Product Security

Supply
Chain Security (SCS) Management System

1
 Serving Patients is a Privilege that Comes with
Responsibilities

Rx-360 Mission:
Protect patient safety by sharing information and
developing processes related to the integrity of the
healthcare supply chain and the quality of materials
within the supply chain

Patient safety should never be used as a

competitive advantage
2
The Problem
Illicit Activity Impacts All Stages of the Supply
Chain
• Raw materials
• Excipients
• APIs
• Components
• Drug products
• Packaging &
Labeling
• Storage
• Distribution

4
Vulnerabilities in the Supply Chain

5
Source: Pew Health Group
 The Supply Chain is Becoming Increasingly
Global
FDA-registered domestic and foreign establishments Outsourced manufacturing revenue: growth by region
subject to GMP inspections, 2002-2011 (Active-ingredient / Finished drug)

• More manufacturing in developing regions

• More outsourced manufacturing
• More trading partners (distribution, wholesalers, etc.)
• Less supply chain transparency

The complexity of the modern supply chain is

increasing
Source: Pew Health Group 6
The Problem Exists Across the Industry and is
Not Regional

• Medicines involved in pharmaceutical

crime: 532

• Counterfeiting incidents linked to:

– China 31%

– US 11%

7
Data provided by Pharmaceutical Security Institute (PSI)
 Pharmaceutical Crimes are Increasing Along
With Arrests

• Large number of pharmaceutical crime

incidents: 2,054
• Percentage increase over past five years:
• Arrests documented worldwide:
41%

• Since 2010, arrests1,341

increased:

14%
8
Data provided by Pharmaceutical Security Institute (PSI)
 Momentum is Building

Industry is…
• Focusing on supply chain security
• Conducting more audits which are more thorough
• Hearing the message leading to increased supplier
transparency
• Implementing company specific solutions
• Improving and increasing the level of collaboration

Rx-360 can help industry and regulators collaborate

more effectively 9
 Industry Example of a Supply Chain Security Program
Framework

Raw Materials and Product Security

Warehouse Security Cargo Security Market Surveillance
Devices Features

Customer

• Sourcing of raw • Implementation of • Reporting and • Reporting and • Reporting of

materials, local serialization management of management of counterfeit signals
packaging solutions thefts thefts
components, and • Education and
comparators • Compliance with • Building security • Cargo security at adoption of BP
local security systems and pallet, truck and controls by
• Sourcing of features procedures carrier level distributors
devices requirements

We continuously adapt to the changing

environment 10
 Scope of Supply Chain Security
Management System
• Key processes to prevent, detect, and respond to
the threats of counterfeiting, theft, intentional
adulteration, fraud, and illegal product diversion
• End-to-End Supply Chain: materials,
manufacturing (internal/external), transportation,
warehousing, distribution, market monitoring,
consumers, reverse logistics

11
 Management System Definition
• A Management System provides a comprehensive view of
fundamental elements that make up a SCS program
• A common perspective to enhance cross functional collaboration
• An integrated approach that leverages countermeasures across the supply
chain
• A systematic tool that can be used to understand and communicate
potential gaps
• A management system can be the foundation to drive sustainable
and continuous improvement
• The supply chain can be simplified into four key phases from a
security standpoint:

Sourcing Production Logistics Market

12
Framework Simplifies the Supply Chain Into Phases
by Key Attributes
SC SC Phase SCS Key Attributes Examples of Program Elements
 SCS elements are integrated into Supply
Raw Materials Supply Chain Agreements, Quality Agreements, Standards,
Transparency and
Packaging Sourcing oversight, and selection of suppliers
Supplier
Components  SCS applies a risk-based approach to
Management
supplier management
 Packaging technology and security features
Internal Mfg.
Packaging are managed comprehensively and
Technology and implemented at internal and third party
Production manufacturing sites
Manufacturing
External Mfg. Controls  Management System for third party
manufacturing and packaging.

Transportation  SCS elements are integrated into Service

Agreements, Standards, and selection
Warehouse and process for LSPs and Distributors
Logistics
Cargo Security
Warehousing  Site and Conveyance security is managed
comprehensively using a risk-based approach
Distributor  Market surveillance, investigation and
Market Monitoring enforcement, external advocacy, and market
Provider Market and Product education
Consumer
Integrity
 Product integrity authentication

Each phase has key attributes, but the approach is integrated: program elements will overlap across 13
phases at the detailed level
 SCS Framework Categorizes Phase Elements as
Prevention, Detection, or Response
Sourcing Production Logistics Market
SCS integration SCS integration SCS integration SCS integration

Assessments Assessments Assessments Supply controls

Prevention Qualification Waste / Disposition Standards Channel management

Packaging Value limits Reverse logistics

Education / Advocacy

Inspection / testing Serialization LSP Auditing Market intelligence

Audits Security features Tracking systems Complaints and testing

Detection Market Intelligence Surveillance testing Cargo screening Training

Contractor oversight Training Sales monitoring

M&A support Return goods policy Parallel trade monitoring

Incident management Incident management Incident management Incident management

Investigation / CAPA Exit strategies Legal/policy collaboration Enforcement

Response Continuous improvement Continuous improvement Continuous improvement Education

Public affairs policy

14
 Rx-360 Published White Papers Have Touched on
Many of These Elements
Sourcing Production Logistics Market
SCS integration SCS integration SCS integration SCS integration

Assessments Assessments Assessments Supply controls

Prevention Qualification Waste / Disposition Standards Channel management

Packaging Value limits Reverse logistics

Education / Advocacy

Inspection / testing Serialization LSP Auditing Market intelligence

Audits Security features Tracking systems Complaints and testing

Detection Market Intelligence Surveillance testing Cargo screening Training

Contractor oversight Training Sales monitoring

M&A support Return goods policy Parallel trade monitoring

Incident management Incident management Incident management Incident management

Investigation / CAPA Exit strategies Legal/policy collaboration Enforcement

Response Continuous improvement Continuous improvement Continuous improvement Education

Public affairs policy

15
 Sourcing Phase - Prevention
Sourcing
Sourcing Production Logistics Market
Prevention
Prevention Detection
Response

Elements
Operating Standard for Supplier Quality Management sets the governance and basic procedure for determining the supplier quality
management requirements and material qualification standards for every supplier
Quality Agreements with suppliers communicate detailed quality standards and expectations regarding all elements of the supplier's
supply chain
Logistics Raw Material Integrity Standards include storage and in-transit product maintenance and quality expectations

Risk Assessments are analyses conducted in order to identify potential weaknesses and threats within the supplier's supply chain

Auditing Provisions are contractual agreements to allow the firm to audit its supplier regularly and in response to suspected or confirmed
incidents
Supply Chain Security Standards include physical, electronic and procedural security that address best practices across the supply chain
Supplier Selection and Vetting Processes are documented selection processes that include supplier risk assessments and quality
expectations
Licensing, Acquisitions, and Integration Processes within the company should be aligned with supply chain security processes
Sourcing Employee Training teaches employees to prevent, detect, and respond to supply chain security threats
Waste Management Rules ensure that product packaging and product materials are properly disposed and do not re-enter the supply
chain 16
Asset Disposition Rules ensure that production equipment is properly disposed and does not re-enter the supply chain
Production Phase - Detection
Production
Sourcing Production Logistics Market
Prevention
Detection Detection
Response

Elements
Serialization identifies a specific unit or pack of product with a unique serial number and can track the product through a harmonized system

Product Security Feature Capabilities are a firm's ability to manufacture finished product with overt, covert and forensic level security features

Qualified Backup Security Features are backup product security features that have been tested and can be deployed in the event that another product security
feature of the same type is compromised
Routine Auditing allows firm to audit its contract manufacturers regularly or in response to suspected incidents in order to verify compliance with quality
agreements

Licensing, Acquisitions, and Integration Processes within the company should be aligned with supply chain security processes

17
Logistics Phase - Response
Logistics
Sourcing Production Logistics Market
Prevention
Response Detection
Response

Elements
Incident Reporting between all affected parties allows rapid and accurate communication in the event of a detection

A Comprehensive Security Database includes tools to gather, store and analyze data pertaining to potential or factual threats and signals, as well as documented
response and communication procedures

Educating Employees as part of the response plan will prevent and detect future incidents

Exit Strategies allow firms to discontinue business with LSPs having weak supply chain security controls or other factors indicating high risk

Formal Investigations and Mitigations after potential tampering and theft incidents will ensure that incidents are appropriately addressed

18
 Market Phase -
Prevention
Market
Sourcing Production Logistics Market
Prevention
Prevention Detection
Response

Elements
Customer Agreements with wholesalers/customers communicate detailed quality standards and expectations regarding supply chain elements

Product Integrity Standards (wholesalers) include storage and in-transit product maintenance and quality expectations

Auditing Provisions are contractual agreements to allow firm to audit its wholesalers regularly and in response to suspected or confirmed incidents

Wholesaler Selection and Vetting Processes are documented selection processes that include risk assessments and quality expectations

Supply Chain Security Standards* include physical, electronic and procedural security that address best practices across the supply chain

Risk Assessments (wholesalers) are analyses conducted in order to identify potential weaknesses and threats within the wholesaler's supply chain

Market Risk Assessments** are analyses conducted by the firm in order to identify potential weaknesses and threats to individual products.

Licensing, Acquisitions, and Integration Processes within the company should be aligned with supply chain security processes

Wholesaler Employee Training teaches employees to prevent, detect, and respond to supply chain security threats

Consumer/Provider Education Materials teach consumers and providers about product safety, integrity, authentication, and current supply chain trends

Waste Management Rules ensure that product packaging and product materials are properly disposed and do not re-enter the supply chain

19and does not re-enter the supply chain

Asset Disposition Rules ensure that production equipment is properly disposed
 A Scorecard Can Be Created to 20

Advance the Maturity of the

Management System
Maturity Overview
Sourcing Production Logistics Market Legend
Level 0 - Undefined
Prevention 0 3 2 1
Level 1 - Defined
Detection 1 0 3 2 Level 2 - Managed
Response 2 1 0 3 Level 3 - Optimized
 Summary
• Supply Chain Security is broad and complex
• A management system can help simplify how
firms view Supply Chain Security
• Countermeasures and controls cut across the
Supply Chain and integration can help program
effectiveness
• A systemic approach to assessing program
“weaknesses” can help prioritize effort
• The specific system dimensions need to be
customized to the business
21
Cargo Theft Risks and
Mitigation Strategies

22
 The Threat
• The pharmaceutical industry is concerned about the escalation of violent cargo
theft incidents in geographical areas categorized as “high risk”
• Many of these types of incidents go unreported due to:
– Bureaucratic theft reporting process
– Low probability that crimes will be properly categorized and investigated
– Negative publicity associated with the crimes

• An increase in cargo thefts puts patient safety at risk as stolen goods that have
been inappropriately handled could reenter the supply chain

23
 Global Trends & Reporting
• A significant increase in thefts has been experienced by Rx-360 member
companies in Italy, Mexico, Brazil, Colombia, UK, and other countries
• British Standards Institution (BSi) has reported on the major increase in
pharmaceutical thefts in Italy since 2013
– Primarily attacks on trucks and courier vans
– Thefts have spread to areas where theft is less common
– Our intelligence indicated that some of these drugs were destined for
Eastern Europe
– Investigations by Italian authorities revealed that the drugs were sent to
fake distributors in Cyprus, Hungary, Latvia, Romania, Slovakia, and
Slovenia
– The stolen drugs have been found in Germany, Finland, and the United
Kingdom, diluted or otherwise tampered with

24
 The Threat of Cargo Theft and
Hijackings in Brazil is Severe
• Highest rate of cargo theft in the world, with ~34 cargo trucks stolen/day
– Organized criminal groups employ sophisticated techniques and often threaten violence
– Thieves are known to hijack cargo trucks transporting high-value shipments of pharmaceuticals
– Average value of BSI-recorded thefts is above $100,000
– Cargo trucks are the most widely targeted modality, but complex thefts involving warehouses, distribution
centers, and logistics facilities are also common
– Thieves generally target high-value goods, particularly pharmaceuticals, electronics, alcohol, and tobacco
– The majority of thefts occur in major cities, including Sao Paulo and Rio de Janeiro
• Access to medicine remains a challenge despite having universal healthcare
– More affluent areas can afford medicine while poor areas cannot
– Federal and state spending on pharmaceuticals is minimal, resulting in shortages

25
Cargo Theft Incidents Have Increased
Across the Asia-Pacific Region
• A total of 53 theft incidents were recorded for the first half of 2014 by
FreightWatch International
• India, China, and Malaysia recorded the greatest number of cargo theft
incidents for first half of 2014
– Bangladesh, Cambodia, Singapore, Vietnam, and the Philippines also reported
thefts
• The Asia-Pacific region continues to experience inconsistent and irregular
incident reporting, which results in artificially low numbers of reported
incidents, however:
– Data indicates a continued trend of facility burglaries and hijackings in India,
Malaysia, Bangladesh, and the Philippines
– China, Vietnam, Cambodia, and Singapore have more commonly reported incidents
of fraudulent, facility burglary, and theft of vehicle and load incidents

26
Rx-360 Cargo Theft in High Risk Areas
Discussion Group
• Group published a white paper in January 2014
• Continue to meet on a monthly basis to discuss recent incidents
member companies have suffered, mitigations employed, what is
working/what is not, and hot topics
• Group membership continues to increase as collaboration and
sharing of best practices is needed as member company’s
business models change and footprints expand

27
 Mitigation Options
• Armed/unarmed escorts
• Audits and/or self-assessment of subcontractors
• Convoy driving
• Unmarked delivery trucks
• Preferred drivers lists
• Dedicated deliveries in high risk areas for secondary lanes
• Contract incentives/penalties
• Toll roads/daytime shipping
• GPS monitoring
• Align your procedures with the 2014 FSR TAPA Standards

28
Mitigation Option Benefit/Cost Details
Element Description
Armed / unarmed Physical escorts that begin at the point of
escorts origin and remain with the load until
received by consignee. Escorts may be
armed or unarmed depending on
geographical risk and/or load value. Liability
concerns should be addressed with respect
to armed escort activity.
Subcontractor Security analysis of third party
audits / self- (subcontracted) delivery companies.
assessments Facilitated by contracted LSP.
Convoy driving Two or more vehicles traveling together for
defensive support and protection.
Unmarked delivery Vehicles/trailers without side or rear panel
trucks markings normally displayed to identify the
carrier
Benefits
Added layer of protection which has
resulted in an increase in successful
deliveries
Increased control over the supply chain
distribution network by assuring all
delivery companies are aware/adhere to
the company’s security requirements.
Allows for the opportunity to terminate
LSP who are not able or willing to adhere to
transport security standards and other
GDPs throughout the process.
Extra protection making it harder for
criminals to attack.
Truck is not easily identified as a pharma
delivery truck making it harder for the
criminals to target
Costs
• $1M/annually
• Increased risk of harm
• As reported by Freightwatch: with loaded firearms
present on both sides, the possibility of violence and
potential casualties increases. In at least two cases in
2012, in which drivers ‘resisted,’ they were executed.
For all of the known cases in 2010 there have not been
any reports of armed escorts defending any shipments
indicating that they give up the load when threatened.
• $10-15K/annually
• Self-audits could be ineffective if not completed with
accurate information. The entity auditing has to have
the internal authority to terminate the LSP if they are
not up to standards.
• Variable financial cost depending on type of service
provided, travel, duration, and destination.
• Increase in risk of visibility to criminals. Roadblock type
cargo theft could result in multiple losses to a company
deploying more than one conveyance in a single
convoy.
• Minimal financial cost
• If trucks are plain white they will resemble 80% of all
conveyances on the roadway, making it difficult to
identify in case of a full truckload theft.
Mitigation Option Benefit/Cost Details
Element Description
Preferred driver lists Maintained by carrier to identify vetted
drivers based on loss experience history,
level of background verification, or other
security criteria provided by product owner.
Dedicated deliveries Delivery loads consisting of a single
for secondary lanes manufacturer product(s) for delivery to an
end customer as opposed to mingled
manufacturer product loads. Usually applied
to a 3PL or LSP supplier.
Contract incentives Incentive-based contract clauses used to
/ penalties reward for productivity or other
improvement and penalize for poor
performance or loss.
Use of toll roads / Routes must utilize toll roads when possible
daytime shipments and limits shipments to daylight hours only.
only
GPS monitoring Satellite-based program initiated by the
company and/or cargo-based provided by
the carrier. Used in the trailer, truck, with
the product, and the electronic door locks
allows 24/7 monitoring.
TAPA best practices Best practices for minimum standards of
security. Link to TAPA:
http://tapaonline.org/standards
Benefits
Having complete background check of the
drivers reduces possibility of driver theft or
involvement.
Better control over dedicated deliveries.
Additional incentive (avoidance of financial
penalty) to execute/deliver according to
contractual requirements.
Increased visibility and safety.
Provides visibility and more control over
product.
Provides more control over the product
and carriers.
Costs
• Usually included in service contract
• High turnover rate, short list to pull from
• Variable depending on delivery options
• Higher loss per incident. A full truckload theft would
result in an elevated $$ amount of product stolen from
a single company.
• Unknown financial cost
• Such terms can increase the overall cost of the
contract and decrease operational transparency as this
could be an incentive to hide errors.
• Increased cost, but unknown magnitude
• Not all routes utilize toll roads and avoiding night
shipments increases freight costs.
• Satellite-based: $2K installed + $30/month
• Carrier-based: $500 per device + $80/month
• Increase in cost which can vary based on equipment
used and whether or not a 3rd party is contracted to
oversee.
• Many are at not cost; others vary depending on the
contract with the carrier
• None known
 Closing Remarks
• With cargo thefts continuing to increase annually at double digit rates and
violence on the rise in Italy, Mexico, and other countries, companies need to
ensure their supply chain security programs are actively managed and
monitored
• Each individual program should be molded to the needs, region, and
company’s risk tolerance
• Companies should partner with local regulatory agencies, local law
enforcement authorities, and with peer companies to lobby the government to
enact, enforce, and strengthen local laws to reduce the number of violent
cargo thefts
• Risk mitigation measures should be reviewed and modified periodically to
account for changes in criminal activity

31
 Thank you
Rx-360 at
Drinker, Biddle & Reath
For More Information info@rx-360.org
+1 (202) 230-5608

32