Supply
Chain Security (SCS) Management System
1
Serving Patients is a Privilege that Comes with
Responsibilities
Rx-360 Mission:
Protect patient safety by sharing information and
developing processes related to the integrity of the
healthcare supply chain and the quality of materials
within the supply chain
4
Vulnerabilities in the Supply Chain
5
Source: Pew Health Group
The Supply Chain is Becoming Increasingly
Global
FDA-registered domestic and foreign establishments Outsourced manufacturing revenue: growth by region
subject to GMP inspections, 2002-2011 (Active-ingredient / Finished drug)
– US 11%
7
Data provided by Pharmaceutical Security Institute (PSI)
Pharmaceutical Crimes are Increasing Along
With Arrests
14%
8
Data provided by Pharmaceutical Security Institute (PSI)
Momentum is Building
Industry is…
• Focusing on supply chain security
• Conducting more audits which are more thorough
• Hearing the message leading to increased supplier
transparency
• Implementing company specific solutions
• Improving and increasing the level of collaboration
Customer
11
Management System Definition
• A Management System provides a comprehensive view of
fundamental elements that make up a SCS program
• A common perspective to enhance cross functional collaboration
• An integrated approach that leverages countermeasures across the supply
chain
• A systematic tool that can be used to understand and communicate
potential gaps
• A management system can be the foundation to drive sustainable
and continuous improvement
• The supply chain can be simplified into four key phases from a
security standpoint:
12
Framework Simplifies the Supply Chain Into Phases
by Key Attributes
SC SC Phase SCS Key Attributes Examples of Program Elements
SCS elements are integrated into Supply
Raw Materials Supply Chain Agreements, Quality Agreements, Standards,
Transparency and
Packaging Sourcing oversight, and selection of suppliers
Supplier
Components SCS applies a risk-based approach to
Management
supplier management
Packaging technology and security features
Internal Mfg.
Packaging are managed comprehensively and
Technology and implemented at internal and third party
Production manufacturing sites
Manufacturing
External Mfg. Controls Management System for third party
manufacturing and packaging.
Each phase has key attributes, but the approach is integrated: program elements will overlap across 13
phases at the detailed level
SCS Framework Categorizes Phase Elements as
Prevention, Detection, or Response
Sourcing Production Logistics Market
SCS integration SCS integration SCS integration SCS integration
Education / Advocacy
Education / Advocacy
Elements
Operating Standard for Supplier Quality Management sets the governance and basic procedure for determining the supplier quality
management requirements and material qualification standards for every supplier
Quality Agreements with suppliers communicate detailed quality standards and expectations regarding all elements of the supplier's
supply chain
Logistics Raw Material Integrity Standards include storage and in-transit product maintenance and quality expectations
Risk Assessments are analyses conducted in order to identify potential weaknesses and threats within the supplier's supply chain
Auditing Provisions are contractual agreements to allow the firm to audit its supplier regularly and in response to suspected or confirmed
incidents
Supply Chain Security Standards include physical, electronic and procedural security that address best practices across the supply chain
Supplier Selection and Vetting Processes are documented selection processes that include supplier risk assessments and quality
expectations
Licensing, Acquisitions, and Integration Processes within the company should be aligned with supply chain security processes
Sourcing Employee Training teaches employees to prevent, detect, and respond to supply chain security threats
Waste Management Rules ensure that product packaging and product materials are properly disposed and do not re-enter the supply
chain 16
Asset Disposition Rules ensure that production equipment is properly disposed and does not re-enter the supply chain
Production Phase - Detection
Production
Sourcing Production Logistics Market
Prevention
Detection Detection
Response
Elements
Serialization identifies a specific unit or pack of product with a unique serial number and can track the product through a harmonized system
Product Security Feature Capabilities are a firm's ability to manufacture finished product with overt, covert and forensic level security features
Qualified Backup Security Features are backup product security features that have been tested and can be deployed in the event that another product security
feature of the same type is compromised
Routine Auditing allows firm to audit its contract manufacturers regularly or in response to suspected incidents in order to verify compliance with quality
agreements
Licensing, Acquisitions, and Integration Processes within the company should be aligned with supply chain security processes
17
Logistics Phase - Response
Logistics
Sourcing Production Logistics Market
Prevention
Response Detection
Response
Elements
Incident Reporting between all affected parties allows rapid and accurate communication in the event of a detection
A Comprehensive Security Database includes tools to gather, store and analyze data pertaining to potential or factual threats and signals, as well as documented
response and communication procedures
Educating Employees as part of the response plan will prevent and detect future incidents
Exit Strategies allow firms to discontinue business with LSPs having weak supply chain security controls or other factors indicating high risk
Formal Investigations and Mitigations after potential tampering and theft incidents will ensure that incidents are appropriately addressed
18
Market Phase -
Prevention
Market
Sourcing Production Logistics Market
Prevention
Prevention Detection
Response
Elements
Customer Agreements with wholesalers/customers communicate detailed quality standards and expectations regarding supply chain elements
Product Integrity Standards (wholesalers) include storage and in-transit product maintenance and quality expectations
Auditing Provisions are contractual agreements to allow firm to audit its wholesalers regularly and in response to suspected or confirmed incidents
Wholesaler Selection and Vetting Processes are documented selection processes that include risk assessments and quality expectations
Supply Chain Security Standards* include physical, electronic and procedural security that address best practices across the supply chain
Risk Assessments (wholesalers) are analyses conducted in order to identify potential weaknesses and threats within the wholesaler's supply chain
Market Risk Assessments** are analyses conducted by the firm in order to identify potential weaknesses and threats to individual products.
Licensing, Acquisitions, and Integration Processes within the company should be aligned with supply chain security processes
Wholesaler Employee Training teaches employees to prevent, detect, and respond to supply chain security threats
Consumer/Provider Education Materials teach consumers and providers about product safety, integrity, authentication, and current supply chain trends
Waste Management Rules ensure that product packaging and product materials are properly disposed and do not re-enter the supply chain
22
The Threat
• The pharmaceutical industry is concerned about the escalation of violent cargo
theft incidents in geographical areas categorized as “high risk”
• Many of these types of incidents go unreported due to:
– Bureaucratic theft reporting process
– Low probability that crimes will be properly categorized and investigated
– Negative publicity associated with the crimes
• An increase in cargo thefts puts patient safety at risk as stolen goods that have
been inappropriately handled could reenter the supply chain
23
Global Trends & Reporting
• A significant increase in thefts has been experienced by Rx-360 member
companies in Italy, Mexico, Brazil, Colombia, UK, and other countries
• British Standards Institution (BSi) has reported on the major increase in
pharmaceutical thefts in Italy since 2013
– Primarily attacks on trucks and courier vans
– Thefts have spread to areas where theft is less common
– Our intelligence indicated that some of these drugs were destined for
Eastern Europe
– Investigations by Italian authorities revealed that the drugs were sent to
fake distributors in Cyprus, Hungary, Latvia, Romania, Slovakia, and
Slovenia
– The stolen drugs have been found in Germany, Finland, and the United
Kingdom, diluted or otherwise tampered with
24
The Threat of Cargo Theft and
Hijackings in Brazil is Severe
• Highest rate of cargo theft in the world, with ~34 cargo trucks stolen/day
– Organized criminal groups employ sophisticated techniques and often threaten violence
– Thieves are known to hijack cargo trucks transporting high-value shipments of pharmaceuticals
– Average value of BSI-recorded thefts is above $100,000
– Cargo trucks are the most widely targeted modality, but complex thefts involving warehouses, distribution
centers, and logistics facilities are also common
– Thieves generally target high-value goods, particularly pharmaceuticals, electronics, alcohol, and tobacco
– The majority of thefts occur in major cities, including Sao Paulo and Rio de Janeiro
• Access to medicine remains a challenge despite having universal healthcare
– More affluent areas can afford medicine while poor areas cannot
– Federal and state spending on pharmaceuticals is minimal, resulting in shortages
25
Cargo Theft Incidents Have Increased
Across the Asia-Pacific Region
• A total of 53 theft incidents were recorded for the first half of 2014 by
FreightWatch International
• India, China, and Malaysia recorded the greatest number of cargo theft
incidents for first half of 2014
– Bangladesh, Cambodia, Singapore, Vietnam, and the Philippines also reported
thefts
• The Asia-Pacific region continues to experience inconsistent and irregular
incident reporting, which results in artificially low numbers of reported
incidents, however:
– Data indicates a continued trend of facility burglaries and hijackings in India,
Malaysia, Bangladesh, and the Philippines
– China, Vietnam, Cambodia, and Singapore have more commonly reported incidents
of fraudulent, facility burglary, and theft of vehicle and load incidents
26
Rx-360 Cargo Theft in High Risk Areas
Discussion Group
• Group published a white paper in January 2014
• Continue to meet on a monthly basis to discuss recent incidents
member companies have suffered, mitigations employed, what is
working/what is not, and hot topics
• Group membership continues to increase as collaboration and
sharing of best practices is needed as member company’s
business models change and footprints expand
27
Mitigation Options
• Armed/unarmed escorts
• Audits and/or self-assessment of subcontractors
• Convoy driving
• Unmarked delivery trucks
• Preferred drivers lists
• Dedicated deliveries in high risk areas for secondary lanes
• Contract incentives/penalties
• Toll roads/daytime shipping
• GPS monitoring
• Align your procedures with the 2014 FSR TAPA Standards
28
Mitigation Option Benefit/Cost Details
Subcontractor Security analysis of third party Increased control over the supply chain • $10-15K/annually
audits / self- (subcontracted) delivery companies. distribution network by assuring all • Self-audits could be ineffective if not completed with
assessments Facilitated by contracted LSP. delivery companies are aware/adhere to accurate information. The entity auditing has to have
the company’s security requirements. the internal authority to terminate the LSP if they are
Allows for the opportunity to terminate not up to standards.
LSP who are not able or willing to adhere to
transport security standards and other
GDPs throughout the process.
Convoy driving Two or more vehicles traveling together for Extra protection making it harder for • Variable financial cost depending on type of service
defensive support and protection. criminals to attack. provided, travel, duration, and destination.
• Increase in risk of visibility to criminals. Roadblock type
cargo theft could result in multiple losses to a company
deploying more than one conveyance in a single
convoy.
Unmarked delivery Vehicles/trailers without side or rear panel Truck is not easily identified as a pharma • Minimal financial cost
trucks markings normally displayed to identify the delivery truck making it harder for the • If trucks are plain white they will resemble 80% of all
carrier criminals to target conveyances on the roadway, making it difficult to
identify in case of a full truckload theft.
Mitigation Option Benefit/Cost Details
Dedicated deliveries Delivery loads consisting of a single Better control over dedicated deliveries. • Variable depending on delivery options
for secondary lanes manufacturer product(s) for delivery to an • Higher loss per incident. A full truckload theft would
end customer as opposed to mingled result in an elevated $$ amount of product stolen from
manufacturer product loads. Usually applied a single company.
to a 3PL or LSP supplier.
Contract incentives Incentive-based contract clauses used to Additional incentive (avoidance of financial • Unknown financial cost
/ penalties reward for productivity or other penalty) to execute/deliver according to • Such terms can increase the overall cost of the
improvement and penalize for poor contractual requirements. contract and decrease operational transparency as this
performance or loss. could be an incentive to hide errors.
Use of toll roads / Routes must utilize toll roads when possible Increased visibility and safety. • Increased cost, but unknown magnitude
daytime shipments and limits shipments to daylight hours only. • Not all routes utilize toll roads and avoiding night
only shipments increases freight costs.
GPS monitoring Satellite-based program initiated by the Provides visibility and more control over • Satellite-based: $2K installed + $30/month
company and/or cargo-based provided by product. • Carrier-based: $500 per device + $80/month
the carrier. Used in the trailer, truck, with • Increase in cost which can vary based on equipment
the product, and the electronic door locks used and whether or not a 3rd party is contracted to
allows 24/7 monitoring. oversee.
TAPA best practices Best practices for minimum standards of Provides more control over the product • Many are at not cost; others vary depending on the
security. Link to TAPA: and carriers. contract with the carrier
http://tapaonline.org/standards • None known
Closing Remarks
• With cargo thefts continuing to increase annually at double digit rates and
violence on the rise in Italy, Mexico, and other countries, companies need to
ensure their supply chain security programs are actively managed and
monitored
• Each individual program should be molded to the needs, region, and
company’s risk tolerance
• Companies should partner with local regulatory agencies, local law
enforcement authorities, and with peer companies to lobby the government to
enact, enforce, and strengthen local laws to reduce the number of violent
cargo thefts
• Risk mitigation measures should be reviewed and modified periodically to
account for changes in criminal activity
31
Thank you
Rx-360 at
Drinker, Biddle & Reath
For More Information info@rx-360.org
+1 (202) 230-5608
32