Presenter: Park, Moon-Kyu General manager of System Certification Center Korean Register of Shipping(KR)

mkpark@krs.co.kr

2011. 09. 29

Recent Trend of

Certification related to Security

2

• Movement to Security

• Scope of Security Systems

• ISPS Code

• C-TPAT

• AEO

• ISO 28000

• Benefits of ISO 28000

• Prospect

• Comparison of Security Systems

Contents

3

Movement to Security

ISPS

Code

C-TPAT

Customs-Trade

Partnership

Against

Terrorism

AEO

Authorized

Economic

Operators

ISO 28000

Others

4. Singpore-STP(Secure Trade

Partnership)

Japan-AEO

Canada-FAST(Free and Secure Trade)Program Australia-Frontline

New Zealand-SEP(Secure Exports

Partnership)

TAPA(Technology Asset Protection

Association)

5. ISO : 2007. 9. 15

1. IMO : 2004. 7. 1

2. USA:C-TPAT

(2001.11) -CSI(Container

Security Initiative)

-24hours rule

3. EU -

EC Regulation

648/2005

(2005.04)

AEO

Authorized

Economic

Operators

6. WCO - SAFE Frame

Work (2005.06)

4

ISO 28000

ISPS (International Ship & Port Security Code)

CSI (Container Security Initiative)

C-TPAT (Custom-Trade Partnership Against Terrorism)

24 Hours Advance Manifest Rule

Manufacturer Warehouse Transport Airport

Seaport At sea

On Air Airport

Seaport

Transport &

warehouse Customer

WCO Framework (AEO)

Scope of Security Systems

5

To prevent terrorist acts on ships

such as LNG & LPG carrier, and port

facilities.

1 July 2004: ISPS in the SOLAS

Chapter XI-2 came into force.

ISPS CODE

ISPS Code : International Code for the

security of ships and of port facilities

6

Abt 700 Korean Flag Ships certified

ISPS CODE in Korea

- Korean Government has certified relevant

facilities to meet Korean regulation based on

ISPS Code since 2004.

- KR is expected to be authorized as RSO(Recognized

Security Organization) by Korean Government

from 2012.

SHIPS

PORT FACILITIES

7

C-TPAT

In order to strengthen all supply chains security

related to cargo transportation if they become

C-TPAT partners, prompt customs clearance and

loading/unloading service are provided.

Customs-Trade Partnership Against Terrorism

USA, 2001.11

8

AEO 1/2

Authorized Economic Operator

WCO(World Customs Organization), 2005.6

The AEO concept is one of the main

building blocks within the WCO SAFE

Framework of Standards to secure

and facilitate Global Trade (SAFE).

9

AEO 2/2

An AEO is defined as: “a party involved in the

international movement of goods in whatever

function that has been approved by or on

behalf of a national Customs administration as

complying with WCO or equivalent supply chain

security standards. Authorized Economic

Operators include inter alia manufacturers,

importers, exporters, carriers, consolidators,

intermediaries, ports, airports, terminal

operators, integrated operators, warehouses

and distributors” (Wikipedia)

10

ISO 28000

Specification for security management systems

for the supply chain

ISO(International Organization of Standardization)

2007. 9. 15

11

ISO 28000 series broadly focuses on

the overall security in the supply

chain. Globally, ISO 28000 represents

itself as an umbrella standard that

incorporates the requirements of all

major international supply chain

initiatives.

What is ISO 28000 ?

Umbrella Standard

12

ISO 28000-certification enables companies

and businesses regardless of industry, size or

type of business, to determine and assess all

possible elements of risk, preventing losses

to the business and at the same time assure

compliance with all global security

management standards.

What is ISO 28000 ?

Regardless of Industry, size or type

13

- ISO/PAS 28000 (2005.11.15) → ISO 28000 (2007.09.15)

- ISO/PAS 28001 (2006.09.01) → ISO 28001 (2007.10.15)

- ISO/PAS 28003 (2006.10.01) → ISO 28003 (2007.08.01)

- ISO/PAS 28004 (2006.09.01) → ISO 28004 (2007.10.15)

※ PAS: Public Available Specification

ISO 28000 Series

Issue of ISO Standards

14

- KS V ISO 28000 (2007.11.30)

- KS V ISO 28001 (2007.12.27)

- KS V ISO 28003 (2007.12.27)

- KS V ISO 28004 (2007.12.27)

Korean Version of ISO 28000

Korean Standards

15

Elements of ISO 28000

15

Implementation

& operation

4.4

Checking &

corrective action

4.5

Security risk Assessment &

planning

4.3

Policy

4.2

Security

Management

System

Management

Review

4.6

4.2 Security management policy

4.3 Security risk assessment &

planning

4.4 Implementation & operation

4.5 Checking & corrective action

4.6 Management review

Continual

Improvement

16

ISO 28000 Certification in Korea

The certification scheme began from

April 1, 2008

when KR was accredited as the

certification body by Korean Agency

for Technology and Standards.

17

Accreditation

Body

(KATS)

Certification

Body

(KR) Report

Certification

s

Accreditation

KS V ISO 28003

Rules of KATS

List of certified company

(new, invalid, suspended, etc)

Company

Notice of

changes

Audit

KS V ISO 28000

ISO 28000 Certification System

18

ISO 28000 Overseas

DP World(UAE)

- First certification

- 49 terminals of 31 countries

Port of Houston Authority(USA)

- First certified port authority

YCH Group(Singapore)

- First certified logistics company

TNT Express(Singapore)

- First certified express integrator

19

YCH India(India)

- Logistics company

DB Schenker(Singapore)

- World’s second-largest forwarder

CTS Logistics(China)

- Logistics & manufacturing company

Banner Plasticard(Philippines)

- Electronic Card Maker

ISO 28000 Overseas

20

ISO 28000 Certification in Korea

Busan New Port

2008. 4 First certification in Korea

(ISO 28000, AEO and ISPS Code combined system)

2011. 4 Recertified

POSCO, Gwangyang

2010. 2 Certified

Hanjin

2010. 9 First certified logistics company in Korea

PANTOS

2010. 10 Certified

21

ISO 28000 Certification in Korea

ACE Express

- 2010.11 Certified

CJ GLS

- 2010.12 Certified

DTC

- 2010.12 Certified

DSV Air & Sea

- 2011.8 Certified

Hanaro TNS

- 2011.10 ISO 28000 certification to be expected as

an AEO certified company

22

Uplift of the company image as a professional

partner to customers and even law enforcement

authorities and investors

Organizations maintaining AEO, ISPS Code or ISO

9001 certification can easily seek ISO 28000 certification

ISO 28000 system can be easily combined with

other management system standards such as

ISO 9001, ISO 14001 and OHSAS 18001.

Benefits of ISO 28000 1/2

23

Increase of efficiency in transport and visibility in

supply chain management

Optimization of processes for a disruption-free

supply chain

Prevention of unnecessary losses through risk

analysis

Complying with global supply chain security

requirements such as AEO guidelines and ISPS

Code

Benefits of ISO 28000 2/2

24

Certification of ISO 28000 will be more

increased because ISO 28000 is an

international standard which provides

user-friendly tool.

Support of Interested Parties is needed

to promote ISO 28000.

Prospect

25

AEO C-TPAT ISPS CODE ISO 28000

Leading Agency WCO, Custom Service

Agencies CBP IMO, Contracting government

ISO, Accreditation Body,

Certification Body

Time of Implement 2008. 01 2002. 04 2004. 7. 1. 2007. 09

(2008. 04, Korea)

Participants

Economic operators specified in

Customs law among Supply

Chains

All Supply Chains(except exporters) Ships, Port Facilities All Supply Chain

Legal binding Voluntary Voluntary Compulsory Voluntary

Legal ground Regulation(EC) No 648/2005

Korea : Customs Law Safe Port Act 2006 SOLAS Ch. XI-2

ISO 28000:2007

Korea : Rules of KATS

Certification Overseas : 502(’08.12)

Korea : 111(’11. 03. 15) 9,128(’09.3)

All applied ship and port

facilities

Overseas : Est. 17(’09.4)

Korea : 8(’11. 08. 31)

Benefits

Cost cutting of audit, inspection

and transport, Quick custom

clearance(A, AA, AAA, three

levels)

Tier 1 : less inspections, quick

clearance

Tier 2 : less inspection than Tier 1,

priority in inspecting

Tier 3 : less inspection than Tier 1,

most priority in inspecting

Meeting international mandatory

regulations

- Internationally certified

-prevention of unnecessary

losses thru risk analysis

- uplift of the image of the

company to customers and

even law enforcement

authorities and investors

Comparison of Security Systems 1/2

26

AEO C-TPAT ISPS CODE ISO 28000

Maintenance Effective for three years

Report annually

Effective for three years

Invalidated when faults found Effective for three years

Effective for three years

two surveillance audits and a

recertification audit

MRA necessary necessary Not necessary Not necessary

Requirements

Trader information, compliance

history, internal control systems,

financial solvency, Safety and

security requirements (A, AA,

AAA, three levels)

Partner requirement,

container/vehicle/physical access

control, personnel, procedure,

training and threat awareness,

physical facility, IT((Tier 1,2,3)

ISPS CODE, SOLAS XI-2,

Contracting government’s rules

4.1General requirements

4.2 Security management

policy

4.3 Security risk assessment

and planning

4.4 Implementation and

operation

4.5 Checking and corrective

action

4.6 Management review and

continual improvement

Comparison of Security Systems 2/2