Secure from the start
By requiring its foreign suppliers to comply with U.S. security rules, JCPenney ensures a smooth supply chain in a post-9/11 world.
By John Shanahan, Associate Editor -- Logistics Management, 2/1/2004
In a post-9/11 world, security has become a vital link in global supply chains. As governments tighten borders and launch stricter container-inspection initiatives, security compliance is becoming more important than ever to importers that need to keep their products flowing without interruption.
That's especially true for JCPenney, the department store chain owned by Plano, Texas-based J.C. Penney Corporation. With shipments arriving from nearly 60 countries, the retailer potentially faces delays and disruption at ports around the globe. But through the U.S. Bureau of Customs and Border Protection's Customs-Trade Partnership Against Terrorism (C-TPAT) program and the company's own initiative to keep foreign suppliers in line with U.S. security regulations, JCPenney keeps its shelves well stocked.
Even prior to gaining its C-TPAT validation in February 2003, JCPenney was focused on security. Sandra Fallgatter, customs and trade manager for J.C. Penney Purchasing Corp., the company's purchasing arm, notes that it was designated as a low-risk importer in September 2000 after a successful Customs Compliance Assessment Team (CAT) audit. As a low-risk importer, the company is subject to a lower examination rate—that is, the percentage of its incoming containers that are stopped by Customs for physical inspections is well below the industry average.
When the U.S. government announced the C-TPAT program in early 2002, Fallgatter says, the decision to take part was easy. "When you join C-TPAT, you're allowed to keep your low-risk designation," she says. "So there was no question about it—not just because we'd remain low risk, but because it was the right thing to do to help Customs in its initiatives to fight terrorism."
To prepare for its part in that fight, the company initially looked at how it could bring its own operations into compliance. That process of investigation, discussion, and decision making would then inform how those standards would be rolled out globally.
The first step was to look at security from a number of angles. "Traditionally, Customs issues have fallen to an importer's Customs department, whether large or small," Fallgatter says. "But [C-TPAT requirements] cover the whole supply chain, so we felt we needed to form a special committee."
With team members drawn from JCPenney's Customs, legal, logistics, quality control (QC), warehouse, loss-prevention, and supply chain groups, the committee met monthly for more than a year. "When we developed the committee, we gave ownership of certain parts of the program to each group," Fallgatter says. "For example, logistics is handling the carriers. QC works with the factories. As customs and trade manager, I oversee the program."
Out of those initial meetings came a plan to create a compliance manual to be submitted to Customs as part of the company profile required for C-TPAT. "The manual outlines the different aspects of the supply chain," Fallgatter says. "We wanted to tell Customs who we are and how we do business as a retailer."
The team immediately got the project underway, sending preliminary questionnaires to foreign suppliers in January 2002—four months before Customs released official C-TPAT guidelines.
That survey was designed to evaluate existing security levels and identify facilities that wouldn't meet the anticipated standards. Examples of the questions that were in the initial survey include: Are containers inspected for damage and contamination before loading? Are delivery trucks and containers monitored by the factory during loading? Do security guards work around the clock, or does the factory have a monitored alarm system? A factory had to be able to answer yes to 15 out of a total of 22 questions to be rated acceptable.
"Our QC people developed the questionnaire based on feedback we got from Customs, from the industry, and from the factories," Fallgatter explains. "We're looking at the overall aspect of the security of the factory; we're not just focusing on one thing. If they don't have security cameras, then they should have security guards in place."
Checking Up, Checking In
After collecting that data, JCPenney managers went and looked at the security measures each of its foreign factories and suppliers already had in place. They found more than they had expected to. "A lot of the factories were already in tune with some security standards," Fallgatter says. "Keep in mind that this is a retail industry. Some countries, such as those in Central America, are high-pilferage areas where even prior to 9/11 the factories were using private security firms to escort containers to the port."
But pilferage, while a legitimate security issue, had to be nudged a rung or two down the ladder in terms of importance. "We wanted to start focusing not so much on what the employee could take out, but what the employee could bring in and put in a container—a potential terrorist weapon," Fallgatter explains.
Once that focus was clear, the existing security programs and quality control guidelines that covered many of the measures called for under C-TPAT were able to provide the basis for the new plan. "We already had a QC program in place where our inspectors will go to a factory and verify that production is being done and quality is being met," Fallgatter says. "So it was easy to roll the C-TPAT program in there."
Armed with the C-TPAT guidelines and the final version of the security questionnaire, the retailer has embarked on a campaign of rigorous, regular inspections of suppliers' facilities. Any factory that fails to meet the specified standards has 90 days to bring its operation in line with expectations. And the company keeps a close eye on its progress, thanks to the Internet. When a QC inspector visits a site, the results of the inspection are posted to a database via JCPenney's internal Web site known as "j-web." "If an inspector finds something deficient, within 24 hours we're able to see that here at the home office," Fallgatter explains.
After 45 days have passed, the system sends an e-mail alert advising that it's time to check on the factory. If at the 45-day mark a facility is showing an effort to comply, the company may grant it more time beyond the 90-day deadline. But without that effort, it will simply cease to be a JCPenney supplier.
As far as JCPenney is concerned, checking security compliance isn't just a one-time deal. In September 2002, the company initiated security education programs for its suppliers. "One of the big aspects of the program is education and training in factories," Fallgatter notes. "For example, we send our factories and offices and suppliers information on how to better check containers before loading." Currently, that's done mostly via e-mail, although the team is looking at putting that information on the intracompany Web site.
The security committee still meets regularly to share updates and discuss further enhancements to the program. JCPenney also has twice-yearly supplier summits where corporate staff updates suppliers on what's going on in the retail industry. This year, Fallgatter's group included the C-TPAT program in its presentation. Team members take advantage of every opportunity to spread the word: "If one of our logistics people goes overseas to visit with a consolidator, [he or she brings] a standard security presentation," she notes.
And it's not all talk. In addition to checking up on such things as container loading procedures, the company also is testing new electronic container seals and metal security bars that are designed to prevent unauthorized access to a container's contents. The security bars are time-consuming to remove at the destination warehouse, Fallgatter says, but a better seal alone isn't enough to guarantee security, especially if seal numbers aren't being recorded at every step of a container's journey. (A side benefit is that the bars have virtually eliminated theft in some countries.)
A Measure of Success
The purpose of JCPenney's security initiative is to ensure a smooth, uninterrupted flow of foreign-sourced product, regardless of its place of origin. All the guidelines and training would be worthless if there wasn't some obvious and quantifiable result. And that result shows in the company's low exam rate.
"Prior to 9/11, the inspection rate [for all import containers] was around 2 percent," Fallgatter says. "Right now, based on feedback we're getting from the industry, it's around 6 percent. We're at less than 1 percent." Those few exams occur in places that are likely to raise a red flag these days, such as Middle Eastern countries, she notes.
That fractional exam rate not only translates into a more efficient supply chain for the company, but it also keeps costs down and customer satisfaction levels high. "Every day that [a container] is stuck at a port, we're losing sales," Fallgatter says. "An exam is not a one-day thing. It can take up to three weeks or more, taking the container to a freight station and devanning it. It definitely impacts our bottom line."
With profits on the line, JCPenney wants to ensure that its full line of products keeps flowing steadily from overseas plants to its store shelves. The company will continue to work closely with Customs and with its suppliers to ensure that every link in the supply chain stays well informed and secure. "It has been a great program for us," Fallgatter says. "We've definitely developed a better awareness of our supply chain process, how things work, and how we can make it better."
Locations
01/05/2010Container Security: Is it working?
09/30/2009Fine-tuning your security strategy
10/31/2009
View All On-Demand Webcasts