Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular aspects of supply chain security –Programs enable best practice sharing across and within industries ›Requires adherence to customs and border agency security measures that result in preferential treatment when crossing specific borders ›Audits the compliance of contracted service providers against established global standards Dell-internal initiatives aim to continuously improve our supply chain security practices –Administrative, personnel and physical security policies –Manufacturing security and integrity measures –Specific programs to satisfy customer requirements Dell Confidential and Proprietary Information
Global Marketing Voluntary Supply Chain Security Programs Free and Secure Trade (FAST) –FAST Program supports cargo security initiatives ›Inspectors in 34 international ports ›Target and screen high-risk cargo before it is shipped to American ports Container Security Initiative (CSI) –CSI is led by US Customs and Border Protection (CBP) Section of DHS –Enforces security and prevents terrorist attacks coming through the supply chain using: ›Highly technical non-destructive scanning methods ›Tamper-evident containers ›Intelligence and automated information systems Customs Trade Partnership Against Terrorism (C-TPAT) –Dell is a top tier C-TPAT member –Private organizations voluntarily building cooperative government-business relationships to: ›Strengthen and improve the supply chain internationally ›Protect U.S. border security Partners in Protection (PIP) –Voluntary program sponsored by Canada’s Border Services Agency ›Enlists cooperation of private industry organizations to enhance border and supply chain security ›Partners follow strict standards for the high- security mechanical seals used for in-transit cargo within trailers and containers Dell Confidential and Proprietary Information
Global Marketing Voluntary Supply Chain Security Programs Authorized Economic Operators (AEO) –Dell follows the AEO framework of standards Approved by the World Customs Organization Requires Dell and Partners to use cargo seals that meet or exceed ISO standards Transported Asset Protection Association (TAPA) –Established security standards for the international supply chain –Focuses on loss prevention and tampering High Tech Supply Chain Security Consortium (HTSC 2 ) –Consolidates internationally recognized governmental security standards –Focuses on preventing the introduction of unauthorized articles or people into the supply chain Dell Confidential and Proprietary Information
Global Marketing Administrative Security Dell teams identify regional laws, policies, regulations and contractual requirements –Intellectual property of the company and our customers –Software licenses –Protection of employee and customer personal information –Proper data protection and data handling procedures –Trans-border data transmission –Financial and operational procedures –Regulatory export controls for certain technology Use of internal and external personnel and mechanisms –Control Self-Assessment (CSA) program ensures process compliance and review –External audits –Contract management –Security awareness –Risk management –Information Systems & Security ›Penetration testing ›Vulnerability testing ›Software verification ›Phased Review Process –System and Asset Management Dell Confidential and Proprietary Information
Global Marketing Software Security and Integrity Measures Software products enter a risk management framework as soon as they are defined Security, privacy, confidentiality, integrity and availability are all encompassed in this process Dell follows industry best practices for secure coding and a variety of manual and automated tools are used to verify code quality. Developers have mandatory annual training on secure coding practices All Dell-developed source code is subjected to both peer reviews and automated scans to identify security concerns Dell Confidential and Proprietary Information