60 likes | 298 Views
Overview of Supply Chain Security Assurance. Certification/membership in supply chain security programs Different programs focus on particular aspects of supply chain security Programs enable best practice sharing across and within industries
E N D
Overview of Supply Chain Security Assurance • Certification/membership in supply chain security programs • Different programs focus on particular aspects of supply chain security • Programs enable best practice sharing across and within industries • Requires adherence to customs and border agency security measures that result in preferential treatment when crossing specific borders • Audits the compliance of contracted service providers against established global standards • Dell-internal initiatives aim to continuously improve our supply chain security practices • Administrative, personnel and physical security policies • Manufacturing security and integrity measures • Specific programs to satisfy customer requirements Dell Confidential and Proprietary Information
Voluntary Supply Chain Security Programs • Free and Secure Trade (FAST) • FAST Program supports cargo security initiatives • Inspectors in 34 international ports • Target and screen high-risk cargo before it is shipped to American ports • Container Security Initiative (CSI) • CSI is led by US Customs and Border Protection (CBP) Section of DHS • Enforces security and prevents terrorist attacks coming through the supply chain using: • Highly technical non-destructive scanning methods • Tamper-evident containers • Intelligence and automated information systems • Customs Trade Partnership Against Terrorism (C-TPAT) • Dell is a top tier C-TPAT member • Private organizations voluntarily building cooperative government-business relationships to: • Strengthen and improve the supply chain internationally • Protect U.S. border security • Partners in Protection (PIP) • Voluntary program sponsored by Canada’s Border Services Agency • Enlists cooperation of private industry organizations to enhance border and supply chain security • Partners follow strict standards for the high-security mechanical seals used for in-transit cargo within trailers and containers Dell Confidential and Proprietary Information
Voluntary Supply Chain Security Programs • Authorized Economic Operators (AEO) • Dell follows the AEO framework of standards • Approved by the World Customs Organization • Requires Dell and Partners to use cargo seals that meet or exceed ISO standards • Transported Asset Protection Association (TAPA) • Established security standards for the international supply chain • Focuses on loss prevention and tampering • High Tech Supply Chain Security Consortium (HTSC2) • Consolidates internationally recognized governmental security standards • Focuses on preventing the introduction of unauthorized articles or people into the supply chain Dell Confidential and Proprietary Information
Administrative Security • Dell teams identify regional laws, policies, regulations and contractual requirements • Intellectual property of the company and our customers • Software licenses • Protection of employee and customer personal information • Proper data protection and data handling procedures • Trans-border data transmission • Financial and operational procedures • Regulatory export controls for certain technology • Use of internal and external personnel and mechanisms • Control Self-Assessment (CSA) program ensures process compliance and review • External audits • Contract management • Security awareness • Risk management • Information Systems & Security • Penetration testing • Vulnerability testing • Software verification • Phased Review Process • System and Asset Management Dell Confidential and Proprietary Information
Software Security and Integrity Measures • Software products enter a risk management framework as soon as they are defined • Security, privacy, confidentiality, integrity and availability are all encompassed in this process • Dell follows industry best practices for secure coding and a variety of manual and automated tools are used to verify code quality. • Developers have mandatory annual training on secure coding practices • All Dell-developed source code is subjected to both peer reviews and automated scans to identify security concerns Dell Confidential and Proprietary Information