c-tpat: what every security executive should know
TRANSCRIPT
6/16/2016
1
SPONSOR LOGO
C-TPAT: What Every Security
Executive Should Know
Barry BrandmanPresident
Danbee Investigations
Fair Lawn, NJ
C-TPAT: What Every Security Executive Should Know
In this session, you will learn:
How to Mitigate the Risk of a Supply Chain Security Breach
The Essential Components of a World Class Supply Chain Security Program
Effectively Dealing with Security Threats in High Risk Countries
What Changes with the C-TPAT Program You Can Expect to See in the Future
6/16/2016
2
Mitigating the Risk of a Supply Chain Security Breach that
Could Jeopardize Your C-TPAT Certification
Most Breaches Occur Before the Shipments Arrive to the U.S.
Which is Why Finding Out How Your Supply Chain is Really Being
Protected by Separating Fact from Fiction is Critical
Separating Fact from Fiction:
The First Step Towards Strengthening a Supply Chain Security Program
Most security programs look much better on paper than they actually work. The difference between cosmetic and
meaningful safeguards is not always obvious.
Those companies that have failed to expose these differences have been victimized 8-10 times more frequently than those
that proactively identify and remedy their deficiencies.
6/16/2016
3
Case History
Security Questionnaire Responses
from a Victimized Foreign Freight Forwarder
1. Their security seals were always “tightly controlled ” for exports
sent to the U.S.
2. Their 7 point container inspections were “thoroughly performed”
3. Their facility security had been independently inspected and
rated as “very satisfactory”
4. They maintained “strong security controls” of trucks transporting
U.S. exports from their facility to the air local terminal.
Reality vs. the Freight Forwarder’s Response:
Their security seals were “tightly controlled”
How It Actually Worked:
• Their seals were kept in an unlocked drawer in the shipping office so any dock worker had access to them
• Several times each week the seals were being affixed by anyone working on the dock, not just “designated personnel”
• On busy days, even drivers were handed security seals and allowed to affix them to their trucks and containers.
6/16/2016
4
Reality vs. the Freight Forwarder’s Response:
“Their 7 point container/trailer inspections were being thoroughly performed”
How It Actually Worked:
• No meaningful training was provided to the personnel responsible for conducting the inspections
• Poor lighting inside the terminal made it nearly impossible to see anything concealed inside or to the undercarriage of a container/trailer
• No one knew what constituted “suspicious” measurements from the laser range finder
Reality vs. the Freight Forwarder’s Response:
“Their facility scored high on an independently conducted security audit”
How It Actually Worked:
• The contracted company that performed their security audit simply
used a generic checklist that overlooked several critical areas
• Upon completion of the audit, the forwarder received a bogus “official
C-TPAT certificate” (and a healthy invoice for professional C-TPAT
certification services)
6/16/2016
5
Reality vs. the Freight Forwarder’s Response:
“They maintained strong security controls of trucks transporting
exports to the air terminal”
How It Actually Worked:
• Although truck cargo doors were padlocked, drivers were provided
with a key
• The GPS devices only provided updates every 60 minutes and were
not embedded in the trucks, thereby allowing drivers to easily
circumvent them two different ways
The Essential Components of a
World Class Supply Chain Security Program
1. Establish a Culture of Security Excellence
2. Design Your Program with Multiple Checks and Balances
3. Strategically Utilize the Right Technology
4. Relentlessly Audit Your Safeguards to Expose Weaknesses
6/16/2016
6
Establishing a Culture of Security Excellence
• “Good enough should never be good enough”
If you are C-TPAT certified, don’t simply meet C-TPAT “minimum
standards”. Exceed them wherever possible.
Adopt a Proactive Mindset
If you’re not finding weaknesses in your supply chain security
program each year, you’re probably not looking hard enough
Designing Checks and Balances
Throughout Your Supply Chain
Anticipate that your first line of defense will fail!
There have been over 3400 companies suspended and/or expelled
from the C-TPAT program for serious violations found during a
validation or as a result of a significant security breach!
This number will continue to rise.
6/16/2016
7
Strategically Utilizing Security Technology
One example:
Concealed GPS in cargo or vehicles
traveling through high risk areas
Strategically Utilizing Security Technology
Protecting loose cargo with tamper evident, pre-numbered security tape, bands and pallet seals
6/16/2016
8
Strategically Utilizing Security Technology
Remote Video Monitoring Audits for Tighter Control
Over Security Sensitive Areas and Activities
Relentlessly Audit Every Component
of Your SC Security Program to Expose Weaknesses
Vulnerabilities Exposed During Foreign Security Audits:
• Foreign Manufacturers failing to seal containers because they might
be opened for foreign Customs inspections
• Leaving staged export shipments exposed overnight under the
control of a security guard
• Significant 7 Point Inspections failures
• GPS systems improperly programmed
6/16/2016
9
Effectively Auditing Your Supply Chain
is Essential to Mitigating the Risk of a Breach
Going beyond surface level questions will result in a more accurate
representation of a company’s strengths and weaknesses.
Fact: A significant percentage of those conducting these audits have little or no
security expertise.
Fact: 78% of the security breach forensic investigations we have conducted
revealed that the victimized company’s self-assessments were little more than
the “pencil-whipping” of generic checklists
Case History:
“All security systems in excellent working condition” turned out to be solely
based on a statement from the GM. An example of what we found after a major
security breach at one overseas facility.
6/16/2016
10
Effectively Dealing with Security Threats in High Risk Countries
Primary Risks:
• Collusion between shipping personnel and truck drivers
• Collusion between security staff and drivers
• Driver collusion with organized crime, agreeing to transport contraband
outside or inside their vehicles. “You could either take the silver or the lead. It’s
your choice, but you will take one!”
• Corrupt or bogus police/military planting contraband inside a shipment during
an inspection stop without the driver’s knowledge
Successful 10-Point Process for Protecting the Integrity of Truck Shipments from Mexico to the United States
1.
• The finished goods department is physically segregated and protected by its own robust intrusion detection system.
2.
• Video cameras perpetually monitor and archive all activity in the finished goods department where exports are staged and loaded.
3.
• Prior to U.S. bound exports being placed onto a truck, the 7-point inspection is performed by logistics andsecurity personnel who, by working side by side, monitor each other’s work and verify measurements taken with a laser range finder.
6/16/2016
11
4.
• After the truck is completely loaded, the 17-point inspection process is performed by both a driver and a security officer, who monitor each other’s work. Each knows to report any negligence or violation to their respective superiors.
5.
• The security seal is affixed by a security officer with the driver
always present and witnessing this.
6.
• Both the 7-point and 17-point inspections are captured by the video system and viewed by a security supervisor for every truck dispatched to the U.S.
7.
• Departing trucks from the complex are periodically subject to unannounced audits after leaving the facility by a site security manager or supervisor.
8.
• Every truck has embedded GPS that provides continuous tracking throughout the journey to the U.S. Automatic exception alerts and mobile geofencing are programmed in the system (and regularly tested).
9.
• A security officer is required to live monitor each truck in transit to the U.S. Should any anomaly take place, the guard is required to contact the site security manager immediately.
6/16/2016
12
10.
• The Role of the Security Manager:
• The security manager is required to regularly review archived GPS reports as well as archived video of the 7-point and 17-point inspection processes.
• The security manager is required to review archived video of the security officers responsible for live U.S. bound truck monitoring via the GPS system.
• The security manager is also required to generate a monthly summary report of the results of all these video audits that is reviewed by a superior.
What Changes Can You Expect in the Future?
• The minimum security criteria will be upgraded. Could be the most significant
change since the program’s inception.
• Validations will not be as easy to pass as they have been in the past
• More suspensions and expulsions from the program will take place
• Additional benefits will be offered to Tier III members, such as SAFETY Act
certification (the 2002 Support Anti-Terrorism by Fostering Effective Technologies
Act)
6/16/2016
13
C-TPAT: What Every Security Executive Should Know
To recap on today’s takeaways... The Essential Components of a World Class Supply Chain Security Program:
1. Establish a Culture of Security Excellence
2. Design Your Program with Multiple Checks and Balances
3. Strategically Utilize the Right Technology
4. Relentlessly Audit Your Safeguards to Expose Weaknesses
Questions?
C-TPAT: What Every Security Executive Should Know
Barry Brandman
President
Danbee Investigations
201-652-5500
6/16/2016
14