Public Information

Physical Security Management System

Security maturity model

Public Information2 1/18/2016

ON Semiconductor www.onsemi.com

A leading supplier of semiconductor based solutions driving energy efficient innovations.

• 2014 Revenue - $3.162 billion

• 3Q15 Revenue - $904.2 million

• 23000 employees

• 17 Manufacturing sites

• 32 Design centers

• Market segments

31% Automotive, 18% Communications, 13% Computing, 15% Consumer, 23% Industrial/Military/ Aerospace/Medical

Public Information3 1/18/2016

Great Baltimore Fire - 1904

1545

35000

1

600

30

1231

70

Public Information4 1/18/2016

Great Baltimore Fire – 1904 (cont.)

• Baltimore adopted a city building code

• The National Fire Protection Association

adopted a national standard for fire

hydrants and hose connections

• However, conversion was slow and still

remains incomplete (only 18 of the 48 most

populous American cities reported

compliance, 2004)

Public Information5 1/18/2016

Security Management System for the Supply Chain (ISO 28000).

Equivalent to 14001, 9001, 18001, 27000.

Ensures that we follow the same basic guidelines of Plan, Do, Check, Act as the other management systems.

Very familiar look and feel for

the executives.

Why to standardize Physical Security?

Public Information6 1/18/2016

Goal oriented

• Documented

• Repeatable

• Consistent

• Auditable

• Continual improvement

Public Information7 1/18/2016

Layered

Corporate System Manual

Corporate procedures

Site/Region level specifications

Records

Public Information8 1/18/2016

• Access Control (badging specs. included)

• Asset Control

• Precious metals & Scrap Security

• Training and Awareness

• Investigations

• Physical Security emergency planning

• Performance monitoring (KPIs)

• Travel Security

• Physical Security Risk Assessment

• Remote Sites Security

Corporate-wide

Public Information9 1/18/2016

Corporate-wide (cont.)

Level 1 DocumentCorporate System Manual

Level 4 DocRecords

Level 3 DocSite/Regional Specifications

Level 2 DocCorporateProcedures

Security Management System Manual

Risk Assessment and Performance Monitoring Procedure

Regional Security Assessment Specification

Security Risk Analysis

Training and Awareness Procedure

Site Training Specification

Training Record

Travel SecurityEmergency Plan

Procedure

Site Security Emergency Plan

Incident Lessons Learned Report

Incident Reporting Procedure

Site Incident Reporting

Specification

Global Incident Reports

SPOC

Access Control Procedure

Site Access Control Specification

Badging Specification

Asset Control Procedure

Site Property Control Specification

Scrap Security Spec

Security System Procedure

Site Security System Specification

Maintenance Plan

Public Information10 1/18/2016

Physical Security Maturity Model

InitialSite by site different approach. No success criteria set. Ad-hoc /reactive

approach.

DefinedCorporate and industry best practices gathered and translated into physical

security corporate goals and requirements.

RepeatableSet requirements formally documented and standardized. Site level gap

analyses and action plans.

Managed and MeasuredFormal PSMS which is measured and controlled. Reporting and auditing

system established.

OptimizedCorporate-wide physical security management system and aware work force.

Process improvement and performance measurement focused.

Public Information11 1/18/2016

• Conformance with global standards

• Continual improvement

Auditing

Public Information12 1/18/2016

• Consistency (documented, repeatable)

• Continual improvement (internal audit)

• Measurable results – KPIs, benchmarking

• Management commitment

• Enhancement of the organization's

performance

• Systematical risk identification

Benefits

Public Information13 1/18/2016

Questions

Public Information14 1/18/2016

Thank you