 PM
5:00 PM
6:45 PM
Discussion: SCRLC Structure
Overview and SCRLC
Objective/Deliverable Reset
Lunch
Working Session:
Track Break-out
Break
Track Readout
Optional: Gown Up
Optional: Tour of Mfg Facility
Hosted Dinner in Downtown
Austin
Speaker
Time
Topic
Speaker
Member Spotlight:
Managing Supplier Health
Break
Member Spotlight:
Rolls Royce Best Practices
Glen
Meskimen
Linda Guzzi
9:00 AM
Elizabeth
Carroll, Bob
Smola
9:45 AM
Break
10:00 AM
SCOR Model Update
Glen Meskimen 10:30 AM
Discussion: Future Meeting Structure
and Managing/Sharing Track Output
Lance Solomon 11:30 AM
Next Steps/Roundtable/Hotwash
12:30 PM
Lunch & Adjourn
1:30 PM
Governance Track Meeting
3:30 PM
Adjourn
Patrick
Nowatzky
Taylor
Wilkinson
Lance
Solomon
Lance
Solomon
Lance
Solomon
Track Leads
Supply Chain Risk Leadership Council
1
Meeting Agenda
&
Council Structure
Overview
Applied Materials, host
Austin, TX
May 17-19, 2010
Supply Chain Risk Leadership Council
2
SCRLC Vision/Mission
Definition:
Supply Chain Risk Management (SCRM)
The practice of managing the risk of any factor or event that can materially
disrupt a supply chain whether within a single company or spread across
multiple companies. The ultimate purpose of supply chain risk management
is to enable cost avoidance, customer service, and market position.
Our Vision:
Lead world class manufacturing & services supply chain firms to share and
influence supply chain risk management best practices.
Our Mission:
-Create a framework to identify and share best-practices to deliver world
class performance in supply chain risk management
-Raise awareness and advocate supply chain risk management framework
externally
-Create an engagement model to proactively influence standards and
regulations across industries and their related organizations/councils
Supply Chain Risk Leadership Council
3
Proposed Track Structure
Governance
Best Practices and Standards WG
Preparedness,
Business
Continuity,
and Recovery
Planning
Regulatory
Compliance
(Regulatory
Engagement
and
Landscape
WG)
Supply
Chain
Security
Supply
Chain
Resiliency
Supply Chain Risk Leadership Council
Risk
Assessment
and
Monitoring
Supply Chain
Incident
Detection
and Crisis
Management
4
ISO 31000
Supply Chain Risk Leadership Council
5
Alignment of Tracks to ISO 31000
Standards & BP
Security/Regulatory
Risk Assessment
Crisis Management
BCP
Resiliency
Supply Chain Risk Leadership Council
6
2010-2011 SCRLC Work Calendar
May 2010
Review and
finalize council
structure
Align on council
and track
objective,
deliverables,
leads/members
Oct 2010
Review and
finalize
deliverable
content
Jan 2011
May 2011
Deep dive on
track best
practices
Review and
finalize maturity
model selfassessments
Finalize
documentation
process
Define best
practices
communication
plan (internal
and external)
Supply Chain Risk Leadership Council
Maturity model
selfassessment
results drive
2011 SCRLC
meeting
agendas
7
Track Sessions: Direction
Validate and update high-level track
objective(s), lead, and members
• Define value proposition, vision, mission
• Include what has been done and what is planned
Validate and update track deliverables:
•Collect completed best practices
•Determine process to link back to ISO 31000
•Prepare for:
oBest Practices WG’s recommendation to integrate
track deliverables
oJanuary 2011 SCRLC Meeting: Sharing track best
practices
Supply Chain Risk Leadership Council
8
Meeting Agenda
&
Council Structure
Overview
Applied Materials, host
Austin, TX
May 17-19, 2010
Supply Chain Risk Leadership Council
9
Track Readout Template: Profile
Track Vision,
Mission, Value
Proposition:
Track
Objective(s):
To provide a maturity model which enables
benchmarking against collective input of best
practices from participating member companies.
•Provide non-regulatory framework for collecting,
developing, and implementing best practices for
supply chain risk and resiliency management.
•Create an engagement model to proactively
influence standards and regulations across industries
and their related organizations/councils.
Track Lead:
Glen Meskimen
Track
Members:
Patrick Nowatzky, Rolls-Royce
Casper Hunsche, SCC
Lance Solomon, Cisco
Supply Chain Risk Leadership Council
10
Track Readout Template: Deliverables
List Track Deliverables:
Date Of Posting To
SCRLC Website
•
Evaluate ISO31000 and gather member
feedback on the applicability of this
standard to our objectives and approach
for addressing risk in our supply chains –
Complete as of Feb 2010
•
Determine how to apply ISO 31000
to supply chain risk and resilience
management
•
Develop process for defining cohesive
track deliverables and for
reviewing/finalizing track deliverables
•
Deliver a supply chain risk and resiliency
maturity model framework
•
Document SCRM guidelines of best
practices of council member companies
in a standard framework
•
A strategy to influence standards and
how to engage with external orgs.
•
Determine what and how to publish
externally
Supply Chain Risk Leadership Council
How To Link To ISO 31000?
11
Track Sessions: Attendees
STANDARDS - RM
Leader: Glen Meskimen, AMAT
SECURITY /
REGULATOYR– RM
Matagorda Island L1C10
Leader:
Ken Kongismark, Boeing
Lance Solomon, Cisco
Patrick Nowatzky, Rolls Royce
Bob Ricketts, Teradata
Jeff Beck, Genzyme (phone)
Robert Munyon, Genentech
Robert Larson, DHL
RESILIENCY – RM
Lake Livingston L2B5
Leader:
Chris Patterson, GE
BCP – RM
Lake Casa Blanca L2B5
Leader (interim):
Jennifer Williams, Foxconn
RISK ASSESSMENT – RM
Southside Café B131
Leader:
John Brown, Coca Cola
Dave Pollard, FedEx
Stephen Fecho, Merck
Grover Thurman, Foxconn
Beverly Williamson, J&J
Raelene Wong, AMAT
Allison Fujii, Boeing
Jane Khoury, Cisco (phone)
Elizabeth Carroll, John Deere
Taylor Wilkerson, LMI
Mudit Bajaj, Jabil Circuit
Nancy Moore, RAND
Supply Chain Risk Leadership Council
CM – RM
Devils Hollow L1D5
• Leader: Randy
DiGirolamo, FedEx
Sandy Chen, Cisco
Joe Pelayo, AMAT
April Decker, AMAT
12
Appendices
Supply Chain Risk Leadership Council
13
Current Track Objectives
BCP Objective: Assess your internal recovery
capabilities and assess your suppliers’ recovery
capabilities - Internal: Business Processes within
your company - External: Sourcing and Logistics
Resiliency Objective: Implementing, developing
and driving projects that improve resiliency Including; Existing and New Products, Existing
and New Supply Chains (transportation,
manufacturing, logistics)
Governance Objective: To provide recruiting,
meeting coordination, and administrative support
to the council
Standards & Best Practices Objective:
• Provide non-regulatory framework for collecting,
developing, and implementing best practices for
risk and resilience management
• Drive and influence standards to improve risk
and resilience management
• Provide guideline of best practices document
• Influence assessment standards
Risk Assessment Objective: Best practices for
performing a risk assessment and impact
analysis in the supply chain Resiliency Metrics –
metrics for recovery time objectives in the supply
chain. Supplier Resiliency, Product Resiliency,
Node Resiliency (Internal and external suppliers)
Incident Detection & CM Objective: Develop
Best Practices for Supply Chain Incident Detection
and Crisis Management
Regulatory Objective: Get information out there
to shape policy and inform policy makers and
partner with an organization that can lobby policy
makers. 2: Provide input to the ISO standard
development team. Best Practice Sharing with the
council.
Security Objective: Risk minimization – best
practices for prevention, avoidance, deterrence
security threats in the supply chain Intermodal
Supply Chain Security – expanding on the
ISO28000.
Supply Chain Risk Leadership Council
14
Current Track Objectives/Deliverables
Track
Objective
Deliverables
Governance
To provide recruiting, meeting coordination, and administrative
support to the council
Best Practices
& Standards
WG
• Provide non-regulatory framework for collecting, developing, and
implementing best practices for risk and resilience management
• Drive and influence standards to improve risk and resilience
management
• Provide guideline of best practices document
• Influence assessment standards
• Evaluate ISO31000 and gather member feedback on the applicability of this standard to our – Complete as of Feb 2010
• Determine how to apply ISO 31000 to supply chain risk and resilience management (including risk assessment process)
• Develop process for defining cohesive track deliverables and for reviewing/finalizing track deliverables
• Develop/deliver a self-diagnostic maturity model
• Document SCRM guidelines of best practices of council member companies in a standard framework
• Determine how to influence standards and how to engage with external orgs (decide to participate with ANSI, write letters to ISO, etc)?
• Determine what and how to publish externally
Preparedness,
BCP, and
Recovery
Planning
Assess your internal recovery capabilities and assess your
suppliers’ recovery capabilities - Internal: Business Processes
within your company - External: Sourcing and Logistics
1. Definition of business continuity and BC planning – Completed 1/26/2010
2. Identify critical elements of a BC/DR plan – Completed 2/17/2010
3. Develop/map best practices for each critical element – May SCRLC mtg
4. Define performance measurement criteria for a BCP – mtg June & July
5. Determine standard lifecycle of a corporate BC program – mtg Sept
6. Define how the BCP elements map to the lifecycle – mtg Oct
7. Review and clean up 2010 deliverables – mtg Nov
Regulatory
Compliance
Get information out there to shape policy and inform policy makers
and partner with an organization that can lobby policy makers. 2:
Provide input to the ISO standard development team. Best
Practice Sharing with the council.
• Create a Framework for evaluating pending and existing regulations that affect our supply chains by region
• Develop the strategy for regulatory influence
• Develop engagement model with DHS and the Cross Sector Working Group.
Supply Chain
Resiliency
Implementing, developing and driving projects that improve
resiliency - Including; Existing and New Products, Existing and
New Supply Chains (transportation, manufacturing, logistics)
Supply Chain
Security
Risk minimization – best practices for prevention, avoidance,
deterrence security threats in the supply chain Intermodal Supply
Chain Security – expanding on the ISO28000.
To identify new security rules and their impact on supply chain risk and compliance programs
Risk
Assessment
and
Monitoring
Best practices for performing a risk assessment and impact
analysis in the supply chain Resiliency Metrics – metrics for
recovery time objectives in the supply chain. Supplier Resiliency,
Product Resiliency, Node Resiliency (Internal and external
suppliers)
1. Finalize/publish the following: Catalog of key risks, Supply chain risk management process, Common and concise risk management
terminology
2. Provide a table or list of alternative risk analysis methods to add more depth to the toolkit for supply chain risk practitioners.
Incident
Detection and
Crisis
Management
Develop Best Practices for Supply Chain Incident Detection and
Crisis Management
•Deliver an “Introduction to Crisis Management” guidance document: Draft complete/reviewed; Final reviews due 2/9 (need
format/template);Delivered to Council 2/11
•Deliver a sample Crisis Management Plan: Table of Contents; Include 8 common elements of Sloan crosswalk; 1 st draft to Track by April mtg
•Deliver a sample “Notice of Resiliency Statement”: Similar to a holding statement; Need member companies to supply track with samples
Supply Chain Risk Leadership Council
15
Track: SCRLC Governance
Objective:
Deliverables:
To provide recruiting,
meeting coordination, and
administrative support to
the council
Track Leaders:
Lance Solomon, Cisco
Dave Pollard, FexEx
Track Members:
John Brown, Coca Cola
Karen Juhl, Boeing
Ken Kongismark, Boeing
Robert Larson, Genentech
Christopher Patterson, GE
Erin Thomoson, EI
Supply Chain Risk Leadership Council
16
WG: SCRM Best Practices & Standards
Development
Objective:
• Provide non-regulatory
framework for collecting,
developing, and implementing
best practices for supply chain
risk and resiliency management.
• Create an engagement model
to proactively influence
standards and regulations across
industries and their related
organizations/councils.
• Work Group Lead: Glen
Meskimen, App Materials
• Patrick Nowatzky, RR
•Casper Hunsche, SCC
•Lance Solomon, Cisco
Deliverables:
• Internal:
• Evaluate ISO31000 and gather member feedback
on the applicability of this standard to our
objectives and approach for addressing risk in our
supply chains – Complete as of Feb 2010
• Determine how to apply ISO 31000 to supply chain
risk and resilience management
• Develop process for defining cohesive track
deliverables and for reviewing/finalizing track
deliverables
• Deliver a supply chain risk and resiliency maturity
model framework
• Document SCRM guidelines of best practices of
council member companies in a standard
framework
External:
• A strategy to influence standards and how to
engage with external orgs.
• Determine what and how to publish externally
Supply Chain Risk Leadership Council
17
Track: Preparedness, BCP, and
Recovery Planning 2010 Deliverables:
Objective: Assess your internal recovery
capabilities and assess your suppliers’
recovery capabilities - Internal: Business
Processes within your company - External:
Sourcing and Logistics
Track Leader:
Karen Juhl, Boeing
Craig Babcock, P&G
Track Members:
Tim Astley, Zurich
Amy Cox, Rand
Jane Khoury, Cisco
Eddy Liu, TSMC
Brian Peng, FoxConn
Jennifer Trost, MNP
Dave Pollard, FedEx
Bev Williamson, J&J
Lance Solomon, Cisco
Grover Thurman, FoxConn
Jennifer Williams, FoxConn
1. Definition of business continuity (staying in
business) and BC planning – Completed
1/26/2010
2. Identify the critical elements of a business
continuity/disaster recovery plan – Completed
2/17/2010
3. Develop/map best practices for each of
the critical elements defined – May SCRLC
meeting
4. Define performance measurement criteria for
a BCP – meeting June & July
5. Determine standard lifecycle of a corporate
business continuity program – meeting August
& September
6. Define how the BCP elements map to the
lifecycle – meeting October
7. Review and clean up 2010 deliverables –
meeting November
Supply Chain Risk Leadership Council
18
Track: Regulatory Compliance
Objective: Get information out there to
shape policy and inform policy makers
and partner with an organization that can
lobby policy makers. 2: Provide input to
the ISO standard development team. Best
Practice Sharing with the council. This
group will start in the US and Europe and
eventually will expand the scope globally.
Track Leader:
Chris Patterson, GE
Nick Wildgoose, Zurich
Deliverables: (from
Regulatory WG notes)
• Create a Framework for evaluating
pending and existing regulations that
affect our supply chains by region
• Develop the strategy for regulatory
influence
• Develop engagement model with
DHS and the Cross Sector Working
Group.
Track Members:
Sheryl Byrd, GE
Ken Kongismark, Boeing
Robert Munyon, Genentech
Supply Chain Risk Leadership Council
19
Track: Supply Chain Security
Objective: Risk minimization – best
practices for prevention, avoidance,
deterrence security threats in the supply
chain Intermodal Supply Chain Security –
expanding on the ISO28000.
Track Leaders:
Ken Kongismark, Boeing;
Kirsten A Provence, Boeing
•Track Members:
Jeffrey Beck, Genzyme
Terence Brunson, LMI
Mary Chenoweth, RAND
Andrew Cox, DHS
Scott Dedic, Sony
Jim Rice, MIT
Bob Weronik, GE
Deliverables:
To identify new security rules
and their impact on supply
chain risk and compliance
programs
Does this share common
objective with Regulatory
track?
Supply Chain Risk Leadership Council
20
Track: Supply Chain Resiliency
Objective: Implementing, developing and
driving projects that improve resiliency Including; Existing and New Products, Existing
and New Supply Chains (transportation,
manufacturing, logistics)
Deliverables:
Deliverables:
Track Leaders:
Robert Larson, Genentech;
Chris Patterson, GE
Track Members:
Elvira Loredo, RAND
Glen Meskimen, Applied
Materials
David Middleton, Rolls Royce
Robert Munyon, Genentech
John O'Connor, Cisco
Dave Pollard, FedEx
Marc Robbins, Ph.D., RAND
Lance Solomon, Cisco
Dean Wang, FoxConn
Supply Chain Risk Leadership Council
21
Track: Risk Assessment and Monitoring
Objective: Best practices for performing a risk
assessment and impact analysis in the supply
chain Resiliency Metrics – metrics for recovery
time objectives in the supply chain. Supplier
Resiliency, Product Resiliency, Node Resiliency
(Internal and external suppliers)
Track Leader:
John Brown, Coca Cola
Deliverables:
Deliverables:
1. Finalize/publish the following:
-
Catalog of key risks
-
Supply chain risk
management process
-
Common and concise
risk management
terminology
Track Members:
Ravi Anupindi, U of M
Tim Astley, Zurich
Elizabeth Carroll, John Deere
David Middleton, Rolls Royce
Nancy Moore, RAND
Dave Morrow, SCC
Robert Munyon, Genentech
Christopher Patterson, GE
Brian Squire, Zurich
Jacqueline Thatcher, Merck
Nick Wildgoose, Zurich
Taylor Wilkerson, LMI
Orlando Zapata, Applied Materials
Mahmood Zarei, Sony
2. Provide a table or list of
alternative risk analysis
methods to add more
depth to the toolkit for
supply chain risk
practitioners.
Supply Chain Risk Leadership Council
22
Track: Incident Detection & Crisis Mgt
Deliverables:
Objective: Develop Best
Practices for Supply Chain Incident
Detection and Crisis Management
Track Leader:
Bob Weronik, GE
Track Members:
Randy DiGirolamo, FedEx
Christopher Patterson, GE
Bob Smola, John Deere
Mark Wang, Sc.D., RAND
Steve Kay, GE
Deliver an “Introduction to Crisis
Management” guidance document
- Draft complete and reviewed
- Final reviews due 2/9 (need
format/template)
- Delivered to Council 2/11
Deliver a sample Crisis Management Plan
- Table of Contents
- Include 8 common elements of Sloan
crosswalk
-1st draft to Track by April meeting
Deliver a sample “Notice of Resiliency
Statement”
- Similar to a holding statement
- Need member companies to supply
track with samples
Supply Chain Risk Leadership Council
23
Master Track Roster
Track/WG Name
Lead(s)
Members
Regulatory
Engagement and
Landscape
Chris Patterson, GE
Nick Wildgoose, Zurich;
Patrick St. Laurent, EI;
Erin Thomoson, EI
Sheryl Byrd, GE; Ken Kongismark, Boeing ; Robert Munyon, Genentech;
Christopher Patterson, GE
Standards & Best
Practices
Development
Glen Meskimen,
Applied Materials
Grover Thurman, Foxconn; Jackie Thatcher, Merck; John Brown, Coca-Cola; Ken
Konigsmark, Boeing; Lance Solomon, Cisco; Linda Conrad, Zurich; Nick Wildgoose,
Zurich; Patrick Nowatzky, Rolls Royce; Bob Weronik, GE; Bob Smola, John Deere;
Taylor Wilkinson, LMI; Marc Siegel, ASIS Internat’l
Supply Chain
Security
Ken Kongismark,
Boeing; Kirsten A
Provence, Boeing
Jeffrey Beck, Genzyme; Terence Brunson, LMI; Mary Chenoweth, RAND; Andrew
Cox, DHS; Scott Dedic, Sony; Jim Rice, MIT; Bob Weronik, GE
Supply Chain
Resiliency
Robert Larson,
Genentech; Chris
Patterson, GE
Elvira Loredo, RAND; Glen Meskimen, Applied Materials; David Middleton, Rolls
Royce; Robert Munyon, Genentech; John O'Connor, Cisco; Dave Pollard, FedEx;
Marc Robbins, Ph.D., RAND; Lance Solomon, Cisco; Dean Wang, FoxConn; Stephen
Fecho, Merck; Marc Siegel, ASIS Internat’l
Incident Detection
& Crisis Mgt
Bob Weronik, GE
Randy DiGirolamo, FedEx; Christopher Patterson, GE; Bob Smola, John Deere; Mark
Wang, Sc.D., RAND
Risk Assessment &
Monitoring
John Brown, Coca
Cola
Ravi Anupindi, U of M; Tim Astley, Zurich; Elizabeth Carroll, John Deere; David
Middleton, Rolls Royce; Nancy Moore, RAND
Dave Morrow, SCC; Robert Munyon, Genentech; Christopher Patterson, GE; Brian
Squire, Zurich; Jacqueline Thatcher, Merck
Nick Wildgoose, Zurich; Taylor Wilkerson, LMI
Orlando Zapata, Applied Materials; Mahmood Zarei, Sony
Preparedness,
BCP, and
Recovery Planning
Karen Juhl, Boeing;
Craig Babcock, P&G
Jennifer Williams, Foxconn; John Brown, Coca Cola; Karen Juhl, Boeing; Ken
Kongismark, Boeing; Robert Larson, Genentech; Christopher Patterson, GE; Erin
Thomoson, EI
Governance
Lance Solomon, Cisco;
Dave Pollard, FexEx
John Brown, Coca Cola; Karen Juhl, Boeing; Ken Kongismark, Boeing; Robert
Larson, Genentech; Christopher Patterson, GE; Erin Thomoson, EI
Supply Chain Risk Leadership Council
24