Transcript Before You Begin: Assign Information Classification

Meeting Agenda
&
Council Structure
Overview
Applied Materials, host
Austin, TX
May 17-19, 2010
Supply Chain Risk Leadership Council
1
Meeting Agenda
Day 2 - Tuesday (May 18)
Day 3 - Wednesday (May 19)
Time
Topic
8:00 AM
Welcome/Intros
Glen Meskimen 8:00 AM
8:10 AM
Agenda Review
Keynote:
Who Is Applied Materials
Lance Solomon 8:45 AM
8:15 AM
8:45 AM
Member Spotlight:
John Deere
9:30 AM
Break
9:45 AM
Update on ISO 31000 Survey
10:00 AM
12:00 PM
1:00 PM
2:30 PM
2:45 PM
4:30 PM
5:00 PM
6:45 PM
Discussion: SCRLC Structure
Overview and SCRLC
Objective/Deliverable Reset
Lunch
Working Session:
Track Break-out
Break
Track Readout
Optional: Gown Up
Optional: Tour of Mfg Facility
Hosted Dinner in Downtown
Austin
Speaker
Time
Topic
Speaker
Member Spotlight:
Managing Supplier Health
Break
Member Spotlight:
Rolls Royce Best Practices
Glen
Meskimen
Linda Guzzi
9:00 AM
Elizabeth
Carroll, Bob
Smola
9:45 AM
Break
10:00 AM
SCOR Model Update
Glen Meskimen 10:30 AM
Discussion: Future Meeting Structure
and Managing/Sharing Track Output
Lance Solomon 11:30 AM
Next Steps/Roundtable/Hotwash
12:30 PM
Lunch & Adjourn
1:30 PM
Governance Track Meeting
3:30 PM
Adjourn
Patrick
Nowatzky
Taylor
Wilkinson
Lance
Solomon
Lance
Solomon
Lance
Solomon
Track Leads
Supply Chain Risk Leadership Council
2
Meeting Agenda
&
Council Structure
Overview
Applied Materials, host
Austin, TX
May 17-19, 2010
Supply Chain Risk Leadership Council
3
SCRLC Vision/Mission

Definition:
Supply Chain Risk Management (SCRM)
The practice of managing the risk of any factor or event that can materially
disrupt a supply chain whether within a single company or spread across
multiple companies. The ultimate purpose of supply chain risk management
is to enable cost avoidance, customer service, and market position.

Our Vision:
Lead world class manufacturing & services supply chain firms to share and
influence supply chain risk management best practices.

Our Mission:
-Create a framework to identify and share best-practices to deliver world
class performance in supply chain risk management
-Raise awareness and advocate supply chain risk management framework
externally
-Create an engagement model to proactively influence standards and
regulations across industries and their related organizations/councils
Supply Chain Risk Leadership Council
4
Proposed Track Structure
Governance
Best Practices and Standards WG
Preparedness,
Business
Continuity,
and Recovery
Planning
Regulatory
Compliance
(Regulatory
Engagement
and
Landscape
WG)
Supply
Chain
Security
Supply
Chain
Resiliency
Supply Chain Risk Leadership Council
Risk
Assessment
and
Monitoring
Supply Chain
Incident
Detection
and Crisis
Management
5
ISO 31000
Supply Chain Risk Leadership Council
6
Alignment of Tracks to ISO 31000
Standards & BP
Security/Regulatory
Risk Assessment
BCP
Crisis Management
Resiliency
Supply Chain Risk Leadership Council
7
2010-2011 SCRLC Work Calendar
May 2010
Review and
finalize council
structure
Align on council
and track
objective,
deliverables,
leads/members
Oct 2010
Review and
finalize
deliverable
content
Jan 2011
May 2011
Deep dive on
track best
practices
Review and
finalize maturity
model selfassessments
Finalize
documentation
process
Define best
practices
communication
plan (internal
and external)
Supply Chain Risk Leadership Council
Maturity model
selfassessment
results drive
2011 SCRLC
meeting
agendas
8
Track Sessions: Direction
 Validate and update high-level track
objective(s), lead, and members
• Define value proposition, vision, mission
• Include what has been done and what is planned
 Validate and update track deliverables:
•Collect completed best practices
•Determine process to link back to ISO 31000
•Prepare for:
oBest Practices WG’s recommendation to integrate
track deliverables
oJanuary 2011 SCRLC Meeting: Sharing track best
practices
Supply Chain Risk Leadership Council
9
Track Sessions: Attendees
STANDARDS - RM
 Leader: Glen Meskimen, AMAT
SECURITY /
REGULATOYR– RM
Matagorda Island L1C10
 Leader:
Ken Kongismark, Boeing
Lance Solomon, Cisco
Patrick Nowatzky, Rolls Royce
Bob Ricketts, Teradata
Jeff Beck, Genzyme (phone)
Robert Munyon, Genentech
Robert Larson, DHL
RESILIENCY – RM
Lake Livingston L2B5
 Leader:
Chris Patterson, GE
BCP – RM
Lake Casa Blanca L2B5
 Leader (interim):
Jennifer Williams, Foxconn
RISK ASSESSMENT – RM
Southside Café B131
Leader:
John Brown, Coca Cola
Dave Pollard, FedEx
Stephen Fecho, Merck
Grover Thurman, Foxconn
Beverly Williamson, J&J
Raelene Wong, AMAT
Allison Fujii, Boeing
Jane Khoury, Cisco (phone)
Elizabeth Carroll, John Deere
Taylor Wilkerson, LMI
Mudit Bajaj, Jabil Circuit
Nancy Moore, RAND
Supply Chain Risk Leadership Council
CM – RM
Devils Hollow L1D5
• Leader: Randy
DiGirolamo, FedEx
Sandy Chen, Cisco
Joe Pelayo, AMAT
April Decker, AMAT
10
Appendices
Supply Chain Risk Leadership Council
11
Current Track Objectives
BCP Objective: Assess your internal recovery
capabilities and assess your suppliers’ recovery
capabilities - Internal: Business Processes within
your company - External: Sourcing and Logistics
Resiliency Objective: Implementing, developing
and driving projects that improve resiliency Including; Existing and New Products, Existing
and New Supply Chains (transportation,
manufacturing, logistics)
Governance Objective: To provide recruiting,
meeting coordination, and administrative support
to the council
Standards & Best Practices Objective:
• Provide non-regulatory framework for collecting,
developing, and implementing best practices for
risk and resilience management
• Drive and influence standards to improve risk
and resilience management
• Provide guideline of best practices document
• Influence assessment standards
Risk Assessment Objective: Best practices for
performing a risk assessment and impact
analysis in the supply chain Resiliency Metrics –
metrics for recovery time objectives in the supply
chain. Supplier Resiliency, Product Resiliency,
Node Resiliency (Internal and external suppliers)
Incident Detection & CM Objective: Develop
Best Practices for Supply Chain Incident Detection
and Crisis Management
Regulatory Objective: Get information out there
to shape policy and inform policy makers and
partner with an organization that can lobby policy
makers. 2: Provide input to the ISO standard
development team. Best Practice Sharing with the
council.
Security Objective: Risk minimization – best
practices for prevention, avoidance, deterrence
security threats in the supply chain Intermodal
Supply Chain Security – expanding on the
ISO28000.
Supply Chain Risk Leadership Council
12
Track: SCRLC Governance
 Objective:

Deliverables:
To provide recruiting,
meeting coordination, and
administrative support to
the council
 Track Leaders:
Lance Solomon, Cisco
Dave Pollard, FexEx
Track Members:
John Brown, Coca Cola
Karen Juhl, Boeing
Ken Kongismark, Boeing
Robert Larson, Genentech
Christopher Patterson, GE
Erin Thomoson, EI
Supply Chain Risk Leadership Council
13
WG: SCRM Best Practices & Standards
Development
Objective:
• Provide non-regulatory
framework for collecting,
developing, and implementing
best practices for supply chain
risk and resiliency management.
• Create an engagement model
to proactively influence
standards and regulations across
industries and their related
organizations/councils.
• Work Group Lead: Glen
Meskimen, App Materials
• Patrick Nowatzky, RR
•Casper Hunsche, SCC
•Lance Solomon, Cisco
Deliverables:
• Internal:
• Evaluate ISO31000 and gather member feedback
on the applicability of this standard to our
objectives and approach for addressing risk in our
supply chains – Complete as of Feb 2010
• Determine how to apply ISO 31000 to supply chain
risk and resilience management
• Develop process for defining cohesive track
deliverables and for reviewing/finalizing track
deliverables
• Deliver a supply chain risk and resiliency maturity
model framework
• Document SCRM guidelines of best practices of
council member companies in a standard
framework
External:
• A strategy to influence standards and how to
engage with external orgs.
• Determine what and how to publish externally
Supply Chain Risk Leadership Council
14
Track Readout Template: Profile
Track Vision,
Mission, Value
Proposition:
Track
Objective(s):
To provide a maturity model which enables
benchmarking against collective input of best
practices from participating member companies.
•Provide non-regulatory framework for collecting,
developing, and implementing best practices for
supply chain risk and resiliency management.
•Create an engagement model to proactively
influence standards and regulations across industries
and their related organizations/councils.
Track Lead:
Glen Meskimen
Track
Members:
Patrick Nowatzky, Rolls-Royce
Casper Hunsche, SCC
Lance Solomon, Cisco
Supply Chain Risk Leadership Council
15
Track Readout Template: Deliverables
List Track Deliverables:
Date Of Posting To
SCRLC Website
•
Evaluate ISO31000 and gather member
feedback on the applicability of this
standard to our objectives and approach
for addressing risk in our supply chains –
Complete as of Feb 2010
•
Determine how to apply ISO 31000
to supply chain risk and resilience
management
•
Develop process for defining cohesive
track deliverables and for
reviewing/finalizing track deliverables
•
Deliver a supply chain risk and resiliency
maturity model framework
•
Document SCRM guidelines of best
practices of council member companies
in a standard framework
•
A strategy to influence standards and
how to engage with external orgs.
•
Determine what and how to publish
externally
Supply Chain Risk Leadership Council
How To Link To ISO 31000?
16
Track Readout Template: Actions
List Track actions:
Owner
•
Work Group to align on framework of maturity model to be
used
Workgroup
•
Map tracks to specific sections and/or elements of ISO31000
(Figure 3 Diagram)
Tracks
•
Determine track dependencies within ISO31000
Tracks
•
Dependent on outcome of item #1 -> #3
Workgroup
o
Align section or element feedback from tracks
Supply Chain Risk Leadership Council
17
Track Readout Template: Profile
Definition of BC:
Business Continuity is a holistic management process that
identifies potential impacts or risks and provides a framework
for building resilience with the capability for an effective
response in order to continue business operations at an
acceptable predefined level.
Track
Objective(s):
Create a best practices portal:
1) Program initiation & management
2) Risk evaluation & BIA
3) Plan development & execution
4) Training, testing & auditing
5) Communications with internal & external stakeholders
6) Lessons learned
Track Lead:
Karen Juhl, Boeing
Track Members:
Jennifer Williams, Foxconn (interim Lead)
Beverly Williamson, J&J
Raelene Wong, AMAT
Allison Fujii, Boeing
Jane Khoury, Cisco (phone)
Supply Chain Risk Leadership Council
18
Track Readout Template: Deliverables
List Track Deliverables:
Date Of Posting To
SCRLC Website
How To Link To ISO 31000?
Definition of business continuity
May 2010
Risk Management Framework
(Clause 4)
Identify the critical elements of a business
continuity/disaster recovery plan
May 2010
Compile best practices for business
continuity/disaster recovery plan
Define performance measurement criteria for
a BCP
Determine standard lifecycle of a corporate
business continuity program
Define how the BCP elements map to the
lifecycle
Review and clean up 2010 deliverables
Supply Chain Risk Leadership Council
19
ISO 31000
Supply Chain Risk Leadership Council
20
Current Track Objectives
BCP Objective: Assess your internal recovery
capabilities and assess your suppliers’ recovery
capabilities - Internal: Business Processes within
your company - External: Sourcing and Logistics
Resiliency Objective: Implementing, developing
and driving projects that improve resiliency Including; Existing and New Products, Existing
and New Supply Chains (transportation,
manufacturing, logistics)
Governance Objective: To provide recruiting,
meeting coordination, and administrative support
to the council
Standards & Best Practices Objective:
• Provide non-regulatory framework for collecting,
developing, and implementing best practices for
risk and resilience management
• Drive and influence standards to improve risk
and resilience management
• Provide guideline of best practices document
• Influence assessment standards
Risk Assessment Objective: Best practices for
performing a risk assessment and impact
analysis in the supply chain Resiliency Metrics –
metrics for recovery time objectives in the supply
chain. Supplier Resiliency, Product Resiliency,
Node Resiliency (Internal and external suppliers)
Incident Detection & CM Objective: Develop
Best Practices for Supply Chain Incident Detection
and Crisis Management
Regulatory Objective: Get information out there
to shape policy and inform policy makers and
partner with an organization that can lobby policy
makers. 2: Provide input to the ISO standard
development team. Best Practice Sharing with the
council.
Security Objective: Risk minimization – best
practices for prevention, avoidance, deterrence
security threats in the supply chain Intermodal
Supply Chain Security – expanding on the
ISO28000.
Supply Chain Risk Leadership Council
21
Track: Preparedness, BCP, and
Recovery Planning  2010 Deliverables:
Objective: Assess your internal recovery
capabilities and assess your suppliers’
recovery capabilities - Internal: Business
Processes within your company - External:
Sourcing and Logistics
 Track Leader:
Karen Juhl, Boeing
Craig Babcock, P&G
Track Members:
Tim Astley, Zurich
Amy Cox, Rand
Jane Khoury, Cisco
Eddy Liu, TSMC
Brian Peng, FoxConn
Jennifer Trost, MNP
Dave Pollard, FedEx
Bev Williamson, J&J
Lance Solomon, Cisco
Grover Thurman, FoxConn
Jennifer Williams, FoxConn
1. Definition of business continuity (staying in
business) and BC planning – Completed
1/26/2010
2. Identify the critical elements of a business
continuity/disaster recovery plan – Completed
2/17/2010
3. Develop/map best practices for each of
the critical elements defined – May SCRLC
meeting
4. Define performance measurement criteria for
a BCP – meeting June & July
5. Determine standard lifecycle of a corporate
business continuity program – meeting August
& September
6. Define how the BCP elements map to the
lifecycle – meeting October
7. Review and clean up 2010 deliverables –
meeting November
Supply Chain Risk Leadership Council
22
Security/Regulatory Track
Proposal
Vision/Mission/Deliverables/Value
Proposition/Objectives
Lead/Members
Supply Chain Risk Leadership Council
23
Scope
Out of Scope
In Scope
-
Describe relevant supply chain security
programs, supply chain requirements, and
track proposed changes
-
Describe best approaches for monitoring
regulatory initiatives that create potential
supply chain risk
-
Define supply chain security best practices
-
Define use of open source intelligence
reports to identify supply chain risks
-
Contingency planning/continued operations
in post-incident scenarios
-
Describe latest technological solutions to
mitigate supply chain security risks
-
Monitor international regulations and
policies impacting supply chain security
-
Import/export compliance
regulations or policies (inco-terms)
-
Security/reliability risks to supply
chains from non-human sources
Supply Chain Risk Leadership Council
24
Value Proposition

Minimize risks from:
• Complexity of issues related to security/regulatory requirements
• regulatory compliance with existing regulations
• Unknown impacts of new regulations
• Losses/impacts related to security gaps (theft, contraband, product tampering)
• Proactively mitigate risks from counterfeit products

Bottom Line: Stakeholder confidence in your company, products, and
supply chain
Supply Chain Risk Leadership Council
25
Vision
 Not applicable: Part of the greater SCRLC Vision
that the Tracks support
Supply Chain Risk Leadership Council
26
Mission
 Provide SC security best practices and
implementation guidelines to minimize, mitigate, and
resolve SC security risks
 Provide best practices/guidelines/ framework for
monitoring and prioritizing potential SC risks related
to proposed regulatory changes
 Provide best practices and framework for
influencing/shaping future regulations/policies
Supply Chain Risk Leadership Council
27
Deliverables

Key applicable regulatory/compliance requirements that affect supply
chain security and supply chain risks

A framework describing “how to” analyze global regulatory risks related
to various business models/industrial sectors by geographical region
(and potentially how to shape/influence such regulations)

Best practices describing “how to” implement an effective supply chain
security program to minimize risk
Supply Chain Risk Leadership Council
28
Objectives
 Captured already
Supply Chain Risk Leadership Council
29
Open Questions?

Who comprises the BP & Standards Working Group and the Governance
track?
-
Future SCRLC acting in an advisory capacity to shape policy/regs?
Supply Chain Risk Leadership Council
30
Track: Supply Chain Resiliency
Objective: Implementing, developing and
driving projects that improve resiliency Including; Existing and New Products, Existing
and New Supply Chains (transportation,
manufacturing, logistics)


Deliverables:
Deliverables:
 Track Leaders:
Robert Larson, Genentech;
Chris Patterson, GE
Track Members:
Elvira Loredo, RAND
Glen Meskimen, Applied
Materials
David Middleton, Rolls Royce
Robert Munyon, Genentech
John O'Connor, Cisco
Dave Pollard, FedEx
Marc Robbins, Ph.D., RAND
Lance Solomon, Cisco
Dean Wang, FoxConn
Supply Chain Risk Leadership Council
31
Supply Chain Resiliency Track
Proposal
Vision/Mission/Deliverables/Value
Proposition/Objectives
Lead/Members
Supply Chain Risk Leadership Council
32
Scope
In Scope:

Out of Scope:
Product, Supplier and Physical
Network Resiliency

Planning and Implementation for:

Existing and New Products,
Existing and New Direct Material
and Services Suppliers, Existing
and New Suppliers, Existing and
New Networks/Network Design

Product Quality Process

Demand Planning Process
Supply Chain Risk Leadership Council
33
Value Proposition

Define filtering mechanisms to initiate supply chain risk
assessments

Management visibility/capability to prioritize risks and needed
mitigations

A framework for assessing points of supply chain risk
throughout the life cycle of your products and/or the supply
chain
Supply Chain Risk Leadership Council
34
Vision
 Captured in larger SCRLC Vision
Supply Chain Risk Leadership Council
35
Mission
 Provide a best practices implementation guide
for SC resiliency which includes measures and
treatment plans for total life cycle supply chain
management
Supply Chain Risk Leadership Council
36
Objectives
I. Planning
Setting Objectives, Targets and Establishing Resiliency Metrics

Decision process for mitigation vs. acceptance of risk, Trigger points for affordability vs. risk
mitigation, Identify the design elements and decisions which impact resiliency. Identify the
consequences of making optimal risk choices and acceptable mitigations for known risks.
a. Product Resiliency: Component/Raw Material Mitigation – methods for prioritizing which products and
components to mitigate. Component / Supplier Risk Attribute and Risk Rating Process:
b. Physical Network: Node and network assessment, Identifying single points of failure.

- Internal Processes and Systems (Manufacturing Locations, Planning systems, B2B)

- External (CM, ODM/OEM, Supplier, Transportation, 3PL, Freight Forwarders, Customs Brokers)
II. Implementation

Implementing, developing and driving projects that improve resiliency. Mitigation Techniques and
Decision Processes, Techniques for Risk Management; Mitigation, Transfer Development of Product,
Supplier and Network Recovery Playbooks
a. Product Mitigation

- Existing Products

- New Products
b. Physical Network Mitigation

- Existing Network: Network Optimization, Process for integrating resiliency into supply chain design,
Process for integrating resiliency into capacity planning

- Network Design
c. Supplier Mitigation
Supply Chain Risk Leadership Council
37
Deliverables

Define Best Practices for Supply Chain Resiliency

Standard Questions for Resiliency as part of the BCP Process.

Recommended Tools and Processes for conducting data collection
and assessment of the supply chain nodes

Proposed implementation processes and procedures

Guidelines for defining metrics and criteria to determine
effectiveness of a supply chain resilience program based on each
company’s business model
Supply Chain Risk Leadership Council
38
Open Questions?

Who comprises the BP & Standards Working Group and the Governance
track?
-
Future SCRLC lobbying to shape policy/regs?
Supply Chain Risk Leadership Council
39
Track: Risk Assessment and Monitoring
Objective: Best practices for performing a risk
assessment and impact analysis in the supply
chain Resiliency Metrics – metrics for recovery
time objectives in the supply chain. Supplier
Resiliency, Product Resiliency, Node Resiliency
(Internal and external suppliers)
 Track Leader:
John Brown, Coca Cola


Deliverables:
Deliverables:
1. Finalize/publish the following:
-
Catalog of key risks
-
Supply chain risk
management process
-
Common and concise
risk management
terminology
Track Members:
Ravi Anupindi, U of M
Tim Astley, Zurich
Elizabeth Carroll, John Deere
David Middleton, Rolls Royce
Nancy Moore, RAND
Dave Morrow, SCC
Robert Munyon, Genentech
Christopher Patterson, GE
Brian Squire, Zurich
Jacqueline Thatcher, Merck
Nick Wildgoose, Zurich
Taylor Wilkerson, LMI
Orlando Zapata, Applied Materials
Mahmood Zarei, Sony
2. Provide a table or list of
alternative risk analysis
methods to add more
depth to the toolkit for
supply chain risk
practitioners.
Supply Chain Risk Leadership Council
40
Risk Assessment
Track
Applied Materials, host
Austin, TX
May 17-19, 2010
Supply Chain Risk Leadership Council
41
Risk Assessment: Profile
Track Vision,
Mission, Value
Proposition
Identify Risk Assessment best practices to support effective
identification and monitoring of supply chain risks
Track
Objective(s):
Best practices for performing a risk assessment and impact
analysis in the supply chain Resiliency Metrics – metrics for
recovery time objectives in the supply chain. Supplier
Resiliency, Product Resiliency, Node Resiliency (Internal and
external suppliers)
Track Lead:
John Brown (Coke)
Track Members:
Taylor Wilkerson (LMI)
Nancy Moore (RAND)
Elizabeth Carroll (John Deere)
Mudit Bajaj (Jabil)
Supply Chain Risk Leadership Council
42
Risk Assessment: Deliverables
List Track Deliverables:
Date Of
Posting To
SCRLC
Website
How To Link To ISO
31000?
1. Finalize/publish the following:
Catalog of key risks, Supply chain
risk management process,
Common and concise risk
management terminology
18 May 2010
Covers Risk Assessment
elements of the ISO
31000 framework
2. Provide a table or list of
alternative risk analysis methods
to add more depth to the toolkit
for supply chain risk practitioners.
18 May 2010
Covers Risk Assessment
elements of the ISO
31000 framework
Supply Chain Risk Leadership Council
43
Existing Track Structure
Governance
Best Practices and Standards WG
Preparedness,
Business
Continuity,
and Recovery
Planning
Regulatory
Compliance
(Regulatory
Engagement
and
Landscape
WG)
Supply
Chain
Security
Supply
Chain
Resiliency
Supply Chain Risk Leadership Council
Risk
Assessment
and
Monitoring
Supply Chain
Incident
Detection
and Crisis
Management
44
Track Alignment
Governance
Best Practice
Identification
SCRLC Product
Development
SCRM
Implementation
Communication
and Sharing
Preparedness,
Business Continuity,
and Recovery Planning
Regulatory Compliance
Supply Chain Security
Supply Chain
Resiliency
Existing Tracks
Risk Assessment and
Monitoring
Supply Chain Incident
Detection and Crisis
Management
Supply Chain Risk Leadership Council
45
Proposed SCRLC Structure
Governance
•SCRLC Management
•Partnering with other
organizations
Best Practice
Identification
•Sub-teams
•Security
•Assessment
•Resiliency
•Continuity
•Monitoring
•Compliance
•Research
•Member
contributions
•Prioritization and
reconciliation
SCRLC Product
Development
•Framework
•Maturity Model
•Reports,
presentations,
and FAQs
SCRM
Implementation
•Organization
Structure
•Staffing and
training
•Information
requirements
•Integration with
business
processes
•Metrics and
management
•Internal
•External
Supply Chain Risk Leadership Council
Communication
and Sharing
•Outreach
•Influencing
•Conferences and
meetings
•Articles, etc.
•Web reference,
bibliography, etc.
•Web page and
newsletter
46
Next Steps
 Complete existing track work for next quarterly
meeting
• Existing track work focused on best practices
• Best practices form the foundation for Product,
Implementation, and Communication tracks
 At next meeting, realign council to new tracks
• Identify new track leaders
• Identify volunteers for each track
Supply Chain Risk Leadership Council
47
Crisis Management Track Profile
Track Vision
Provide World Class leadership and guidance on crisis management best
practices.
Value Proposition
To enable organizations and partners to protect life, assets,
operations/income, reputation, and the environment.
Definitions
A crisis is an unstable condition involving an impending abrupt or
significant change that requires urgent attention and action to protect life,
assets, property, operations/income, the environment and reputation.
Reputation includes relations with employees, customers, suppliers, or
other stakeholders and may include adverse news media coverage leading
to public and governmental scrutiny.
Crisis Management—coordinated activities to direct and control an
organization with regards to responding to a specific crisis.
Track Mission/
Objective(s)
To document, share, and socialize best practices around these areas:
• Crisis Lifecycle
• Supply Chain Event Monitoring & Incident Detection
• Building and Maintaining Crisis Response Teams
• Effective Crisis Communications (Internal and External)
• Information Storage
• Benchmarking Program
• Incident Modeling Tools
Track Lead
Bob Weronik
Track Members
Steve Kay, GE; Randy DiGirolamo, FedEx; Bob Smola, John Deere; Sandy
Chen, Cisco; Chris Patterson, GE; Mark Wang, RAND
Supply Chain Risk Leadership Council
48
CM Track Deliverables
List Track Deliverables:
Date Of Posting To
SCRLC Website
How To Link To
ISO 31000?
1. The Crisis Lifecycle
• Monitor/Warning (Internal and External)
• Risk Assessment
• Response
• Management of the Crisis
• Resolution
• Recovery
First draft complete; Final
draft – Oct 2010*
Risk Treatment
2. Building and Maintaining Crisis Response
Teams
• Crisis Team hierarchy based on Business Unit,
Region, Company, etc with clear criteria for handoffs
• Emergency Response Team
• Disaster Response Team
• Pre-Emptive Crisis Response
• Crisis Drills
• Continuous Improvement
• Crisis Response Playbooks
• Supplying PPE to Crisis Teams and/or employees
Oct 2010*
Risk Treatment
Deliver content for 31000 by documenting
industry best practices and examples for Crisis
Management, including:
* = per team availability
Supply Chain Risk Leadership Council
49
CM Track Deliverables (cont’d)
List Track Deliverables:
Date Of
Posting To
SCRLC Website
How To Link
To ISO
31000?
3. Supply Chain Event Monitoring
• Supply Chain Mapping
o To which level of the supply chain should be mapped?
o Knowledge of Rare Raw Materials
o Knowledge of unique industries in specific regions (UN data?)
o Ability to map internal sites/employees and knowledge of
which role they provide
• Intelligence Sources
o Union Partnerships: Labor Disruptions o News Agencies; via Email Alerts
o Internal Alerting Processes (Reporting of incidents for security
breaches, etc)
o Supplier/Customer Alerting Processes
o SCRLC – Real time knowledge share
• Response Time to Activation as a Metric
• Event Severity and Classification and Appropriate Response
Oct 2010*
Monitoring,
Risk
Treatment
4. Crisis Communications (Internal & External)
• Team Activation and Deactivation
• Tailoring Communications to the Crisis Lifecycle
• Ensuring Continuity of Communications During a Crisis
• Developing Holding (pre-written) communications for internal and
external communications
Oct 2010*
Risk
Treatment
* = per team availability
Supply Chain Risk Leadership Council
50
CM Track Deliverables (con’td)
List Track Deliverables:
Date Of Posting To
SCRLC Website
How To Link To
ISO 31000?
5. Information Storage
Dedicated locations for Crisis Information
TBD
Risk Treatment
6. Benchmarking Program
Internal and External benchmarking on crisis
management programs
TBD
Risk Treatment
7. Incident Modeling Tools
Supply Chain Risk Modeling
TBD
Risk Treatment
Supply Chain Risk Leadership Council
51
Master Track Roster
Track/WG Name
Lead(s)
Members
Regulatory
Engagement and
Landscape
Chris Patterson, GE
Nick Wildgoose, Zurich;
Patrick St. Laurent, EI;
Erin Thomoson, EI
Sheryl Byrd, GE; Ken Kongismark, Boeing ; Robert Munyon, Genentech;
Christopher Patterson, GE
Standards & Best
Practices
Development
Glen Meskimen,
Applied Materials
Grover Thurman, Foxconn; Jackie Thatcher, Merck; John Brown, Coca-Cola; Ken
Konigsmark, Boeing; Lance Solomon, Cisco; Linda Conrad, Zurich; Nick Wildgoose,
Zurich; Patrick Nowatzky, Rolls Royce; Bob Weronik, GE; Bob Smola, John Deere;
Taylor Wilkinson, LMI; Marc Siegel, ASIS Internat’l
Supply Chain
Security
Ken Kongismark,
Boeing; Kirsten A
Provence, Boeing
Jeffrey Beck, Genzyme; Terence Brunson, LMI; Mary Chenoweth, RAND; Andrew
Cox, DHS; Scott Dedic, Sony; Jim Rice, MIT; Bob Weronik, GE
Supply Chain
Resiliency
Robert Larson,
Genentech; Chris
Patterson, GE
Elvira Loredo, RAND; Glen Meskimen, Applied Materials; David Middleton, Rolls
Royce; Robert Munyon, Genentech; John O'Connor, Cisco; Dave Pollard, FedEx;
Marc Robbins, Ph.D., RAND; Lance Solomon, Cisco; Dean Wang, FoxConn; Stephen
Fecho, Merck; Marc Siegel, ASIS Internat’l
Incident Detection
& Crisis Mgt
Bob Weronik, GE
Randy DiGirolamo, FedEx; Christopher Patterson, GE; Bob Smola, John Deere; Mark
Wang, Sc.D., RAND
Risk Assessment &
Monitoring
John Brown, Coca
Cola
Ravi Anupindi, U of M; Tim Astley, Zurich; Elizabeth Carroll, John Deere; David
Middleton, Rolls Royce; Nancy Moore, RAND
Dave Morrow, SCC; Robert Munyon, Genentech; Christopher Patterson, GE; Brian
Squire, Zurich; Jacqueline Thatcher, Merck
Nick Wildgoose, Zurich; Taylor Wilkerson, LMI
Orlando Zapata, Applied Materials; Mahmood Zarei, Sony
Preparedness,
BCP, and
Recovery Planning
Karen Juhl, Boeing;
Craig Babcock, P&G
Jennifer Williams, Foxconn; John Brown, Coca Cola; Karen Juhl, Boeing; Ken
Kongismark, Boeing; Robert Larson, Genentech; Christopher Patterson, GE; Erin
Thomoson, EI
Governance
Lance Solomon, Cisco;
Dave Pollard, FexEx
John Brown, Coca Cola; Karen Juhl, Boeing; Ken Kongismark, Boeing; Robert
Larson, Genentech; Christopher Patterson, GE; Erin Thomoson, EI
Supply Chain Risk Leadership Council
52
Current Track Objectives/Deliverables
Track
Objective
Deliverables
Governance
To provide recruiting, meeting coordination, and administrative
support to the council
Best Practices
& Standards
WG
• Provide non-regulatory framework for collecting, developing, and
implementing best practices for risk and resilience management
• Drive and influence standards to improve risk and resilience
management
• Provide guideline of best practices document
• Influence assessment standards
• Evaluate ISO31000 and gather member feedback on the applicability of this standard to our – Complete as of Feb 2010
• Determine how to apply ISO 31000 to supply chain risk and resilience management (including risk assessment process)
• Develop process for defining cohesive track deliverables and for reviewing/finalizing track deliverables
• Develop/deliver a self-diagnostic maturity model
• Document SCRM guidelines of best practices of council member companies in a standard framework
• Determine how to influence standards and how to engage with external orgs (decide to participate with ANSI, write letters to ISO, etc)?
• Determine what and how to publish externally
Preparedness,
BCP, and
Recovery
Planning
Assess your internal recovery capabilities and assess your
suppliers’ recovery capabilities - Internal: Business Processes
within your company - External: Sourcing and Logistics
1. Definition of business continuity and BC planning – Completed 1/26/2010
2. Identify critical elements of a BC/DR plan – Completed 2/17/2010
3. Develop/map best practices for each critical element – May SCRLC mtg
4. Define performance measurement criteria for a BCP – mtg June & July
5. Determine standard lifecycle of a corporate BC program – mtg Sept
6. Define how the BCP elements map to the lifecycle – mtg Oct
7. Review and clean up 2010 deliverables – mtg Nov
Regulatory
Compliance
Get information out there to shape policy and inform policy makers
and partner with an organization that can lobby policy makers. 2:
Provide input to the ISO standard development team. Best
Practice Sharing with the council.
• Create a Framework for evaluating pending and existing regulations that affect our supply chains by region
• Develop the strategy for regulatory influence
• Develop engagement model with DHS and the Cross Sector Working Group.
Supply Chain
Resiliency
Implementing, developing and driving projects that improve
resiliency - Including; Existing and New Products, Existing and
New Supply Chains (transportation, manufacturing, logistics)
Supply Chain
Security
Risk minimization – best practices for prevention, avoidance,
deterrence security threats in the supply chain Intermodal Supply
Chain Security – expanding on the ISO28000.
To identify new security rules and their impact on supply chain risk and compliance programs
Risk
Assessment
and
Monitoring
Best practices for performing a risk assessment and impact
analysis in the supply chain Resiliency Metrics – metrics for
recovery time objectives in the supply chain. Supplier Resiliency,
Product Resiliency, Node Resiliency (Internal and external
suppliers)
1. Finalize/publish the following: Catalog of key risks, Supply chain risk management process, Common and concise risk management
terminology
2. Provide a table or list of alternative risk analysis methods to add more depth to the toolkit for supply chain risk practitioners.
Incident
Detection and
Crisis
Management
Develop Best Practices for Supply Chain Incident Detection and
Crisis Management
•Deliver an “Introduction to Crisis Management” guidance document: Draft complete/reviewed; Final reviews due 2/9 (need
format/template);Delivered to Council 2/11
•Deliver a sample Crisis Management Plan: Table of Contents; Include 8 common elements of Sloan crosswalk; 1 st draft to Track by April mtg
•Deliver a sample “Notice of Resiliency Statement”: Similar to a holding statement; Need member companies to supply track with samples
Supply Chain Risk Leadership Council
53
Track: Regulatory Compliance
Objective: Get information out there to
shape policy and inform policy makers
and partner with an organization that can
lobby policy makers. 2: Provide input to
the ISO standard development team. Best
Practice Sharing with the council. This
group will start in the US and Europe and
eventually will expand the scope globally.
 Track Leader:
Chris Patterson, GE
Nick Wildgoose, Zurich
Deliverables: (from
Regulatory WG notes)
• Create a Framework for evaluating
pending and existing regulations that
affect our supply chains by region
• Develop the strategy for regulatory
influence
• Develop engagement model with
DHS and the Cross Sector Working
Group.
Track Members:
Sheryl Byrd, GE
Ken Kongismark, Boeing
Robert Munyon, Genentech
Supply Chain Risk Leadership Council
54
Track: Supply Chain Security
Objective: Risk minimization – best
practices for prevention, avoidance,
deterrence security threats in the supply
chain Intermodal Supply Chain Security –
expanding on the ISO28000.
 Track Leaders:
Ken Kongismark, Boeing;
Kirsten A Provence, Boeing
•Track Members:
Jeffrey Beck, Genzyme
Terence Brunson, LMI
Mary Chenoweth, RAND
Andrew Cox, DHS
Scott Dedic, Sony
Jim Rice, MIT
Bob Weronik, GE

Deliverables:
To identify new security rules
and their impact on supply
chain risk and compliance
programs
Does this share common
objective with Regulatory
track?
Supply Chain Risk Leadership Council
55