Securing your supply chain
The Transported Asset Protection Association (TAPA) is a nonprofit, volunteer organization that unites global manufacturers, logistics providers, freight carriers, law enforcement agencies, and other stakeholders with the common aim of reducing losses from international supply chains. [1, 2, 3] TAPA began in 1997, initially focusing on high-value electronics thefts.
In 2013, TAPA exceeded 700 members, encompassing representatives from a variety of industries including pharmaceuticals.
The TAPA standards provide a set of security requirements that are specific enough to be effective, yet appropriate for global use in a variety of risk environments. Having a common set of requirements allows logistics services providers (LSPs) to focus on good security measures that protect a wide variety of high value cargo. A certifiable global standard increases efficiency, transparency, and provides a recognized level of security, both for the LSP and for the customers they serve.
LSPs achieving TAPA certification have demonstrated their commitment to security by complying with the TAPA standards, participating in independent certification audits, and conducting periodic self-audits. Certifications are granted for each individual warehouse or trucking fleet. One well known global LSP has achieved certification at more than 100 facilities. [4] In the future, TAPA expects additional focus on truck fleet certifications as cargo theft frequently involves theft of, or theft from a truck.
Adopting TAPA standards
To maximize flexibility and customize security to risk, the TAPA standards are designed with three performance levels. For example, a warehouse complying with TAPA level A (or a trucking provider performing at Level 1) is the most protective. TAPA B or C level is more appropriate for lower risk locations or products.
The support of an organization’s senior leadership is the number one leading indicator of success when implementing the TAPA standards. It should be noted that implementing TAPA standards in a large global pharmaceutical company is complex. It requires committed leaders and a corporate culture that recognizes the value of secure supply chains. While the organization’s security department may lead the implementation and sustainment of TAPA, the most successful models also include key stakeholders from logistics, procurement, and quality.
Before launching an initiative to implement TAPA standards, there are three key areas for decisionmaking and research: scope, risk, and return on investment.
Scope: Will the TAPA standard be applied to all pharmaceutical products, such as active pharmaceutical ingredients (APIs), physician samples, clinical trial materials, animal health products, and return goods, or will it only apply to commercial human finished products? Will it apply to bulk product or only product in final packaging? Will it apply to company owned facilities or only to third party sites or transporters?
Relative Risk: Will every country or facility be required to perform at TAPA Level 1/Level A or is it acceptable for some lower risk areas to adopt TAPA Level B or C?
To help differentiate risk, one company used a model that recognizes three risk factors commonly referred to as the three Vs: Value, Volume, and Vulnerability. Product Value and Volume, in a particular warehouse or country region, can be confirmed through internal company data. The Vulnerability score can be obtained through external sources that rank particular countries or regions for cargo theft risk, such as the Incident Information Service (IIS) Report published by FreightWatch and/or TAPA. [5] Once the three Vs are quantified for a company’s product portfolio, a review of the data allows a risk ranking, or categorization, to be made.
Whatever risk ranking method is chosen, it should be easily understood, repeatable, and based on data. The organization should update their risk rankings annually or as company operations and risks change over time.
Return on investment: The most important reason for securing pharmaceutical products is to protect patients. However, it is very difficult to estimate the cost impact of such an unfortunate event such as theft, tampering or diversion. Fortunately, in most cases, TAPA standards produce an attractive ROI, even without including the cost of patient impact.
There are four steps to this:
Getting started
When determining ownership, ask “Which functions are most invested in cargo security?” Is it logistics, security, quality, or procurement? In the most successful models, security partners with another key function (e.g., logistics). Cross-functional ownership supports a balanced approach and can provide a broader range of skill sets versus a single function trying to manage it alone.
When identifying key stakeholders, consider which ones are active participants and which are passive supporters (i.e., need to be informed but not active participants). The core group should include at a minimum representatives from security, logistics, warehousing, and quality.
Before launching the initiative, document a project charter and have it approved by whichever functions own the standard (ex: logistics and security). Putting it in writing helps identify any overlooked steps or risks in the project. The project charter should contain a goal statement, scope (in/out), business rationale, business impact, project timeline, project sponsors, project leader, steering team members and functions, working team members and functions, and approvals.
To provide the best governance and oversight of the standards, a critical decision is deciding where the TAPA responsibilities will be hosted internally. Options may include the company’s engineering standards, security standards, or quality standards.
Form a working team
The standards working team should be a relatively small group which includes a knowledgeable representative from each of the key functions (i.e., security, logistics, and quality). Global companies should consider including a representative from each geo-region (i.e., Americas, EMEA, and APAC).
It is during this phase that the TAPA requirements are closely evaluated to be sure they are sufficient for the specific product risk. For example, if highly sensitive or theft-attractive products are being moved by truck, the company may require truck escorts in certain countries, in addition to the TAPA requirements. While the TAPA standards are sufficient for most pharmaceutical products, the working team will provide valuable insight and foster healthy discussions about what level of security is necessary.
Once the standard is drafted, it should be sent out to all appropriate stakeholders across the company for a global review and comment period. If appropriate, consider asking key suppliers to provide comment also. The request for review/comment should include the following supporting information:
Consider setting a deadline for comments (e.g., 30 days), to include a simple comment form, and a collaboration site or central repository for comments to be uploaded and permanently archived.
Communication
Mass communications, web meetings and in-person training should begin as soon as the standard is officially approved and published. The launch message should contain another message from senior leadership to reinforce support and accountability for supply chain security:
- What is this?
- Why are we doing this?
- Who does this impact?
- When is this effective?
- How to proceed?
TAPA standards should be referenced in all communications. Global companies should purchase TAPA memberships in each of the TAPA regions (Americas, EMEA, and APAC).
Training
Internal training: Most pharmaceutical companies require mini-training for new standards. This is typically done through the company training system.
External training: It is highly recommended that key stakeholders and practitioners attend a TAPA meeting and receive TAPA standards training (free to members). The additional benefits of attending are benchmarking, networking, and learning about emerging crime trends and countermeasures.
Within two to three weeks after launch message and training roll out, regional web conferences should be held and include the following:
Sustaining the effort
Once the basic initiative is underway, it is helpful to bring in other management perspectives, such as the legal and procurement departments. This phase includes additional communication with, and support from, legal and procurement. From a legal perspective, make the standard (based on TAPA) a legal appendix or addendum to all logistics service contracts. Work with procurement to make logistics security one of the company’s recognized risk events. This will help ensure that procurement professionals appropriately incorporate the standard.
To sustain performance, a compliance monitoring program must be authorized and resourced. Questions to consider include:
Finally, continuous development of best practices and guidelines can drive consistency and save money. Examples may include:
The pharmaceutical industry and its supply chain partners must ensure patient safety.
Adopting the TAPA standards will help protect pharmaceutical cargo from theft, diversion or tampering, thus ensuring the quality, safety and efficacy of the pharmaceutical between the manufacturer and the end user, the patient.
References
[1] TAPA Americas: http://www.tapaonline.org
[2] TAPA APAC: http://www.tapa-asia.org
[3] TAPA EMEA: http://www.tapaemea.com
[4] http://www.dhl.com/en/press/releases/releases_2013/express/dhl_express_receives_100th_tapa_certification_in_europe.html
[5] http://www.Freightwatch.com
ABOUT THE AUTHORS
Rafik Bishara is a Technical Advisor; retired from Eli Lilly as Director, Quality Knowledge Management and Technical Support.
Susan Griggs is Advisor, Global Security, at Eli Lilly and Company, Inc.