The document outlines a physical security management system and maturity model for ON Semiconductor, emphasizing their structured approach to standardizing security processes across corporate and site levels. It details various security elements including access control, training, and emergency planning while aiming for compliance with global standards. The goal is to create a repeatable, auditable, and continually improving security framework that enhances organizational performance.

1. Public Information
Physical Security Management System
Security maturity model

2. Public Information2 1/18/2016
ON Semiconductor www.onsemi.com
A leading supplier of semiconductor based
solutions driving energy efficient innovations.
• 2014 Revenue - $3.162 billion
• 3Q15 Revenue - $904.2 million
• 23000 employees
• 17 Manufacturing sites
• 32 Design centers
• Market segments
31% Automotive, 18% Communications, 13%
Computing, 15% Consumer, 23%
Industrial/Military/ Aerospace/Medical

3. Public Information3 1/18/2016
Great Baltimore Fire - 1904
1545
35000
1
600
30
1231
70

4. Public Information4 1/18/2016
Great Baltimore Fire – 1904 (cont.)
• Baltimore adopted a city building code
• The National Fire Protection Association
adopted a national standard for fire
hydrants and hose connections
• However, conversion was slow and still
remains incomplete (only 18 of the 48 most
populous American cities reported
compliance, 2004)

5. Public Information5 1/18/2016
Security Management System for the Supply
Chain (ISO 28000).
Equivalent to 14001, 9001, 18001, 27000.
Ensures that we follow the same basic
guidelines of Plan, Do, Check, Act as the other
management systems.
Very familiar look and feel for
the executives.
Why to standardize Physical Security?

6. Public Information6 1/18/2016
Goal oriented
• Documented
• Repeatable
• Consistent
• Auditable
• Continual improvement

7. Public Information7 1/18/2016
Layered
Corporate System Manual
Corporate procedures
Site/Region level specifications
Records

8. Public Information8 1/18/2016
• Access Control (badging specs. included)
• Asset Control
• Precious metals & Scrap Security
• Training and Awareness
• Investigations
• Physical Security emergency planning
• Performance monitoring (KPIs)
• Travel Security
• Physical Security Risk Assessment
• Remote Sites Security
Corporate-wide

9. Public Information9 1/18/2016
Corporate-wide (cont.)
Level 1 Document
Corporate
System Manual
Level 4 Doc
Records
Level 3 Doc
Site/Regional
Specifications
Level 2 Doc
Corporate
Procedures
Security Management System
Manual
Risk Assessment and
Performance
Monitoring
Procedure
Regional Security
Assessment
Specification
Security Risk Analysis
Training and
Awareness Procedure
Site Training
Specification
Training Record
Travel Security
Emergency Plan
Procedure
Site Security
Emergency Plan
Incident Lessons
Learned Report
Incident Reporting
Procedure
Site Incident
Reporting
Specification
Global Incident
Reports
SPOC
Access Control
Procedure
Site Access Control
Specification
Badging Specification
Asset Control
Procedure
Site Property Control
Specification
Scrap Security Spec
Security System
Procedure
Site Security System
Specification
Maintenance Plan

10. Public Information10 1/18/2016
Physical Security Maturity Model
Initial
Site by site different approach. No success criteria set. Ad-hoc /reactive
approach.
Defined
Corporate and industry best practices gathered and translated into physical
security corporate goals and requirements.
Repeatable
Set requirements formally documented and standardized. Site level gap
analyses and action plans.
Managed and Measured
Formal PSMS which is measured and controlled. Reporting and auditing
system established.
Optimized
Corporate-wide physical security management system and aware work force.
Process improvement and performance measurement focused.

11. Public Information11 1/18/2016
• Conformance with global standards
• Continual improvement
Auditing

12. Public Information12 1/18/2016
• Consistency (documented, repeatable)
• Continual improvement (internal audit)
• Measurable results – KPIs, benchmarking
• Management commitment
• Enhancement of the organization's
performance
• Systematical risk identification
Benefits

13. Public Information13 1/18/2016
Questions

14. Public Information14 1/18/2016
Thank you