Supply Chain Risk Leadership Council 1 Meeting Agenda

Supply Chain Risk Leadership Council 2 Meeting Agenda & Council Structure Overview Applied Materials, host Austin, TX May 17-19, 2010

Supply Chain Risk Leadership Council 3 SCRLC Vision/Mission  Definition: Supply Chain Risk Management (SCRM) The practice of managing the risk of any factor or event that can materially disrupt a supply chain whether within a single company or spread across multiple companies. The ultimate purpose of supply chain risk management is to enable cost avoidance, customer service, and market position.  Our Vision: Lead world class manufacturing & services supply chain firms to share and influence supply chain risk management best practices.  Our Mission: -Create a framework to identify and share best-practices to deliver world class performance in supply chain risk management -Raise awareness and advocate supply chain risk management framework externally -Create an engagement model to proactively influence standards and regulations across industries and their related organizations/councils

Supply Chain Risk Leadership Council 4 Proposed Track Structure

Supply Chain Risk Leadership Council 5 ISO 31000

Supply Chain Risk Leadership Council 6 Alignment of Tracks to ISO Risk Assessment BCP Security/Regulatory Resiliency Crisis Management Standards & BP

Supply Chain Risk Leadership Council 7 May 2010 Review and finalize council structure Align on council and track objective, deliverables, leads/members Review and finalize deliverable content Finalize documentation process Deep dive on track best practices Define best practices communication plan (internal and external) Review and finalize maturity model self- assessments Maturity model self- assessment results drive 2011 SCRLC meeting agendas Oct 2010 Jan 2011 May SCRLC Work Calendar

Supply Chain Risk Leadership Council 8 Track Sessions: Direction  Validate and update high-level track objective(s), lead, and members Define value proposition, vision, missionDefine value proposition, vision, mission Include what has been done and what is plannedInclude what has been done and what is planned  Validate and update track deliverables: Collect completed best practicesCollect completed best practices Determine process to link back to ISO 31000Determine process to link back to ISO Prepare for:Prepare for: oBest Practices WG’s recommendation to integrate track deliverables oJanuary 2011 SCRLC Meeting: Sharing track best practices

Supply Chain Risk Leadership Council 9 Meeting Agenda & Council Structure Overview Applied Materials, host Austin, TX May 17-19, 2010

Supply Chain Risk Leadership Council 10 Track Readout Template: Profile Track Vision, Mission, Value Proposition: To provide a maturity model which enables benchmarking against collective input of best practices from participating member companies. Track Objective(s): Provide non-regulatory framework for collecting, developing, and implementing best practices for supply chain risk and resiliency management. Create an engagement model to proactively influence standards and regulations across industries and their related organizations/councils. Track Lead: Glen Meskimen Track Members: Patrick Nowatzky, Rolls-Royce Casper Hunsche, SCC Lance Solomon, Cisco

Supply Chain Risk Leadership Council 11 Track Readout Template: Deliverables List Track Deliverables:Date Of Posting To SCRLC Website How To Link To ISO 31000? Evaluate ISO31000 and gather member feedback on the applicability of this standard to our objectives and approach for addressing risk in our supply chains – Complete as of Feb 2010 Determine how to apply ISO to supply chain risk and resilience management Develop process for defining cohesive track deliverables and for reviewing/finalizing track deliverables Deliver a supply chain risk and resiliency maturity model framework Document SCRM guidelines of best practices of council member companies in a standard framework A strategy to influence standards and how to engage with external orgs. Determine what and how to publish externally

Supply Chain Risk Leadership Council 12 Track Sessions: Attendees BCP – RM Lake Casa Blanca L2B5  Leader (interim): Jennifer Williams, Foxconn Beverly Williamson, J&J Raelene Wong, AMAT Allison Fujii, Boeing Jane Khoury, Cisco (phone) RISK ASSESSMENT – RM Southside Café B131  Leader: John Brown, Coca Cola Elizabeth Carroll, John Deere Taylor Wilkerson, LMI Mudit Bajaj, Jabil Circuit Nancy Moore, RAND CM – RM Devils Hollow L1D5 Leader: Randy DiGirolamo, FedEx Sandy Chen, Cisco Joe Pelayo, AMAT April Decker, AMAT RESILIENCY – RM Lake Livingston L2B5  Leader: Chris Patterson, GE Dave Pollard, FedEx Stephen Fecho, Merck Grover Thurman, Foxconn STANDARDS - RM  Leader: Glen Meskimen, AMAT Lance Solomon, Cisco Patrick Nowatzky, Rolls Royce SECURITY / REGULATOYR– RM Matagorda Island L1C10  Leader: Ken Kongismark, Boeing Bob Ricketts, Teradata Jeff Beck, Genzyme (phone) Robert Munyon, Genentech Robert Larson, DHL

Supply Chain Risk Leadership Council 13 Appendices

Supply Chain Risk Leadership Council 14 Current Track Objectives Governance Objective: To provide recruiting, meeting coordination, and administrative support to the council BCP Objective: Assess your internal recovery capabilities and assess your suppliers’ recovery capabilities - Internal: Business Processes within your company - External: Sourcing and Logistics Regulatory Objective: Get information out there to shape policy and inform policy makers and partner with an organization that can lobby policy makers. 2: Provide input to the ISO standard development team. Best Practice Sharing with the council. Security Objective: Risk minimization – best practices for prevention, avoidance, deterrence security threats in the supply chain Intermodal Supply Chain Security – expanding on the ISO Standards & Best Practices Objective: Provide non-regulatory framework for collecting, developing, and implementing best practices for risk and resilience management Drive and influence standards to improve risk and resilience management Provide guideline of best practices document Influence assessment standards Resiliency Objective: Implementing, developing and driving projects that improve resiliency - Including; Existing and New Products, Existing and New Supply Chains (transportation, manufacturing, logistics) Risk Assessment Objective: Best practices for performing a risk assessment and impact analysis in the supply chain Resiliency Metrics – metrics for recovery time objectives in the supply chain. Supplier Resiliency, Product Resiliency, Node Resiliency (Internal and external suppliers) Incident Detection & CM Objective: Develop Best Practices for Supply Chain Incident Detection and Crisis Management

Supply Chain Risk Leadership Council 15 Current Track Objectives/Deliverables TrackObjectiveDeliverables GovernanceTo provide recruiting, meeting coordination, and administrative support to the council Best Practices & Standards WG Provide non-regulatory framework for collecting, developing, and implementing best practices for risk and resilience management Drive and influence standards to improve risk and resilience management Provide guideline of best practices document Influence assessment standards Evaluate ISO31000 and gather member feedback on the applicability of this standard to our – Complete as of Feb 2010 Determine how to apply ISO to supply chain risk and resilience management (including risk assessment process) Develop process for defining cohesive track deliverables and for reviewing/finalizing track deliverables Develop/deliver a self-diagnostic maturity model Document SCRM guidelines of best practices of council member companies in a standard framework Determine how to influence standards and how to engage with external orgs (decide to participate with ANSI, write letters to ISO, etc)? Determine what and how to publish externally Preparedness, BCP, and Recovery Planning Assess your internal recovery capabilities and assess your suppliers’ recovery capabilities - Internal: Business Processes within your company - External: Sourcing and Logistics 1. Definition of business continuity and BC planning – Completed 1/26/ Identify critical elements of a BC/DR plan – Completed 2/17/ Develop/map best practices for each critical element – May SCRLC mtg 4. Define performance measurement criteria for a BCP – mtg June & July 5. Determine standard lifecycle of a corporate BC program – mtg Sept 6. Define how the BCP elements map to the lifecycle – mtg Oct 7. Review and clean up 2010 deliverables – mtg Nov Regulatory Compliance Get information out there to shape policy and inform policy makers and partner with an organization that can lobby policy makers. 2: Provide input to the ISO standard development team. Best Practice Sharing with the council. Create a Framework for evaluating pending and existing regulations that affect our supply chains by region Develop the strategy for regulatory influence Develop engagement model with DHS and the Cross Sector Working Group. Supply Chain Resiliency Implementing, developing and driving projects that improve resiliency - Including; Existing and New Products, Existing and New Supply Chains (transportation, manufacturing, logistics) Supply Chain Security Risk minimization – best practices for prevention, avoidance, deterrence security threats in the supply chain Intermodal Supply Chain Security – expanding on the ISO To identify new security rules and their impact on supply chain risk and compliance programs Risk Assessment and Monitoring Best practices for performing a risk assessment and impact analysis in the supply chain Resiliency Metrics – metrics for recovery time objectives in the supply chain. Supplier Resiliency, Product Resiliency, Node Resiliency (Internal and external suppliers) 1. Finalize/publish the following: Catalog of key risks, Supply chain risk management process, Common and concise risk management terminology 2. Provide a table or list of alternative risk analysis methods to add more depth to the toolkit for supply chain risk practitioners. Incident Detection and Crisis Management Develop Best Practices for Supply Chain Incident Detection and Crisis Management Deliver an “Introduction to Crisis Management” guidance document: Draft complete/reviewed; Final reviews due 2/9 (need format/template);Delivered to Council 2/11 Deliver a sample Crisis Management Plan: Table of Contents; Include 8 common elements of Sloan crosswalk; 1 st draft to Track by April mtg Deliver a sample “Notice of Resiliency Statement”: Similar to a holding statement; Need member companies to supply track with samples

Supply Chain Risk Leadership Council 16 Track: SCRLC Governance  Objective: To provide recruiting, meeting coordination, and administrative support to the council  Deliverables:  Track Leaders: Lance Solomon, Cisco Dave Pollard, FexEx  Track Members: John Brown, Coca Cola Karen Juhl, Boeing Ken Kongismark, Boeing Robert Larson, Genentech Christopher Patterson, GE Erin Thomoson, EI

Supply Chain Risk Leadership Council 17 WG: SCRM Best Practices & Standards Development Objective: Provide non-regulatory framework for collecting, developing, and implementing best practices for supply chain risk and resiliency management.. Create an engagement model to proactively influence standards and regulations across industries and their related organizations/councils. Work Group Lead: Glen Meskimen, App Materials Patrick Nowatzky, RR Casper Hunsche, SCC Lance Solomon, Cisco Deliverables: Internal: Evaluate ISO31000 and gather member feedback on the applicability of this standard to our objectives and approach for addressing risk in our supply chains – Complete as of Feb 2010 Determine how to apply ISO to supply chain risk and resilience management Develop process for defining cohesive track deliverables and for reviewing/finalizing track deliverables Deliver a supply chain risk and resiliency maturity model framework Document SCRM guidelines of best practices of council member companies in a standard framework External: A strategy to influence standards and how to engage with external orgs. Determine what and how to publish externally

Supply Chain Risk Leadership Council 18 Track: Preparedness, BCP, and Recovery Planning Objective: Assess your internal recovery capabilities and assess your suppliers’ recovery capabilities - Internal: Business Processes within your company - External: Sourcing and Logistics  2010 Deliverables: 1. Definition of business continuity (staying in business) and BC planning – Completed 1/26/ Identify the critical elements of a business continuity/disaster recovery plan – Completed 2/17/ Develop/map best practices for each of the critical elements defined – May SCRLC meeting 4. Define performance measurement criteria for a BCP – meeting June & July 5. Determine standard lifecycle of a corporate business continuity program – meeting August & September 6. Define how the BCP elements map to the lifecycle – meeting October 7. Review and clean up 2010 deliverables – meeting November  Track Leader: Karen Juhl, Boeing Craig Babcock, P&G  Track Members: Tim Astley, Zurich Amy Cox, Rand Jane Khoury, Cisco Eddy Liu, TSMC Brian Peng, FoxConn Jennifer Trost, MNP Dave Pollard, FedEx Bev Williamson, J&J Lance Solomon, Cisco Grover Thurman, FoxConn Jennifer Williams, FoxConn

Supply Chain Risk Leadership Council 19 Track: Regulatory Compliance Objective: Get information out there to shape policy and inform policy makers and partner with an organization that can lobby policy makers. 2: Provide input to the ISO standard development team. Best Practice Sharing with the council. This group will start in the US and Europe and eventually will expand the scope globally.  Track Leader: Chris Patterson, GE Nick Wildgoose, Zurich  Track Members: Sheryl Byrd, GE Ken Kongismark, Boeing Robert Munyon, Genentech Deliverables: (from Regulatory WG notes) Create a Framework for evaluating pending and existing regulations that affect our supply chains by region Develop the strategy for regulatory influence Develop engagement model with DHS and the Cross Sector Working Group.

Supply Chain Risk Leadership Council 20 Track: Supply Chain Security Objective: Risk minimization – best practices for prevention, avoidance, deterrence security threats in the supply chain Intermodal Supply Chain Security – expanding on the ISO  Deliverables: To identify new security rules and their impact on supply chain risk and compliance programs Does this share common objective with Regulatory track?  Track Leaders: Ken Kongismark, Boeing; Kirsten A Provence, Boeing Track Members: Jeffrey Beck, Genzyme Terence Brunson, LMI Mary Chenoweth, RAND Andrew Cox, DHS Scott Dedic, Sony Jim Rice, MIT Bob Weronik, GE

Supply Chain Risk Leadership Council 21 Track: Supply Chain Resiliency Objective: Implementing, developing and driving projects that improve resiliency - Including; Existing and New Products, Existing and New Supply Chains (transportation, manufacturing, logistics)  Deliverables:  Track Leaders: Robert Larson, Genentech; Chris Patterson, GE  Track Members: Elvira Loredo, RAND Glen Meskimen, Applied Materials David Middleton, Rolls Royce Robert Munyon, Genentech John O'Connor, Cisco Dave Pollard, FedEx Marc Robbins, Ph.D., RAND Lance Solomon, Cisco Dean Wang, FoxConn  Deliverables:

Supply Chain Risk Leadership Council 22 Track: Risk Assessment and Monitoring Objective: B est practices for performing a risk assessment and impact analysis in the supply chain Resiliency Metrics – metrics for recovery time objectives in the supply chain. Supplier Resiliency, Product Resiliency, Node Resiliency (Internal and external suppliers)  Deliverables:  Track Leader: John Brown, Coca Cola  Track Members: Ravi Anupindi, U of M Tim Astley, Zurich Elizabeth Carroll, John Deere David Middleton, Rolls Royce Nancy Moore, RAND Dave Morrow, SCC Robert Munyon, Genentech Christopher Patterson, GE Brian Squire, Zurich Jacqueline Thatcher, Merck Nick Wildgoose, Zurich Taylor Wilkerson, LMI Orlando Zapata, Applied Materials Mahmood Zarei, Sony  Deliverables: 1. Finalize/publish the following: -Catalog of key risks -Supply chain risk management process -Common and concise risk management terminology 2. Provide a table or list of alternative risk analysis methods to add more depth to the toolkit for supply chain risk practitioners.

Supply Chain Risk Leadership Council 23 Track: Incident Detection & Crisis Mgt Objective: Develop Best Practices for Supply Chain Incident Detection and Crisis Management  Deliverables: Deliver an “Introduction to Crisis Management” guidance document - Draft complete and reviewed - Final reviews due 2/9 (need format/template) - Delivered to Council 2/11 Deliver a sample Crisis Management Plan - Table of Contents - Include 8 common elements of Sloan crosswalk -1 st draft to Track by April meeting Deliver a sample “Notice of Resiliency Statement” - Similar to a holding statement - Need member companies to supply track with samples  Track Leader: Bob Weronik, GE  Track Members: Randy DiGirolamo, FedEx Christopher Patterson, GE Bob Smola, John Deere Mark Wang, Sc.D., RAND Steve Kay, GE

Supply Chain Risk Leadership Council 24 Track/WG NameLead(s)Members Regulatory Engagement and Landscape Chris Patterson, GE Nick Wildgoose, Zurich; Patrick St. Laurent, EI; Erin Thomoson, EI Sheryl Byrd, GE; Ken Kongismark, Boeing ; Robert Munyon, Genentech; Christopher Patterson, GE Standards & Best Practices Development Glen Meskimen, Applied Materials Grover Thurman, Foxconn; Jackie Thatcher, Merck; John Brown, Coca-Cola; Ken Konigsmark, Boeing; Lance Solomon, Cisco; Linda Conrad, Zurich; Nick Wildgoose, Zurich; Patrick Nowatzky, Rolls Royce; Bob Weronik, GE; Bob Smola, John Deere; Taylor Wilkinson, LMI; Marc Siegel, ASIS Internat’l Supply Chain Security Ken Kongismark, Boeing; Kirsten A Provence, Boeing Jeffrey Beck, Genzyme; Terence Brunson, LMI; Mary Chenoweth, RAND; Andrew Cox, DHS; Scott Dedic, Sony; Jim Rice, MIT; Bob Weronik, GE Supply Chain Resiliency Robert Larson, Genentech; Chris Patterson, GE Elvira Loredo, RAND; Glen Meskimen, Applied Materials; David Middleton, Rolls Royce; Robert Munyon, Genentech; John O'Connor, Cisco; Dave Pollard, FedEx; Marc Robbins, Ph.D., RAND; Lance Solomon, Cisco; Dean Wang, FoxConn; Stephen Fecho, Merck; Marc Siegel, ASIS Internat’l Incident Detection & Crisis Mgt Bob Weronik, GERandy DiGirolamo, FedEx; Christopher Patterson, GE; Bob Smola, John Deere; Mark Wang, Sc.D., RAND Risk Assessment & Monitoring John Brown, Coca Cola Ravi Anupindi, U of M; Tim Astley, Zurich; Elizabeth Carroll, John Deere; David Middleton, Rolls Royce; Nancy Moore, RAND Dave Morrow, SCC; Robert Munyon, Genentech; Christopher Patterson, GE; Brian Squire, Zurich; Jacqueline Thatcher, Merck Nick Wildgoose, Zurich; Taylor Wilkerson, LMI Orlando Zapata, Applied Materials; Mahmood Zarei, Sony Preparedness, BCP, and Recovery Planning Karen Juhl, Boeing; Craig Babcock, P&G Jennifer Williams, Foxconn; John Brown, Coca Cola; Karen Juhl, Boeing; Ken Kongismark, Boeing; Robert Larson, Genentech; Christopher Patterson, GE; Erin Thomoson, EI GovernanceLance Solomon, Cisco; Dave Pollard, FexEx John Brown, Coca Cola; Karen Juhl, Boeing; Ken Kongismark, Boeing; Robert Larson, Genentech; Christopher Patterson, GE; Erin Thomoson, EI Master Track Roster