by Gina Giron-Urquiola
|DP World Vancouver has become the first marine terminal in the Americas to achieve international certification for its security management systems and operations, as of March 11. Lloyds Register Quality Assurance audited global marine terminal operator DP World's Canadian terminal for compliance with the international standard ISO/PAS 28000:2006. This follows certification at both DP World's corporate head office in Dubai, UAE, and pilot site, Djibouti Container Terminal, in September last year. ISO/PAS 28000 is the management system that DP World has adopted as the base standard for implementing and managing its corporate security policies. The international system underpins all of DP World's internal and external security initiatives and activities, and is being phased in across the entire DP World network of terminals under the supervision of Hart security consultants. DP World aims to certify 13 of its terminals this year.
The International Ship and Port Facility (ISPS) code was introduced in 2004 to help detect and prevent security incidents on ships and at port facilities.
But ships and ports are only one tiny part of the supply chain - container packers, freight forwarders, transport operators, manufacturers and many others - are all vulnerable to security threats, and probably more so than ships and ports.
The Lloyds Register Group is a market leader for ISPS code certification and, in becoming so, has developed knowledge and experience about security issues affecting other parts of the intermodal supply chain. The opportunity arose to develop similar management systems standards for the rest of the intermodal supply chain.
"The LR Group was prepared to pioneer this work, but the International Organization for Standardization (ISO) Technical Committee ISO/TC 8, Ships and marine technology, was also starting a similar programme of work. Our development work was considered the preferred option so we became one of the main driving forces behind the ISO working group," said Peter Boyce, Senior Business Manager, Security Management Systems, Asia for Lloyd's Register Quality Assurance Ltd (www.LRQA.com).
On November 17, 2005, the results of a year's work concluded with the publication of ISO/PAS 28000:2005, a management system specification which has been developed specifically for companies and organisations that manage supply chain operations.
Certification to ISO standards is one of the services in the LRQA portfolio. ISO/PAS 28000 was modelled after the established ISO 14001 standard for environmental management systems. So the same 'plan-do-check-act' risk-based approach many companies utilise when evaluating and managing environmental risks can be applied to supply chain security risks and threats.
The ISPS Code was developed to address the security threats posed to ships and port facilities in the post 9-11 era. Its introduction on July 1, 2004 tightened supply chain security. However, until now, there has been no security-specific management systems framework available to all "resource to retail" operators which provide logistics, transport and support services to organisations which are heavily reliant on their supply chain service providers for incident and problem free, 'just in time' delivery of goods and services.
"ISO PAS 28000 will provide such a framework and its alignment with other management system standards means that it can be incorporated into business-as-usual management practices," explained Boyce.
Development of ISO/PAS 28000
ISO 28000 was the product of the ISO technical committee ISO/TC 8, Ships and Marine Technology, in collaboration with other technical committee chairs. Fourteen countries participated in its development, together with several international organizations and regional bodies: These included the International Maritime Organization, the International Association of Ports and Harbours, the International Chamber of Shipping, the World Customs Organization, the Baltic and International Maritime Council, the International Association of Classification Societies, the International Innovative Trade Network, the World Shipping Council, the Strategic Council on Security Technology, which has a Memorandum of Understanding with ISO/TC 8, and the US-Israel Science and Technology Foundation.
The need for another management standard is fairly obvious when one considers the billions of dollars worth of goods moving along global supply chains, said Boyce.
There are hundreds of Ro-Ro ferries and car carriers operating around the world, as well as many other means of transporting and transferring goods from shore-based operations to ports and ships. Many of these operators, which are responsible for forwarding and packing freight and cargo, have yet to understand security as a potential business risk and some are not taking security as seriously as they should.
Furthermore, many organisations that already have ISO 9001-based business management systems will be able to integrate security management into existing business systems quite easily.
In brief, ISO/PAS 28000 is a major security initiative designed to improve the monitoring of freight flows, combat smuggling and other criminal activities and to respond to the threat of terrorist attacks. In doing so, its mandate is to create a safe and secure international supply chain regime.
ISO/PAS 28000's risk-based approach helps firms to identify the right balance between security controls and the essential fluid processes that allow cargo and goods to flow freely from factory to the final customer.
ISO/PAS 28000 can be used by a broad range of organisations - small, medium and large - in the manufacturing, service, storage and transportation sectors at any stage of the production or supply chain. "Implementing ISO 28000 into your system, whether you are an SME, a major buyer, a freight forwarder, or a trucking company, will ensure that you get a head-start against your rivals in whatever trade transport sector you operate," said Boyce. "In the case of a large multinational, for example, if they wanted to get their product from the factory to customers in the EU in a short period of time, certifying that their entire supply chain was ISO 28000 compliant will certainly streamline the process. Not only would this mean secure systems, but it would also mean that all transport providers in the chain-from truckers to carriers-would be compliant. And once the product gets to the port of entry in the EU, ISO compliance should mean speedier processing. So you can see how vital supply chain management compliance will become to global trade."
There are bound to be commercial pressures to embrace the ISO28000 culture; a multinational retailer at one end may want their products faster, prompting the manufacturers on the other end to seek compliance to satisfy their customer.
"Manufacturing and retail, these are the two areas that are expected to take the lead in ISO 28000," said Boyce.
However, it appears that container ports have been among the first to take the bull by the horns.
Dubai Ports World, a global container port operator with over 46 terminals under its control, was issued its first ISO/PAS 28000 certificate of approval by LRQA on, ironically, September 11, 2006. DPW went through a review of its management systems and was certified compliant with ISO 28000 standards at three of its ports, with the rest to undergo assessment over the next three years.
In the US, or for goods entering the States, the associated benchmark standard is C-TPAT (or Customs-Trade Partnership Against Terrorism) and the Container Security Initiative (CSI). In future, Boyce sees the possibility that ISO 28000, C-TPAT and CSI will become co-operative components of a globally secure supply chain.