Their vision was ambitious: To build a common supply chain security audit tool enabling shared assessments, rotated between a highly qualified group of audit companies, with security data and corrective action planning available via a shared analytics platform managed by SCAN’s partner BSI. “SCAN launched to address the need for a collective, viable security audit program to reduce audit fatigue,” says David Blackorby, Executive Director of SCAN and formerly Vice President, Global Security, Walmart. SCAN has grown from strength to strength. More than 9,000 security audits have been performed to date, upon factories across the world, on behalf of a growing list of 32 member organizations including many of the largest importers into the United States. Significantly, more than 3,000 of these audits have been on behalf of more than one member organization thereby reducing audit fatigue and representing a considerable saving in audit costs.
SCAN is one of the most successful collaborations of its kind. Similar programs have been attempted in the social responsibility and product integrity arenas. Too often though individual company programs, having evolved in separate directions over the years, have proven too unwieldy to maneuver in the pre-competitive environment. “The distinction is apparent,” says David. “The benefit we have in the security world is we have third party governmental standards, such as CTPAT and AEO. From there we built our collective tool to address these. Most social responsibility standards are defined by each company. It is much harder to obtain a collective consensus in social responsibility because there is no uniform governmental standard.” “We have had many similar initiatives in the product quality area as well,” adds Ryan Klath, Senior Manager of Global Trade, Target, “where we have tried to implement an industry standard but ran into the same issues such as competing standards and best practices making it harder to agree on.”
The pre-competitive nature of SCAN requires that proprietary sourcing information remains confidential to each of its members. “One initial objective was ensuring that each SCAN member could not see who was placing an audit request to protect their confidential sourcing information,” says David. “We had to build proprietary protections into the platform, known as the SCAN ID system.” “Accompanied by just joining SCAN,” adds David, ”you have a complete security audit program at your fingertips, have your audits performed and your corrective action plan managed with someone doing the work for you.” Audits are undertaken by 6 audit firms with combined coverage of more than 70 countries. Brought to the table by the founding SCAN members, these audit companies are monitored on an ongoing basis through KPIs and quarterly performance reviews.
While SCAN was founded by the private sector, the association has worked closely with Customs and Border Protection (CBP) from the outset. “We took the CTPAT questionnaire to CBP who agreed with our approach and that it was an excellent way to deal with audit fatigue and cost,” says David. “In fact,” Ryan adds, “CBP has actually called out a few of our members in their validation and added SCAN as a best practice.” “We have built a collective single audit program based a questionnaire which is state of the art, best practices by both CBP and AEO, acknowledged by the governments to be such,” says David. “We have an excellent relationship with CBP that has continued to grow as SCAN members have been on the subcommittees for rewrites to the CTPAT Minimum Security Criteria (MSC).”
There remains potential for even further collaboration. “CBP is living more and more with limited resources and personnel,” says David. “I think CBP is seriously looking for parties in private industry to fill that gap where they cannot get more into the field.” Blockchain provides a possibility here with SCAN data utilized, discretely, to augment and perhaps one day replace validations. “We are actively talking to CBP, at their request, about utilizing blockchain for their associates to have access to SCAN’s portfolio of 16,000 factories. A SCAN delegation recently visited Washington DC and gave a presentation to a CBP IT team on how we would utilize blockchain to better the relationship. The potential is excellent.”
For more information on the SCAN Association please contact Ryan Klath, SCAN Public Affairs Chair firstname.lastname@example.org