SCSM

Supply Chain Security Management All the tools required to provide security-based frameworks and processes,

assuring the safety of your supply chain.

Maximizing the Efficiency and Security of Your Supply Network

SCSM_8seiter_160709.indd 1 24.07.2009 11:10:29 Uhr

Supply Chain SecurityIncreasing risk makes supply chain ▪security an international priority

Governments are increasing ▪pressure on industries and

enforcing security

The ISO 28000 series, C-TPAT and ▪AEO are the leading international

supply chain initiatives

The TÜV Rheinland Group’s vast experience in the field of security and supply chain related

assessments ensures that we are an organization you can trust

to keep your supply network safe

As one of the only ISO 28000 accredited certification bodies our key services are essential at every

stage of the supply chain, from manufacturing and service, to storage and transportation.

Complex Supply Network

The modern supply network is complex, covering many suppliers, modes of transport

and different countries. As a result of this complexity, the need for varied services such as

environmental protection, social responsibility, supply chain security and product safety

and quality constantly increases.

Factors beyond organizational control

Failures in externally supplied ▪equipment and services

Natural disastersMay render security measures and �

equipment ineffective

Operational threats and risksControl of security ▪Human factors (e.g. poor ▪communication)

Activities that affect the ▪organization’s performance,

condition or safety

Physical failure threats and risksFunctional failure ▪Incidental and malicious damage ▪Transportation (robbery, theft, ▪hijack)

Terrorism ▪

Minimize the Risk

RetailerRetailer

Key ServicesSupply chain security ▪Information security ▪Product safety and quality ▪Social responsibility ▪Environmental protection ▪Other relevant services ▪

Logistics

DistributorSupplier

Manufacturer (OEM)

Threats and Risks

SCSM_8seiter_160709.indd 2 24.07.2009 11:10:39 Uhr

Integrated AuditsComplex Supply Network

Our integrated solutions approach was established to provide customers with maximum

output for minimum input. As standards tend to share certain common requirements and

management principles, there is an inevitable overlap. By selecting multiple services from

the TÜV Rheinland Group, however, you can rest assured that wherever possible, audits

will be conducted simultaneously, saving you time and money.

What kind of companies are best suited for integrated management systems? Integrated management systems are

suitable for all kind of organizations.

They are highly effective for

management strategy and Corporate

Social Responsibility (CSR), as well

as for companies seeking continuous

improvement and growth.

What about a single system that integrates the operation of two or more management systems? A single system that integrates

the operation of two or more

management systems is not only

an effective way to acquire an

additional ISO certification or to

use the current certification to meet

more than one standard, it is also

an efficient tool for strengthening

your organization. Simultaneous

auditing of two or more management

Internal streamliningConsistency with company policy, management system goals and targets, ▪and stakeholder expectations

Elimination of duplication among internal audits for improved business ▪efficiency

Audit efficiencyOnly one audit per year ▪Reduced auditing time for common elements and personnel ▪Shorter compliance time for each division ▪

Cost efficiencyReduction in audit man-days leads to reduced costs ▪Lower costs due to higher overall performance feedback ▪

Benefits of Integrated AuditsEliminate the duplication of work

by synergizing several standards

into one management system.

Save time and money by having

systems simultaneously audited

against multiple standards.

Integrated Audits

ISO 14001

ISO/IEC 27001

ISO 28000

ISO 9001

ISO 22000

systems is the first step on the path

to achieving an integrated system.

Manufacturer (OEM)

SCSM_8seiter_160709.indd 3 24.07.2009 11:10:40 Uhr

The ISO 28000 Series; Supply Chain Security

The scope includes critical aspects for security assurance of supply chains

Target GroupRelevant to all organizations ▪eager to implement and maintain

a proven security management

system

Applicable to all sectors of industry, ▪and to any type and size of

organization at any point in the

supply chain

Of interest to any organization ▪looking to assure conformance with

international security management

standards

Key Elements

Corporate security policy and ▪top management commitment

Employee training and awareness ▪

Goods in transportation or storage ▪Information flow and management ▪Manufacturing sites ▪

Builds on the foundation of ▪ISO 9001 and ISO 14001

management systems

Risk based approach, aligned to ▪ISO 14001, ISO 22000, OHSAS,

ISO 27001 etc.

Compliance to the ISO 28000 ▪series can be verified by internal or

external audits

Uses best practice risk assessment ▪tools including ISO 28001

Specifies the requirements for a ▪supply chain security management

system

Facilities for storage, packaging and ▪transfer of goods

Financing ▪

The ISO 28000 series focuses on the overall security of an organization’s supply chain, acting as

an umbrella standard that incorporates the requirements of all major international supply chain

security and World Customs Organization initiatives. It integrates both the process-based approach

of ISO’s management systems, and the ‘plan-do-check-act’ model.

The ISO 28000 series helps all sectors of industry assess elements of risk

Design the security management system based on your risk

SCSM_8seiter_160709.indd 4 24.07.2009 11:10:43 Uhr

The ISO 28000 Series; Supply Chain Security Steps to becoming ISO 28000/ISO 28001 certified

Increases efficiency in transport and visibility in supply chain management;

benefits include a potential reduction of your company’s costs and carbon footprint.

Meets international supply chain security requirements and mitigates risk ▪Optimizes processes to guarantee that the supply chain remains free of disruptions ▪Increases quality assurance and manufacturer control ▪Prevents unnecessary losses ▪Pools existing security standards relating to transportation into one unified management system ▪Demonstrates a pioneering role in transportation security ▪Avoids the expense associated with multiple certifications ▪Presents the company as a professional partner to customers, authorities and investors ▪

The first step in the process is to define your needs and detail the scope for

certification, thereby creating a basis for a differentiated proposal.1 Project discussion

Auditors conduct an optional pre-audit to determine the extent to which the

company meets the ISO 28000/ISO 28001 requirements.2 Pre-audit (optional)

The audit team ascertains if the security management documentation

meets the requirements of ISO 28000/ISO 28001, and reviews the client’s

understanding of the requirements of the standard. 3 STAGE 1

Certification Audit

You demonstrate the practical application of your security management system

and our auditors assess its effectiveness in detail.4 STAGE 2Certification Audit

If all criteria have been met, your company is awarded a certificate, confirming

that your supply chain security management system is effective and conforms

with all specification requirements.5 Issue of certificate

Our annual surveillance audits help you to continuously optimize your

processes, and ensure maintenance to the standard.6 Surveillance audits

After three years, a reassessment for certification renewal is performed,

ensuring the continuation of your improvement process, while documenting

the long-term safety of your business for your partners and customers.7 Certification renewal

As an accredited ISO 28000 certification body our specialists are ready with a wealth

of expertise and helpful advice to support you during the certification of your business.

The Benefits of ISO 28000/ISO 28001

SCSM_8seiter_160709.indd 5 24.07.2009 11:10:43 Uhr

This 3-day course focuses on the

ISO 28000 series system audits for

those with in-depth management

system auditing experience. In addition

to a complete overview of the

ISO 28000 series of standards, the

course also provides background

on the supply chain and standard

requirements, plus detailed reviews of

risk assessment techniques and specific

auditing requirements.

Internal Auditor Training

Main ObjectivesLearning about challenges to supply chain and security management ▪Understanding supply chain and global legislation and regulations pertinent to the ISO 28000 series ▪Evaluation of security aspects of, and impacts on, a company supply chain ▪Correct interpretation and description of auditing requirements of the ISO 28000 series ▪Preparation of an audit schedule, selection of appropriate auditing methods and implementation of an effective aide ▪memoir (discussion tool) using techniques such as checklists

Performance of value-added auditing, with knowledge of management system standards ▪Planning and conducting of audits using case study material ▪Auditing to establish the effectiveness of the security management system in meeting legislative and policy requirements, ▪and in improving performance

Course Overview

Day 1 Auditing

Day 2 Auditing Skills

Day 3 ISO 28000 Series

Day 4 Risk Assessment

Day 5 System Audit

The ISO 28000 Series Auditor Training

This 5-day course is designed for those

with limited auditing experience, and

offers an introduction to auditing

with a key focus on the ISO 28000

series management system audits.

Days 1 and 2 provide basic auditing

principles and best practices. Day

3 features a complete overview of

the ISO 28000 series of standards,

including background on the supply

chain and standard requirements.

Days 4 and 5 conclude with a detailed

synopsis of risk assessment techniques

and specific auditing requirements.

Use the TUVdotCOM Internet platform to make your personal qualifications

and certifications accessible to existing and potential clients at any time on

the Internet. The credibility provided by an independent third-party –TÜV

Rheinland Group– emphasizes your integrity and helps you stand out from the

competition.

For more information and a sample ID, go to www.tuv.com and type in the

following ID number: 1000101716

TUVdotCOM Personal ID – Show your credibility and experience in “black and white”

The new ISO 28000 series of standards is increasingly important for international trade.

In order to develop the knowledge and skill set to initiate and implement supply chain

security management, TÜV Rheinland has developed a comprehensive course that caters to

individuals, with or without an auditing background.

ISO 28000 Series Lead Auditor Training

Day 1 Day 2 Day 3 Day 4 Day 5 Day 3 Day 4 Day 5

SCSM_8seiter_160709.indd 6 24.07.2009 11:10:44 Uhr

Authorized Economic Operator (AEO) and C-TPAT

By satisfying certain criteria, an AEO is considered to be reliable in their customs-related

operations throughout the European Community, and is therefore entitled to specific

benefits.

Types of CertificateAEO Certificate – Security and Safety ▪AEO Certificate – Customs Simplifications ▪AEO Certificate – Customs Simplifications / Security and Safety ▪

Our services include

Awareness training ▪Internal auditor training ▪Second party audits ▪

Key aspects of C-TPAT

Analysis of security systems and procedures ▪Physical inspections, access controls ▪Education, training and awareness ▪

Possibility of prior notification ▪ Reduced data set for summary declarations ▪ Fewer physical and document-based controls ▪ Priority treatment of consignment if selected for control ▪ Possibility to request a specific place for such control ▪ Easier admittance to customs simplifications ▪

Benefits of AEO and C-TPAT

The AEO program was established

to ensure an equivalent level of

protection in customs controls for

goods brought into or out of the

customs territory of the European

Community (EC).

Based on EC regulation 648/2005 ▪‘Authorized Economic Operator’

Customs Security Program (CSP) ▪Risk related information ▪

Key Elements Key aspects to satisfying the criteria for

the above certification are management

of records and recording of compliance

with customs requirements, as well

as proven financial solvency and the

maintenance of security and safety

standards.

TÜV Rheinland provides all services

necessary to ensure our clients meet

and surpass AEO requirements.

ISO 28000 – Supply Chain Security ▪Management designed to meet

AEO requirements

ISO/IEC 27001 – Information ▪Security Management System

Awareness Training – Understand ▪AEO and the steps to certification

AEO Gap analysis assessments ▪

Customs officials trust the AEO, and

require fewer or no inspections on

their imported or exported goods

Customs Trade P artnership Against Terrorism (C -TPAT)

The Customs Trade Partnership Against Terrorism (C-TPAT) builds on the best practices of Customs Border Protection (CBP) and

industry partnerships to strengthen supply chain security and encourage cooperative relationships. As a designated third-party

auditing body, TÜV Rheinland can help you prepare for C-TPAT validation audits

SCSM_8seiter_160709.indd 7 24.07.2009 11:10:46 Uhr

® T

ÜV

, TU

EV

an

d T

UV

are

reg

iste

red

tra

dem

arks

. Uti

lisat

ion

an

d a

pp

licat

ion

req

uir

es p

rio

r ap

pro

val.

P.

08S

B00

8en

JP09

071.

0

Represented worldwide with more ▪than 13,000 employees in more than

61 countries at over 490 locations.

We offer over 2,500 value added ▪services covering more than 39

industries

The goal and guiding principle ▪of the corporation – the sustainable

development of safety and quality –

is achieved through a strong

commitment to Corporate Social

Responsibility and ethical values.

TÜV Rheinland Group has more ▪than 135 years of experience.

Let the TÜV Rheinland Group help you maximize the benefits of this international standard

The first ISO 28000 accredited certification body in Asia ▪Accepted and represented worldwide ▪Risk Management audits conducted globally ▪Selected by US Government to conduct C-TPAT audits ▪Large portfolio of related services ‘One Stop Solutions’ ▪Reliable, impartial, cost-effective, confidential and localized certification services ▪Use of TUVdotCOM certificate database makes your competitive edge clearly visible ▪Certification service under the umbrella of an internationally accepted accreditation body ▪

TÜV Rheinland, your global partnerCustomers Can Actually See How Much You Care

* Disclaimer: These are example keywords for illustrative purpose only. Keywords are granted based on performance testing and an internal review cycle. Manufacturers may apply for new and existing keywords anytime.

Cologne/Nuremberg

YokohamaShanghai

Silicon Valley

Budapest

0:00 3:00 6:00 9:0012:00 15:00 18:00 21:00

® T

ÜV

, TU

EV

an

d T

UV

are

reg

iste

red

tra

dem

arks

. Uti

lisa

tio

n a

nd

ap

pli

cati

on

req

uir

es p

rio

r ap

pro

val.

L

.05S

B0

02en

JP08

061.

0

5 Global Technology Assessment Centers (GTAC) Our network provides 24-hour access to all TÜV Rheinland Group services & capabilities

Office & Laboratory Location

Represented worldwide with more ▪than 12,500 employees in more than

60 countries at over 340 locations.

Our business portfolio includes: ▪Industrial Services, Mobility, Products,

Life Care as well as Education &

Consulting and Systems.

The goal and guiding principle ▪of the corporation – the sustainable

development of safety and quality –

is achieved through a strong

commitment to Corporate Social

Responsibility and ethical values.

TÜV Rheinland Group has more ▪than 130 years of experience.

For contact details please visit

www.contact.tuv.com

TÜV Rheinland Locations

The mark that speaks to customers about

the safety of your food

The TUVdotCOM service differentiates your products

from the competition by highlighting its benefits

through the use of keywords

which are displayed with

the TUVdotCOM ID,

allowing consumer to see

why your food is better

than the product next to it.

TUVdotCOM products receive

a unique ID number allowing users to search for the

food on our website and see which tests were performed,

assuring quality and safety. Let us help you stand out

from the competition.

t

A service that protects your brand and

ensures the authenticity of your products

The TÜV Rheinland’s Product Authentication Platform

provides authenticity assurance through tracking and

tracing. Our Platform

allows you to not only

check the path the

product has taken,

but allows you to look

forward and ensure

a secure trail. Highly

secure authentication codes verify the origins and validity of

your food products. The code can be scanned with mobile

phones or entered manually into our website, where it is

verified, thus removing the threat of counterfeited goods

being sold and reassuring customers of the authenticity and

above all, the safety of the food they are about to consume.

TJ6HHS24AH46G

For further information about ISO 22000 and related topics please visit:

For contact details please visitwww.contact.tuv.com

SCSM

For further information on supply chain security and related topics, please visit:

www.tuv.com/jp/en/security

SCSM_8seiter_160709.indd 8 24.07.2009 11:10:47 Uhr