1、Supply Chain Risk Management: A Compilation of Best PracticesASIS INTERNATIONAL ANSI/ASIS SCRM.1-2014STANDARDThe worldwide leader in security standards and guidelines development1625 Prince StreetAlexandria, Virginia 22314-2818 USA+1.703.519.6200Fax: +1.703.519.6299www.asisonline.orgSupply Chain Ris
2、k Management: A Compilation of Best Practices ANSI/ASIS SCRM.1-2014S T A N D A R D Standard_SCRM_Cover_wSPINE.indd 1 5/5/2014 10:09:19 AMorldwide leader in security standards and guidelines de1625 Prince StreetAlexandria, Virginia 22314-2818 USA+1.703.519.6200Fax: +1.703.519.6299.asisonline.orgSuppl
3、y Chain Risk Management: A Compilation of Best Practices ANSI/ASIS SCRM.1-2014S T A N D A R D Standard_SCRM_Cover_wSPINE.indd 1 5/5/2014 10:09:19 AMSupply Chain Risk Management: A Compilation of Best Practices ANSI/ASIS SCRM.1-2014S T A N D A R D Standard_SCRM_Cover_wSPINE.indd 1 5/5/2014 10:09:19 A
4、MASIS International (ASIS) is the preeminent organization for security professionals, with more than 38,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address b
5、road security interests, such as the ASIS Annual Seminar and Exhibits, as well as specific security topics. ASIS also advocates the role and value of the security management profession to business, the media, governmental entities, and the general public. By providing members and the security commun
6、ity with access to a full range of programs and services, and by publishing the industrys number one magazine, Security Management, ASIS leads the way for advanced and improved security performance. For more information, visit www.asisonline.org.Standard_SCRM_Cover_wSPINE.indd 1 5/5/2014 10:09:19 AM
7、ANSI/ASIS SCRM.1-2014 an American National Standard SUPPLY CHAIN RISK MANAGEMENT: A COMPILATION OF BEST PRACTICES Approved March 28, 2014 American National Standards Institute, Inc. ASIS International Abstract This Standard, developed in collaboration with the Supply Chain Risk Leadership Council, p
8、rovides a framework for collecting, developing, understanding, and implementing current best practices for supply chain risk management (SCRM). It is a practitioners guide to SCRM and associated processes for the management of risks within the organization and its end-to-end supply chain. This Stand
9、ard provides some guidelines and possible approaches for an organization to consider, including examples of tools other organizations have used. It can serve as a baseline for helping enterprises assess and address supply chain risks and for documenting evolving practices. ANSI/ASIS SCRM.1-2014 ii N
10、OTICE AND DISCLAIMER The information in this publication was considered technically sound by the consensus of those who engaged in the development and approval of the document at the time of its creation. Consensus does not necessarily mean that there is unanimous agreement among the participants in
11、 the development of this document. ASIS International standards and guideline publications, of which the document contained herein is one, are developed through a voluntary consensus standards development process. This process brings together volunteers and/or seeks out the views of persons who have
12、 an interest and knowledge in the topic covered by this publication. While ASIS administers the process and establishes rules to promote fairness in the development of consensus, it does not write the document and it does not independently test, evaluate, or verify the accuracy or completeness of an
13、y information or the soundness of any judgments contained in its standards and guideline publications. ASIS is a volunteer, nonprofit professional society with no regulatory, licensing or enforcement power over its members or anyone else. ASIS does not accept or undertake a duty to any third party b
14、ecause it does not have the authority to enforce compliance with its standards or guidelines. It assumes no duty of care to the general public, because its works are not obligatory and because it does not monitor the use of them. ASIS disclaims liability for any personal injury, property, or other d
15、amages of any nature whatsoever, whether special, indirect, consequential, or compensatory, directly or indirectly resulting from the publication, use of, application, or reliance on this document. ASIS disclaims and makes no guaranty or warranty, expressed or implied, as to the accuracy or complete
16、ness of any information published herein, and disclaims and makes no warranty that the information in this document will fulfill any persons or entitys particular purposes or needs. ASIS does not undertake to guarantee the performance of any individual manufacturer or sellers products or services by
17、 virtue of this standard or guide. In publishing and making this document available, ASIS is not undertaking to render professional or other services for or on behalf of any person or entity, nor is ASIS undertaking to perform any duty owed by any person or entity to someone else. Anyone using this
18、document should rely on his or her own independent judgment or, as appropriate, seek the advice of a competent professional in determining the exercise of reasonable care in any given circumstances. Information and other standards on the topic covered by this publication may be available from other
19、sources, which the user may wish to consult for additional views or information not covered by this publication. ASIS has no power, nor does it undertake to police or enforce compliance with the contents of this document. ASIS has no control over which of its standards, if any, may be adopted by gov
20、ernmental regulatory agencies, or over any activity or conduct that purports to conform to its standards. ASIS does not list, certify, test, inspect, or approve any practices, products, materials, designs, or installations for compliance with its standards. It merely publishes standards to be used a
21、s guidelines that third parties may or may not choose to adopt, modify or reject. Any certification or other statement of compliance with any information in this document should not be attributable to ASIS and is solely the responsibility of the certifier or maker of the statement. All rights reserv
22、ed. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written consent of the copyright owner. Copyright 2014 ASIS International ISBN: 978-1-934904-
23、56-5 ANSI/ASIS SCRM.1-2014 iii FOREWORD The information contained in this Foreword is not part of this American National Standard (ANS) and has not been processed in accordance with ANSIs requirements for an ANS. As such, this Foreword may contain material that has not been subjected to public revie
24、w or a consensus process. In addition, it does not contain requirements necessary for conformance to the Standard. ANSI guidelines specify two categories of requirements: mandatory and recommendation. The mandatory requirements are designated by the word shall and recommendations by the word should.
25、 Where both a mandatory requirement and a recommendation are specified for the same criterion, the recommendation represents a goal currently identifiable as having distinct compatibility or performance advantages. About ASIS ASIS International (ASIS) is the leading organization for security profess
26、ionals, with more than 38,000 members worldwide. ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests, such as the ASIS Annual Seminar and Exhibits, as well as specific secu
27、rity topics. ASIS also advocates the role and value of the security management profession to business, the media, government entities, and the public. By providing members and the security community with access to a full range of programs and services, and by publishing the industrys No. 1 magazine
28、Security Management - ASIS leads the way for advanced and improved security performance. The work of preparing standards and guidelines is carried out through the ASIS International Standards and Guidelines Committees, and governed by the ASIS Commission on Standards and Guidelines. An ANSI accredit
29、ed Standards Development Organization (SDO), ASIS actively participates in the International Organization for Standardization. The Mission of the ASIS Standards and Guidelines Commission is to advance the practice of security management through the development of standards and guidelines within a vo
30、luntary, nonproprietary, and consensus-based process, utilizing to the fullest extent possible the knowledge, experience, and expertise of ASIS membership, security professionals, and the global security industry. About the SCRLC The SCRLC (http:/) is a cross-industry organization including world-cl
31、ass manufacturing and services supply-chain organizations and academic institutions that work together to develop and share current best practices in supply-chain risk management. Its mission is to create supply-chain risk management standards, processes, capabilities, and metrics that reflect curre
32、nt best practices and can be widely adopted. Suggestions for improvement of this document are welcome. They should be sent to ASIS International, 1625 Prince Street, Alexandria, VA 22314-2818. Commission Members Charles A. Baley, Farmers Insurance Group, Inc. Jason L. Brown, Thales Australia Michael
33、 Bouchard, Sterling Global Operations, Inc. Cynthia P. Conlon, CPP, Conlon Consulting Corporation William J. Daly, Control Risks Security Consulting Lisa DuBrock, Radian Compliance Eugene F. Ferraro, CPP, PCI, CFE, Convercent F. Mark Geraci, CPP, Purdue Pharma L.P. Bernard D. Greenawalt, CPP, Securi
34、tas Security Services USA, Inc. ANSI/ASIS SCRM.1-2014 iv Robert W. Jones, Socrates Ltd Glen Kitteringham, CPP, Kitteringham Security Group Inc. Michael E. Knoke, CPP, Express Scripts, Inc. Bryan Leadbetter, CPP, CISSP Marc H. Siegel, Ph.D., ASIS International, European Bureau Jose Miguel Sobron, Uni
35、ted Nations Roger D. Warwick, Pyramid International Allison Wylde, Researcher and Consultant At the time it approved this document, the SCRM Standards Committee, which is responsible for the development of this Standard, had the following members: Committee Members Committee Co-Chair: Marc H. Siegel
36、, Ph.D., Commissioner, ASIS Global Standards Initiative Committee Co-Chair: John J. Brown, P.E., ARM-E, Thomson Reuters Commission Liaison: Bernard D. Greenawalt, CPP, Securitas Security Services USA, Inc. Committee Secretariat: Susan Carioti, ASIS International Frank Amoyaw, LandMark Security Limit
37、ed Raymond Andersson, Australian Government - Department of Human Services Edgard Ansola, CISA, CISSP, CEH, CCNA, Asepeyo Ravi Anupindi, University of Michigan Dennis Arter, ASQ Fellow, Certified Quality Auditor, American Society for Quality Abrar Ashraf, CPP, PSP, Secure Options Group Craig Babcock
38、, Procter b) Intentional acts (e.g., criminal acts, terrorism, industrial espionage, labor and social unrest, regulatory actions, etc.); and c) Unintentional acts (e.g., accidents, process breakdowns, wrong materials, personnel issues, etc.). SCRM is part of an integrated and multifaceted business m
39、anagement strategy, and therefore also takes into consideration the organizations image, reputation, and marketing, as well as the management of quality; environment, health and safety; purchasing; logistics; facilities; communications; human resources; and materials. SCRM integrates several differe
40、nt risk and resilience related disciplines, including, but not limited to security, cyber-security, crisis, business continuity, and emergency management, as well as asset conservation, insurance, and technology recovery. SCRM seeks to anticipate, prevent, protect, mitigate, manage, respond, and rec
41、over from potentially undesirable and disruptive events, as well as identify opportunities. The best strategy for addressing risk events will be determined by the organizations context of operations, its risk appetite, and results of risk assessments. Supply chain risk management is a holistic compo
42、nent of the overall risk management framework for an organization. Therefore, this Standard should be used as a complement to existing risk management programs for enterprise or fiduciary risk. Adoption of this Standard should build on rather than supplant existing specialized risk programs. 0.2 The
43、 Need for Supply Chain Risk Management SCRM is vital for organizations that increasingly rely on extended operations, both internal and external, for their success. This is primarily due to the advantages organizations have found in utilizing strategies such as globalization, outsourcing, off-shorin
44、g, specialized manufacturing, ANSI/ASIS SCRM.1-2014 xii supply-base rationalization, just-in-time deliveries, supplier consolidation and lean inventories. While these strategies offer many benefits in efficiency and effectiveness, they also make supply chains increasingly prone to risk and can incre
45、ase the likelihood of supply-chain disruption. Historic and recent events have proven the need to identify and manage supply chain risks.1 These past events illustrate that a single event can disrupt multiple elements of supply chains around the world. Disruptions can impact any aspect of the supply
46、 chain, including critical infrastructure, communications, logistics, supply, manufacturing, and distribution. Therefore, to protect itself, an organization needs to develop proactive risk management strategies and plans. Additionally, they need to be fully cognizant of potential adverse consequence
47、s, opportunities, and impacts on financial performance. SCRM is essential for all public or private organizations to manage risks associated with their dependencies and interdependencies in order to survive and thrive. Operational maturity levels vary between organizations. Some organizations have y
48、et to realize the importance of SCRM while others have emerging or advanced SCRM programs2 This Standard provides guidance on some current best practices that can be applied to any organization. An organization may select and use the appropriate guidance based on the maturity of its SCRM program. In
49、 a globalized economy SCRM is critical for decision making and business planning of international operations and expansion of business. It is important that those responsible for analysis of international operations conduct a robust assessment of risk and resilience in their planning processes prior to domestic or international expansion, taking into account the local context and environment of operations. In the planning process the organization needs to understand the levels of control, exposure, and visibility it will have of the various tiers of it