Making standards work

Making standards work

On the morning of April 19, 1891, eastbound Express Mail Train No. 4 collided head-on with a westbound freighter near Kipton, Ohio. The ensuing collision killed 11 persons and caused great loss of property and revenue to the railroad industry and the U.S. Post Office. An investigating commission later determined that the accident was caused by the freight train being four minutes behind schedule - an error traced to the engineer's watch.

At a time when our nation's chief form of transportation relied nearly exclusively on accurate timekeeping, the commission was surprised to discover that most railroads only lacked formal policy regarding timekeeping equipment, but allowed their trains to operate on cheap, low-quality alarm clocks. As a result, two years later the country's first standards for the production of precision timepieces were created for adoption by the U.S. railroad industry.

While the railroad's need for a timekeeping standard would have seemed glaringly obvious, as in many cases, it took a disaster to force the issue. And while there were compelling benefits cited by those companies that adopted the standard, not all chose to do so. Interestingly, more than a century later, it would appear that little has changed when it comes to the difficulties associated with either drafting or implementing standards - and supply-chain security is no exception.

By definition, a standard is: "Some-thing established for use as a rule or basis of comparison; a level of excellence, attainment, etc., regarded as a measure of adequacy." As such, a standard plays a critical role by defining for industry what a minimum acceptable control is, thereby allowing companies to accurately assess what will be needed to meet the standard. This promotes greater involvement from industry by giving corporate boardrooms the confidence in knowing that their investments made today will still be good tomorrow. Standards also allow for the establishment of uniform metrics and key performance indicators by which a program can be measured, and therefore managed. This provides the visibility necessary for continuing process improvements, while allowing companies to track their return on investment.

Customs and Border Protection learned the hard way what it's like to roll out a program as expansive and complex as the Customs-Trade Partnership Against Terrorism without first developing minimum program standards. As a result, they created an environment where thousands of participants were left to individually interpret what constituted an acceptable control. This created an enormous workload for Customs, which then had to evaluate each application on a case-by-case basis. Only after three years of on-the-job-training from the review of thousands of supply-chain security profile plans would Customs develop an understanding of minimum and best-in-class practices. This work would later support Customs' joint development with industry of C-TPAT Standards for Importers. But while helpful in providing structure for C-TPAT participation, can they really be considered legitimate standards?

In June, the World Customs Organization released its "Framework of Standards to Secure and Facilitate Global Trade." While intended predominantly as a customs-to-customs document for use by member countries, its structure and level of detail - particularly in citing specific industry standards such as ISPS Code (b1630-37) and ISO/PAS 17712 - make it mandatory reading for any corporate trade security manager.

More recently, the International Organization for Standardization has released a draft of its own security standards, "ISO/PAS 28000: Specification for Security Management Systems for the Supply Chain." This badly needed document represents the first work from a true standards body developed specifically for businesses. The specification addresses security from a risk-based approach to management systems and establishes the relationship between other relevant standards.

The significance to industry is that many companies have previously undergone some form of ISO standardization. Already being familiar with ISO's required processes and documentation helps to set expectations and facilitate implementation. As an ISO standard, the specification also helps to rightfully categorize supply-chain security as a quality initiative, thereby making it easier for businesses to understand its relationship with other quality programs, and the benefits associated with them.

It will be interesting to see how these standards work together and which, if any, will emerge as the overall industry leader. Still, we will only be as secure as the number of companies that chose to adopt them. Let's just hope it doesn't take another train wreck.

William G. "Jerry" Peck is president and founder of Global Trade Management Solutions. He can be contacted at (815) 462-1732, or at wgpeck@comcast.net.