Supply Chain Risk Leadership Council 1 Meeting Agenda & Council Structure Overview Applied Materials, host Austin, TX May 17-19, 2010

Supply Chain Risk Leadership Council 2 Meeting Agenda

Supply Chain Risk Leadership Council 3 Meeting Agenda & Council Structure Overview Applied Materials, host Austin, TX May 17-19, 2010

Supply Chain Risk Leadership Council 4 SCRLC Vision/Mission  Definition: Supply Chain Risk Management (SCRM) The practice of managing the risk of any factor or event that can materially disrupt a supply chain whether within a single company or spread across multiple companies. The ultimate purpose of supply chain risk management is to enable cost avoidance, customer service, and market position.  Our Vision: Lead world class manufacturing & services supply chain firms to share and influence supply chain risk management best practices.  Our Mission: -Create a framework to identify and share best-practices to deliver world class performance in supply chain risk management -Raise awareness and advocate supply chain risk management framework externally -Create an engagement model to proactively influence standards and regulations across industries and their related organizations/councils

Supply Chain Risk Leadership Council 5 Proposed Track Structure

Supply Chain Risk Leadership Council 6 ISO 31000

Supply Chain Risk Leadership Council 7 Alignment of Tracks to ISO Risk Assessment BCP Security/Regulatory Resiliency Crisis Management Standards & BP

Supply Chain Risk Leadership Council 8 May 2010 Review and finalize council structure Align on council and track objective, deliverables, leads/members Review and finalize deliverable content Finalize documentation process Deep dive on track best practices Define best practices communication plan (internal and external) Review and finalize maturity model self- assessments Maturity model self- assessment results drive 2011 SCRLC meeting agendas Oct 2010 Jan 2011 May SCRLC Work Calendar

Supply Chain Risk Leadership Council 9 Track Sessions: Direction  Validate and update high-level track objective(s), lead, and members Define value proposition, vision, missionDefine value proposition, vision, mission Include what has been done and what is plannedInclude what has been done and what is planned  Validate and update track deliverables: Collect completed best practicesCollect completed best practices Determine process to link back to ISO 31000Determine process to link back to ISO Prepare for:Prepare for: oBest Practices WG’s recommendation to integrate track deliverables oJanuary 2011 SCRLC Meeting: Sharing track best practices

Supply Chain Risk Leadership Council 10 Track Sessions: Attendees BCP – RM Lake Casa Blanca L2B5  Leader (interim): Jennifer Williams, Foxconn Beverly Williamson, J&J Raelene Wong, AMAT Allison Fujii, Boeing Jane Khoury, Cisco (phone) RISK ASSESSMENT – RM Southside Café B131  Leader: John Brown, Coca Cola Elizabeth Carroll, John Deere Taylor Wilkerson, LMI Mudit Bajaj, Jabil Circuit Nancy Moore, RAND CM – RM Devils Hollow L1D5 Leader: Randy DiGirolamo, FedEx Sandy Chen, Cisco Joe Pelayo, AMAT April Decker, AMAT RESILIENCY – RM Lake Livingston L2B5  Leader: Chris Patterson, GE Dave Pollard, FedEx Stephen Fecho, Merck Grover Thurman, Foxconn STANDARDS - RM  Leader: Glen Meskimen, AMAT Lance Solomon, Cisco Patrick Nowatzky, Rolls Royce SECURITY / REGULATOYR– RM Matagorda Island L1C10  Leader: Ken Kongismark, Boeing Bob Ricketts, Teradata Jeff Beck, Genzyme (phone) Robert Munyon, Genentech Robert Larson, DHL

Supply Chain Risk Leadership Council 11 Appendices

Supply Chain Risk Leadership Council 12 Current Track Objectives Governance Objective: To provide recruiting, meeting coordination, and administrative support to the council BCP Objective: Assess your internal recovery capabilities and assess your suppliers’ recovery capabilities - Internal: Business Processes within your company - External: Sourcing and Logistics Regulatory Objective: Get information out there to shape policy and inform policy makers and partner with an organization that can lobby policy makers. 2: Provide input to the ISO standard development team. Best Practice Sharing with the council. Security Objective: Risk minimization – best practices for prevention, avoidance, deterrence security threats in the supply chain Intermodal Supply Chain Security – expanding on the ISO Standards & Best Practices Objective: Provide non-regulatory framework for collecting, developing, and implementing best practices for risk and resilience management Drive and influence standards to improve risk and resilience management Provide guideline of best practices document Influence assessment standards Resiliency Objective: Implementing, developing and driving projects that improve resiliency - Including; Existing and New Products, Existing and New Supply Chains (transportation, manufacturing, logistics) Risk Assessment Objective: Best practices for performing a risk assessment and impact analysis in the supply chain Resiliency Metrics – metrics for recovery time objectives in the supply chain. Supplier Resiliency, Product Resiliency, Node Resiliency (Internal and external suppliers) Incident Detection & CM Objective: Develop Best Practices for Supply Chain Incident Detection and Crisis Management

Supply Chain Risk Leadership Council 13 Track: SCRLC Governance  Objective: To provide recruiting, meeting coordination, and administrative support to the council  Deliverables:  Track Leaders: Lance Solomon, Cisco Dave Pollard, FexEx  Track Members: John Brown, Coca Cola Karen Juhl, Boeing Ken Kongismark, Boeing Robert Larson, Genentech Christopher Patterson, GE Erin Thomoson, EI

Supply Chain Risk Leadership Council 14 WG: SCRM Best Practices & Standards Development Objective: Provide non-regulatory framework for collecting, developing, and implementing best practices for supply chain risk and resiliency management.. Create an engagement model to proactively influence standards and regulations across industries and their related organizations/councils. Work Group Lead: Glen Meskimen, App Materials Patrick Nowatzky, RR Casper Hunsche, SCC Lance Solomon, Cisco Deliverables: Internal: Evaluate ISO31000 and gather member feedback on the applicability of this standard to our objectives and approach for addressing risk in our supply chains – Complete as of Feb 2010 Determine how to apply ISO to supply chain risk and resilience management Develop process for defining cohesive track deliverables and for reviewing/finalizing track deliverables Deliver a supply chain risk and resiliency maturity model framework Document SCRM guidelines of best practices of council member companies in a standard framework External: A strategy to influence standards and how to engage with external orgs. Determine what and how to publish externally

Supply Chain Risk Leadership Council 15 Track Readout Template: Profile Track Vision, Mission, Value Proposition: To provide a maturity model which enables benchmarking against collective input of best practices from participating member companies. Track Objective(s): Provide non-regulatory framework for collecting, developing, and implementing best practices for supply chain risk and resiliency management. Create an engagement model to proactively influence standards and regulations across industries and their related organizations/councils. Track Lead: Glen Meskimen Track Members: Patrick Nowatzky, Rolls-Royce Casper Hunsche, SCC Lance Solomon, Cisco

Supply Chain Risk Leadership Council 16 Track Readout Template: Deliverables List Track Deliverables:Date Of Posting To SCRLC Website How To Link To ISO 31000? Evaluate ISO31000 and gather member feedback on the applicability of this standard to our objectives and approach for addressing risk in our supply chains – Complete as of Feb 2010 Determine how to apply ISO to supply chain risk and resilience management Develop process for defining cohesive track deliverables and for reviewing/finalizing track deliverables Deliver a supply chain risk and resiliency maturity model framework Document SCRM guidelines of best practices of council member companies in a standard framework A strategy to influence standards and how to engage with external orgs. Determine what and how to publish externally

Supply Chain Risk Leadership Council 17 Track Readout Template: Actions List Track actions:Owner Work Group to align on framework of maturity model to be used Workgroup Map tracks to specific sections and/or elements of ISO31000 (Figure 3 Diagram) Tracks Determine track dependencies within ISO31000Tracks Dependent on outcome of item #1 -> #3 oAlign section or element feedback from tracks Workgroup

Supply Chain Risk Leadership Council 18 Track Readout Template: Profile Definition of BC: Business Continuity is a holistic management process that identifies potential impacts or risks and provides a framework for building resilience with the capability for an effective response in order to continue business operations at an acceptable predefined level. Track Objective(s): Create a best practices portal: 1)Program initiation & management 2)Risk evaluation & BIA 3)Plan development & execution 4)Training, testing & auditing 5)Communications with internal & external stakeholders 6)Lessons learned Track Lead: Karen Juhl, Boeing Track Members: Jennifer Williams, Foxconn (interim Lead) Beverly Williamson, J&J Raelene Wong, AMAT Allison Fujii, Boeing Jane Khoury, Cisco (phone)

Supply Chain Risk Leadership Council 19 Track Readout Template: Deliverables List Track Deliverables:Date Of Posting To SCRLC Website How To Link To ISO 31000? Definition of business continuityMay 2010Risk Management Framework (Clause 4) Identify the critical elements of a business continuity/disaster recovery plan May 2010 Compile best practices for business continuity/disaster recovery plan Define performance measurement criteria for a BCP Determine standard lifecycle of a corporate business continuity program Define how the BCP elements map to the lifecycle Review and clean up 2010 deliverables

Supply Chain Risk Leadership Council 20 ISO 31000

Supply Chain Risk Leadership Council 21 Current Track Objectives Governance Objective: To provide recruiting, meeting coordination, and administrative support to the council BCP Objective: Assess your internal recovery capabilities and assess your suppliers’ recovery capabilities - Internal: Business Processes within your company - External: Sourcing and Logistics Regulatory Objective: Get information out there to shape policy and inform policy makers and partner with an organization that can lobby policy makers. 2: Provide input to the ISO standard development team. Best Practice Sharing with the council. Security Objective: Risk minimization – best practices for prevention, avoidance, deterrence security threats in the supply chain Intermodal Supply Chain Security – expanding on the ISO Standards & Best Practices Objective: Provide non-regulatory framework for collecting, developing, and implementing best practices for risk and resilience management Drive and influence standards to improve risk and resilience management Provide guideline of best practices document Influence assessment standards Resiliency Objective: Implementing, developing and driving projects that improve resiliency - Including; Existing and New Products, Existing and New Supply Chains (transportation, manufacturing, logistics) Risk Assessment Objective: Best practices for performing a risk assessment and impact analysis in the supply chain Resiliency Metrics – metrics for recovery time objectives in the supply chain. Supplier Resiliency, Product Resiliency, Node Resiliency (Internal and external suppliers) Incident Detection & CM Objective: Develop Best Practices for Supply Chain Incident Detection and Crisis Management

Supply Chain Risk Leadership Council 22 Track: Preparedness, BCP, and Recovery Planning Objective: Assess your internal recovery capabilities and assess your suppliers’ recovery capabilities - Internal: Business Processes within your company - External: Sourcing and Logistics  2010 Deliverables: 1. Definition of business continuity (staying in business) and BC planning – Completed 1/26/ Identify the critical elements of a business continuity/disaster recovery plan – Completed 2/17/ Develop/map best practices for each of the critical elements defined – May SCRLC meeting 4. Define performance measurement criteria for a BCP – meeting June & July 5. Determine standard lifecycle of a corporate business continuity program – meeting August & September 6. Define how the BCP elements map to the lifecycle – meeting October 7. Review and clean up 2010 deliverables – meeting November  Track Leader: Karen Juhl, Boeing Craig Babcock, P&G  Track Members: Tim Astley, Zurich Amy Cox, Rand Jane Khoury, Cisco Eddy Liu, TSMC Brian Peng, FoxConn Jennifer Trost, MNP Dave Pollard, FedEx Bev Williamson, J&J Lance Solomon, Cisco Grover Thurman, FoxConn Jennifer Williams, FoxConn

Supply Chain Risk Leadership Council 23 Security/Regulatory Track Proposal Vision/Mission/Deliverables/Value Proposition/Objectives Lead/Members

Supply Chain Risk Leadership Council 24 Scope In Scope - -Describe relevant supply chain security programs, supply chain requirements, and track proposed changes - -Describe best approaches for monitoring regulatory initiatives that create potential supply chain risk - -Define supply chain security best practices - -Define use of open source intelligence reports to identify supply chain risks - -Contingency planning/continued operations in post-incident scenarios - -Describe latest technological solutions to mitigate supply chain security risks - -Monitor international regulations and policies impacting supply chain security Out of Scope - -Import/export compliance regulations or policies (inco-terms) - -Security/reliability risks to supply chains from non-human sources

Supply Chain Risk Leadership Council 25 Value Proposition   Minimize risks from: Complexity of issues related to security/regulatory requirements regulatory compliance with existing regulations Unknown impacts of new regulations Losses/impacts related to security gaps (theft, contraband, product tampering) Proactively mitigate risks from counterfeit products   Bottom Line: Stakeholder confidence in your company, products, and supply chain

Supply Chain Risk Leadership Council 26 Vision   Not applicable: Part of the greater SCRLC Vision that the Tracks support

Supply Chain Risk Leadership Council 27 Mission   Provide SC security best practices and implementation guidelines to minimize, mitigate, and resolve SC security risks   Provide best practices/guidelines/ framework for monitoring and prioritizing potential SC risks related to proposed regulatory changes   Provide best practices and framework for influencing/shaping future regulations/policies

Supply Chain Risk Leadership Council 28 Deliverables   Key applicable regulatory/compliance requirements that affect supply chain security and supply chain risks   A framework describing “how to” analyze global regulatory risks related to various business models/industrial sectors by geographical region (and potentially how to shape/influence such regulations)   Best practices describing “how to” implement an effective supply chain security program to minimize risk

Supply Chain Risk Leadership Council 29 Objectives   Captured already

Supply Chain Risk Leadership Council 30 Open Questions?   Who comprises the BP & Standards Working Group and the Governance track? - -Future SCRLC acting in an advisory capacity to shape policy/regs?

Supply Chain Risk Leadership Council 31 Track: Supply Chain Resiliency Objective: Implementing, developing and driving projects that improve resiliency - Including; Existing and New Products, Existing and New Supply Chains (transportation, manufacturing, logistics)  Deliverables:  Track Leaders: Robert Larson, Genentech; Chris Patterson, GE  Track Members: Elvira Loredo, RAND Glen Meskimen, Applied Materials David Middleton, Rolls Royce Robert Munyon, Genentech John O'Connor, Cisco Dave Pollard, FedEx Marc Robbins, Ph.D., RAND Lance Solomon, Cisco Dean Wang, FoxConn  Deliverables:

Supply Chain Risk Leadership Council 32 Supply Chain Resiliency Track Proposal Vision/Mission/Deliverables/Value Proposition/Objectives Lead/Members

Supply Chain Risk Leadership Council 33 Scope In Scope:   Product, Supplier and Physical Network Resiliency   Planning and Implementation for:   Existing and New Products, Existing and New Direct Material and Services Suppliers, Existing and New Suppliers, Existing and New Networks/Network Design Out of Scope:   Product Quality Process   Demand Planning Process

Supply Chain Risk Leadership Council 34 Value Proposition   Define filtering mechanisms to initiate supply chain risk assessments   Management visibility/capability to prioritize risks and needed mitigations   A framework for assessing points of supply chain risk throughout the life cycle of your products and/or the supply chain

Supply Chain Risk Leadership Council 35 Vision   Captured in larger SCRLC Vision

Supply Chain Risk Leadership Council 36 Mission   Provide a best practices implementation guide for SC resiliency which includes measures and treatment plans for total life cycle supply chain management

Supply Chain Risk Leadership Council 37 Objectives I. Planning Setting Objectives, Targets and Establishing Resiliency Metrics   Decision process for mitigation vs. acceptance of risk, Trigger points for affordability vs. risk mitigation, Identify the design elements and decisions which impact resiliency. Identify the consequences of making optimal risk choices and acceptable mitigations for known risks. a. Product Resiliency: Component/Raw Material Mitigation – methods for prioritizing which products and components to mitigate. Component / Supplier Risk Attribute and Risk Rating Process: b. Physical Network: Node and network assessment, Identifying single points of failure.   - Internal Processes and Systems (Manufacturing Locations, Planning systems, B2B)   - External (CM, ODM/OEM, Supplier, Transportation, 3PL, Freight Forwarders, Customs Brokers) II. Implementation   Implementing, developing and driving projects that improve resiliency. Mitigation Techniques and Decision Processes, Techniques for Risk Management; Mitigation, Transfer Development of Product, Supplier and Network Recovery Playbooks a. Product Mitigation   - Existing Products   - New Products b. Physical Network Mitigation   - Existing Network: Network Optimization, Process for integrating resiliency into supply chain design, Process for integrating resiliency into capacity planning   - Network Design c. Supplier Mitigation

Supply Chain Risk Leadership Council 38 Deliverables   Define Best Practices for Supply Chain Resiliency   Standard Questions for Resiliency as part of the BCP Process.   Recommended Tools and Processes for conducting data collection and assessment of the supply chain nodes   Proposed implementation processes and procedures   Guidelines for defining metrics and criteria to determine effectiveness of a supply chain resilience program based on each company’s business model

Supply Chain Risk Leadership Council 39 Open Questions?   Who comprises the BP & Standards Working Group and the Governance track? - -Future SCRLC lobbying to shape policy/regs?

Supply Chain Risk Leadership Council 40 Track: Risk Assessment and Monitoring Objective: B est practices for performing a risk assessment and impact analysis in the supply chain Resiliency Metrics – metrics for recovery time objectives in the supply chain. Supplier Resiliency, Product Resiliency, Node Resiliency (Internal and external suppliers)  Deliverables:  Track Leader: John Brown, Coca Cola  Track Members: Ravi Anupindi, U of M Tim Astley, Zurich Elizabeth Carroll, John Deere David Middleton, Rolls Royce Nancy Moore, RAND Dave Morrow, SCC Robert Munyon, Genentech Christopher Patterson, GE Brian Squire, Zurich Jacqueline Thatcher, Merck Nick Wildgoose, Zurich Taylor Wilkerson, LMI Orlando Zapata, Applied Materials Mahmood Zarei, Sony  Deliverables: 1. Finalize/publish the following: -Catalog of key risks -Supply chain risk management process -Common and concise risk management terminology 2. Provide a table or list of alternative risk analysis methods to add more depth to the toolkit for supply chain risk practitioners.

Supply Chain Risk Leadership Council 41 Risk Assessment Track Applied Materials, host Austin, TX May 17-19, 2010

Supply Chain Risk Leadership Council 42 Risk Assessment: Profile Track Vision, Mission, Value Proposition Identify Risk Assessment best practices to support effective identification and monitoring of supply chain risks Track Objective(s): Best practices for performing a risk assessment and impact analysis in the supply chain Resiliency Metrics – metrics for recovery time objectives in the supply chain. Supplier Resiliency, Product Resiliency, Node Resiliency (Internal and external suppliers) Track Lead: John Brown (Coke) Track Members: Taylor Wilkerson (LMI) Nancy Moore (RAND) Elizabeth Carroll (John Deere) Mudit Bajaj (Jabil)

Supply Chain Risk Leadership Council 43 Risk Assessment: Deliverables List Track Deliverables:Date Of Posting To SCRLC Website How To Link To ISO 31000? 1. Finalize/publish the following: Catalog of key risks, Supply chain risk management process, Common and concise risk management terminology 18 May 2010Covers Risk Assessment elements of the ISO framework 2. Provide a table or list of alternative risk analysis methods to add more depth to the toolkit for supply chain risk practitioners. 18 May 2010Covers Risk Assessment elements of the ISO framework

Supply Chain Risk Leadership Council 44 Existing Track Structure

Supply Chain Risk Leadership Council 45 Track Alignment Existing Tracks

Supply Chain Risk Leadership Council 46 Proposed SCRLC Structure

Supply Chain Risk Leadership Council 47 Next Steps  Complete existing track work for next quarterly meeting Existing track work focused on best practicesExisting track work focused on best practices Best practices form the foundation for Product, Implementation, and Communication tracksBest practices form the foundation for Product, Implementation, and Communication tracks  At next meeting, realign council to new tracks Identify new track leadersIdentify new track leaders Identify volunteers for each trackIdentify volunteers for each track

Supply Chain Risk Leadership Council 48 Crisis Management Track Profile Track VisionProvide World Class leadership and guidance on crisis management best practices. Value PropositionTo enable organizations and partners to protect life, assets, operations/income, reputation, and the environment. DefinitionsA crisis is an unstable condition involving an impending abrupt or significant change that requires urgent attention and action to protect life, assets, property, operations/income, the environment and reputation. Reputation includes relations with employees, customers, suppliers, or other stakeholders and may include adverse news media coverage leading to public and governmental scrutiny. Crisis Management—coordinated activities to direct and control an organization with regards to responding to a specific crisis. Track Mission/ Objective(s) To document, share, and socialize best practices around these areas: Crisis Lifecycle Supply Chain Event Monitoring & Incident Detection Building and Maintaining Crisis Response Teams Effective Crisis Communications (Internal and External) Information Storage Benchmarking Program Incident Modeling Tools Track LeadBob Weronik Track MembersSteve Kay, GE; Randy DiGirolamo, FedEx; Bob Smola, John Deere; Sandy Chen, Cisco; Chris Patterson, GE; Mark Wang, RAND

Supply Chain Risk Leadership Council 49 CM Track Deliverables List Track Deliverables:Date Of Posting To SCRLC Website How To Link To ISO 31000? Deliver content for by documenting industry best practices and examples for Crisis Management, including: 1. The Crisis Lifecycle Monitor/Warning (Internal and External) Risk Assessment Response Management of the Crisis Resolution Recovery First draft complete; Final draft – Oct 2010* Risk Treatment 2. Building and Maintaining Crisis Response Teams Crisis Team hierarchy based on Business Unit, Region, Company, etc with clear criteria for hand- offs Emergency Response Team Disaster Response Team Pre-Emptive Crisis Response Crisis Drills Continuous Improvement Crisis Response Playbooks Supplying PPE to Crisis Teams and/or employees Oct 2010*Risk Treatment * = per team availability

Supply Chain Risk Leadership Council 50 CM Track Deliverables (cont’d) List Track Deliverables:Date Of Posting To SCRLC Website How To Link To ISO 31000? 3. Supply Chain Event Monitoring Supply Chain Mapping o To which level of the supply chain should be mapped? o Knowledge of Rare Raw Materials o Knowledge of unique industries in specific regions (UN data?) o Ability to map internal sites/employees and knowledge of which role they provide Intelligence Sources o Union Partnerships: Labor Disruptions - o News Agencies; via Alerts o Internal Alerting Processes (Reporting of incidents for security breaches, etc) o Supplier/Customer Alerting Processes o SCRLC – Real time knowledge share Response Time to Activation as a Metric Event Severity and Classification and Appropriate Response Oct 2010*Monitoring, Risk Treatment 4. Crisis Communications (Internal & External) Team Activation and Deactivation Tailoring Communications to the Crisis Lifecycle Ensuring Continuity of Communications During a Crisis Developing Holding (pre-written) communications for internal and external communications Oct 2010*Risk Treatment * = per team availability

Supply Chain Risk Leadership Council 51 CM Track Deliverables (con’td) List Track Deliverables:Date Of Posting To SCRLC Website How To Link To ISO 31000? 5. Information Storage Dedicated locations for Crisis Information TBDRisk Treatment 6. Benchmarking Program Internal and External benchmarking on crisis management programs TBDRisk Treatment 7. Incident Modeling Tools Supply Chain Risk Modeling TBDRisk Treatment

Supply Chain Risk Leadership Council 52 Track/WG NameLead(s)Members Regulatory Engagement and Landscape Chris Patterson, GE Nick Wildgoose, Zurich; Patrick St. Laurent, EI; Erin Thomoson, EI Sheryl Byrd, GE; Ken Kongismark, Boeing ; Robert Munyon, Genentech; Christopher Patterson, GE Standards & Best Practices Development Glen Meskimen, Applied Materials Grover Thurman, Foxconn; Jackie Thatcher, Merck; John Brown, Coca-Cola; Ken Konigsmark, Boeing; Lance Solomon, Cisco; Linda Conrad, Zurich; Nick Wildgoose, Zurich; Patrick Nowatzky, Rolls Royce; Bob Weronik, GE; Bob Smola, John Deere; Taylor Wilkinson, LMI; Marc Siegel, ASIS Internat’l Supply Chain Security Ken Kongismark, Boeing; Kirsten A Provence, Boeing Jeffrey Beck, Genzyme; Terence Brunson, LMI; Mary Chenoweth, RAND; Andrew Cox, DHS; Scott Dedic, Sony; Jim Rice, MIT; Bob Weronik, GE Supply Chain Resiliency Robert Larson, Genentech; Chris Patterson, GE Elvira Loredo, RAND; Glen Meskimen, Applied Materials; David Middleton, Rolls Royce; Robert Munyon, Genentech; John O'Connor, Cisco; Dave Pollard, FedEx; Marc Robbins, Ph.D., RAND; Lance Solomon, Cisco; Dean Wang, FoxConn; Stephen Fecho, Merck; Marc Siegel, ASIS Internat’l Incident Detection & Crisis Mgt Bob Weronik, GERandy DiGirolamo, FedEx; Christopher Patterson, GE; Bob Smola, John Deere; Mark Wang, Sc.D., RAND Risk Assessment & Monitoring John Brown, Coca Cola Ravi Anupindi, U of M; Tim Astley, Zurich; Elizabeth Carroll, John Deere; David Middleton, Rolls Royce; Nancy Moore, RAND Dave Morrow, SCC; Robert Munyon, Genentech; Christopher Patterson, GE; Brian Squire, Zurich; Jacqueline Thatcher, Merck Nick Wildgoose, Zurich; Taylor Wilkerson, LMI Orlando Zapata, Applied Materials; Mahmood Zarei, Sony Preparedness, BCP, and Recovery Planning Karen Juhl, Boeing; Craig Babcock, P&G Jennifer Williams, Foxconn; John Brown, Coca Cola; Karen Juhl, Boeing; Ken Kongismark, Boeing; Robert Larson, Genentech; Christopher Patterson, GE; Erin Thomoson, EI GovernanceLance Solomon, Cisco; Dave Pollard, FexEx John Brown, Coca Cola; Karen Juhl, Boeing; Ken Kongismark, Boeing; Robert Larson, Genentech; Christopher Patterson, GE; Erin Thomoson, EI Master Track Roster

Supply Chain Risk Leadership Council 53 Current Track Objectives/Deliverables TrackObjectiveDeliverables GovernanceTo provide recruiting, meeting coordination, and administrative support to the council Best Practices & Standards WG Provide non-regulatory framework for collecting, developing, and implementing best practices for risk and resilience management Drive and influence standards to improve risk and resilience management Provide guideline of best practices document Influence assessment standards Evaluate ISO31000 and gather member feedback on the applicability of this standard to our – Complete as of Feb 2010 Determine how to apply ISO to supply chain risk and resilience management (including risk assessment process) Develop process for defining cohesive track deliverables and for reviewing/finalizing track deliverables Develop/deliver a self-diagnostic maturity model Document SCRM guidelines of best practices of council member companies in a standard framework Determine how to influence standards and how to engage with external orgs (decide to participate with ANSI, write letters to ISO, etc)? Determine what and how to publish externally Preparedness, BCP, and Recovery Planning Assess your internal recovery capabilities and assess your suppliers’ recovery capabilities - Internal: Business Processes within your company - External: Sourcing and Logistics 1. Definition of business continuity and BC planning – Completed 1/26/ Identify critical elements of a BC/DR plan – Completed 2/17/ Develop/map best practices for each critical element – May SCRLC mtg 4. Define performance measurement criteria for a BCP – mtg June & July 5. Determine standard lifecycle of a corporate BC program – mtg Sept 6. Define how the BCP elements map to the lifecycle – mtg Oct 7. Review and clean up 2010 deliverables – mtg Nov Regulatory Compliance Get information out there to shape policy and inform policy makers and partner with an organization that can lobby policy makers. 2: Provide input to the ISO standard development team. Best Practice Sharing with the council. Create a Framework for evaluating pending and existing regulations that affect our supply chains by region Develop the strategy for regulatory influence Develop engagement model with DHS and the Cross Sector Working Group. Supply Chain Resiliency Implementing, developing and driving projects that improve resiliency - Including; Existing and New Products, Existing and New Supply Chains (transportation, manufacturing, logistics) Supply Chain Security Risk minimization – best practices for prevention, avoidance, deterrence security threats in the supply chain Intermodal Supply Chain Security – expanding on the ISO To identify new security rules and their impact on supply chain risk and compliance programs Risk Assessment and Monitoring Best practices for performing a risk assessment and impact analysis in the supply chain Resiliency Metrics – metrics for recovery time objectives in the supply chain. Supplier Resiliency, Product Resiliency, Node Resiliency (Internal and external suppliers) 1. Finalize/publish the following: Catalog of key risks, Supply chain risk management process, Common and concise risk management terminology 2. Provide a table or list of alternative risk analysis methods to add more depth to the toolkit for supply chain risk practitioners. Incident Detection and Crisis Management Develop Best Practices for Supply Chain Incident Detection and Crisis Management Deliver an “Introduction to Crisis Management” guidance document: Draft complete/reviewed; Final reviews due 2/9 (need format/template);Delivered to Council 2/11 Deliver a sample Crisis Management Plan: Table of Contents; Include 8 common elements of Sloan crosswalk; 1 st draft to Track by April mtg Deliver a sample “Notice of Resiliency Statement”: Similar to a holding statement; Need member companies to supply track with samples

Supply Chain Risk Leadership Council 54 Track: Regulatory Compliance Objective: Get information out there to shape policy and inform policy makers and partner with an organization that can lobby policy makers. 2: Provide input to the ISO standard development team. Best Practice Sharing with the council. This group will start in the US and Europe and eventually will expand the scope globally.  Track Leader: Chris Patterson, GE Nick Wildgoose, Zurich  Track Members: Sheryl Byrd, GE Ken Kongismark, Boeing Robert Munyon, Genentech Deliverables: (from Regulatory WG notes) Create a Framework for evaluating pending and existing regulations that affect our supply chains by region Develop the strategy for regulatory influence Develop engagement model with DHS and the Cross Sector Working Group.

Supply Chain Risk Leadership Council 55 Track: Supply Chain Security Objective: Risk minimization – best practices for prevention, avoidance, deterrence security threats in the supply chain Intermodal Supply Chain Security – expanding on the ISO  Deliverables: To identify new security rules and their impact on supply chain risk and compliance programs Does this share common objective with Regulatory track?  Track Leaders: Ken Kongismark, Boeing; Kirsten A Provence, Boeing Track Members: Jeffrey Beck, Genzyme Terence Brunson, LMI Mary Chenoweth, RAND Andrew Cox, DHS Scott Dedic, Sony Jim Rice, MIT Bob Weronik, GE