Meeting Agenda Day 2 Tuesday May 18 Day

Meeting Agenda Day 2 - Tuesday (May 18) Day 3 - Wednesday (May 19) Time Topic 8: 00 AM Welcome/Intros Glen Meskimen 8: 00 AM 8: 10 AM Agenda Review Keynote: Who Is Applied Materials Lance Solomon 8: 45 AM 8: 15 AM 8: 45 AM Member Spotlight: John Deere 9: 30 AM Break 9: 45 AM Update on ISO 31000 Survey 10: 00 AM 12: 00 PM 1: 00 PM 2: 30 PM 2: 45 PM 4: 30 PM 5: 00 PM 6: 45 PM Discussion: SCRLC Structure Overview and SCRLC Objective/Deliverable Reset Lunch Working Session: Track Break-out Break Track Readout Optional: Gown Up Optional: Tour of Mfg Facility Hosted Dinner in Downtown Austin Speaker Time Topic Speaker Member Spotlight: Managing Supplier Health Break Member Spotlight: Rolls Royce Best Practices Glen Meskimen Linda Guzzi 9: 00 AM Elizabeth Carroll, Bob Smola 9: 45 AM Break 10: 00 AM SCOR Model Update Glen Meskimen 10: 30 AM Discussion: Future Meeting Structure and Managing/Sharing Track Output Lance Solomon 11: 30 AM Next Steps/Roundtable/Hotwash 12: 30 PM Lunch & Adjourn 1: 30 PM Governance Track Meeting 3: 30 PM Adjourn Patrick Nowatzky Taylor Wilkinson Lance Solomon Track Leads Supply Chain Risk Leadership Council 1

Meeting Agenda & Council Structure Overview Applied Materials, host Austin, TX May 17 -19, 2010 Supply Chain Risk Leadership Council 2

SCRLC Vision/Mission q Definition: Supply Chain Risk Management (SCRM) The practice of managing the risk of any factor or event that can materially disrupt a supply chain whether within a single company or spread across multiple companies. The ultimate purpose of supply chain risk management is to enable cost avoidance, customer service, and market position. q Our Vision: Lead world class manufacturing & services supply chain firms to share and influence supply chain risk management best practices. q Our Mission: - Create a framework to identify and share best-practices to deliver world class performance in supply chain risk management - Raise awareness and advocate supply chain risk management framework externally - Create an engagement model to proactively influence standards and regulations across industries and their related organizations/councils Supply Chain Risk Leadership Council 3

Proposed Track Structure Governance Best Practices and Standards WG Preparedness, Business Continuity, and Recovery Planning Regulatory Compliance (Regulatory Engagement and Landscape WG) Supply Chain Security Supply Chain Resiliency Supply Chain Risk Leadership Council Risk Assessment and Monitoring Supply Chain Incident Detection and Crisis Management 4

ISO 31000 Supply Chain Risk Leadership Council 5

Alignment of Tracks to ISO 31000 Standards & BP Security/Regulatory Risk Assessment Crisis Management BCP Resiliency Supply Chain Risk Leadership Council 6

2010 -2011 SCRLC Work Calendar May 2010 Review and finalize council structure Align on council and track objective, deliverables, leads/members Oct 2010 Review and finalize deliverable content Jan 2011 May 2011 Deep dive on track best practices Review and finalize maturity model selfassessments Finalize documentation process Define best practices communication plan (internal and external) Supply Chain Risk Leadership Council Maturity model selfassessment results drive 2011 SCRLC meeting agendas 7

Track Sessions: Direction q Validate and update high-level track objective(s), lead, and members • Define value proposition, vision, mission • Include what has been done and what is planned q Validate and update track deliverables: • Collect completed best practices • Determine process to link back to ISO 31000 • Prepare for: o Best Practices WG’s recommendation to integrate track deliverables o January 2011 SCRLC Meeting: Sharing track best practices Supply Chain Risk Leadership Council 8

Meeting Agenda & Council Structure Overview Applied Materials, host Austin, TX May 17 -19, 2010 Supply Chain Risk Leadership Council 9

Track Readout Template: Profile Track Vision, Mission, Value Proposition: Track Objective(s): To provide a maturity model which enables benchmarking against collective input of best practices from participating member companies. • Provide non-regulatory framework for collecting, developing, and implementing best practices for supply chain risk and resiliency management. • Create an engagement model to proactively influence standards and regulations across industries and their related organizations/councils. Track Lead: Glen Meskimen Track Members: Patrick Nowatzky, Rolls-Royce Casper Hunsche, SCC Lance Solomon, Cisco Supply Chain Risk Leadership Council 10

Track Readout Template: Deliverables List Track Deliverables: Date Of Posting To SCRLC Website • Evaluate ISO 31000 and gather member feedback on the applicability of this standard to our objectives and approach for addressing risk in our supply chains – Complete as of Feb 2010 • Determine how to apply ISO 31000 to supply chain risk and resilience management • Develop process for defining cohesive track deliverables and for reviewing/finalizing track deliverables • Deliver a supply chain risk and resiliency maturity model framework • Document SCRM guidelines of best practices of council member companies in a standard framework • A strategy to influence standards and how to engage with external orgs. • Determine what and how to publish externally Supply Chain Risk Leadership Council How To Link To ISO 31000? 11

Track Sessions: Attendees SECURITY / REGULATOYR– RM Matagorda Island L 1 C 10 § Leader: Ken Kongismark, Boeing STANDARDS - RM § Leader: Glen Meskimen, AMAT Lance Solomon, Cisco Patrick Nowatzky, Rolls Royce Bob Ricketts, Teradata Jeff Beck, Genzyme (phone) Robert Munyon, Genentech Robert Larson, DHL RESILIENCY – RM Lake Livingston L 2 B 5 § Leader: Chris Patterson, GE BCP – RM Lake Casa Blanca L 2 B 5 § Leader (interim): Jennifer Williams, Foxconn RISK ASSESSMENT – RM Southside Café B 131 §Leader: John Brown, Coca Cola Dave Pollard, Fed. Ex Stephen Fecho, Merck Grover Thurman, Foxconn Beverly Williamson, J&J Raelene Wong, AMAT Allison Fujii, Boeing Jane Khoury, Cisco (phone) Elizabeth Carroll, John Deere Taylor Wilkerson, LMI Mudit Bajaj, Jabil Circuit Nancy Moore, RAND Supply Chain Risk Leadership Council CM – RM Devils Hollow L 1 D 5 • Leader: Randy Di. Girolamo, Fed. Ex Sandy Chen, Cisco Joe Pelayo, AMAT April Decker, AMAT 12

Appendices Supply Chain Risk Leadership Council 13

Current Track Objectives BCP Objective: Assess your internal recovery capabilities and assess your suppliers’ recovery capabilities - Internal: Business Processes within your company - External: Sourcing and Logistics Resiliency Objective: Implementing, developing and driving projects that improve resiliency Including; Existing and New Products, Existing and New Supply Chains (transportation, manufacturing, logistics) Governance Objective: To provide recruiting, meeting coordination, and administrative support to the council Standards & Best Practices Objective: • Provide non-regulatory framework for collecting, developing, and implementing best practices for risk and resilience management • Drive and influence standards to improve risk and resilience management • Provide guideline of best practices document • Influence assessment standards Risk Assessment Objective: Best practices for performing a risk assessment and impact analysis in the supply chain Resiliency Metrics – metrics for recovery time objectives in the supply chain. Supplier Resiliency, Product Resiliency, Node Resiliency (Internal and external suppliers) Incident Detection & CM Objective: Develop Best Practices for Supply Chain Incident Detection and Crisis Management Regulatory Objective: Get information out there to shape policy and inform policy makers and partner with an organization that can lobby policy makers. 2: Provide input to the ISO standard development team. Best Practice Sharing with the council. Security Objective: Risk minimization – best practices for prevention, avoidance, deterrence security threats in the supply chain Intermodal Supply Chain Security – expanding on the ISO 28000. Supply Chain Risk Leadership Council 14

Current Track Objectives/Deliverables Track Objective Deliverables Governanc e To provide recruiting, meeting coordination, and administrative support to the council Best Practices & Standards WG • Provide non-regulatory framework for collecting, • Evaluate ISO 31000 and gather member feedback on the applicability of this standard to our – Complete as of Feb developing, and implementing best practices for risk and resilience management • Drive and influence standards to improve risk and resilience management • Provide guideline of best practices document • Influence assessment standards 2010 • Determine how to apply ISO 31000 to supply chain risk and resilience management (including risk assessment process) • Develop process for defining cohesive track deliverables and f or reviewing/finalizing track deliverables • Develop/deliver a self-diagnostic maturity model • Document SCRM guidelines of best practices of council member companies in a standard framework • Determine how to influence standards and how to engage with external orgs (decide to participate with ANSI, write letters to ISO, etc)? • Determine what and how to publish externally Preparedne ss, BCP, and Recovery Planning Assess your internal recovery capabilities and assess your suppliers’ recovery capabilities - Internal: Business Processes within your company - External: Sourcing and Logistics 1. Definition of business continuity and BC planning – Completed 1/26/2010 Regulatory Compliance Get information out there to shape policy and inform policy makers and partner with an organization that can lobby policy makers. 2: Provide input to the ISO standard development team. Best Practice Sharing with the council. • Create a Framework for evaluating pending and existing regulations that affect our supply chains by region • Develop the strategy for regulatory influence • Develop engagement model with DHS and the Cross Sector Working Group. Supply Chain Resiliency Implementing, developing and driving projects that improve resiliency - Including; Existing and New Products, Existing and New Supply Chains (transportation, manufacturing, logistics) Supply Chain Security Risk minimization – best practices for prevention, avoidance, deterrence security threats in the supply chain Intermodal Supply Chain Security – expanding on the ISO 28000. To identify new security rules and their impact on supply chain risk and compliance programs Risk Assessmen t and Monitoring Best practices for performing a risk assessment and impact analysis in the supply chain Resiliency Metrics – metrics for recovery time objectives in the supply chain. Supplier Resiliency, Product Resiliency, Node Resiliency (Internal and external suppliers) 1. Finalize/publish the following: Catalog of key risks, Supply chain risk management process, Common and concise risk management terminology 2. Provide a table or list of alternative risk analysis methods to add more depth to the toolkit for supply chain risk practitioners. Incident Develop Best Practices for Supply Chain Incident • Deliver an. Chain “Introduction to Crisis. Council Management” guidance document: Draft complete/reviewed; Final reviews due 15 2/9 Supply Risk Leadership 2. Identify critical elements of a BC/DR plan – Completed 2/17/2010 3. Develop/map best practices for each critical element – May SCRLC mtg 4. Define performance measurement criteria for a BCP – mtg June & July 5. Determine standard lifecycle of a corporate BC program – mtg Sept 6. Define how the BCP elements map to the lifecycle – mtg Oct 7. Review and clean up 2010 deliverables – mtg Nov

Track: SCRLC Governance § Objective: § Deliverables: To provide recruiting, meeting coordination, and administrative support to the council § Track Leaders: Lance Solomon, Cisco Dave Pollard, Fex. Ex §Track Members: John Brown, Coca Cola Karen Juhl, Boeing Ken Kongismark, Boeing Robert Larson, Genentech Christopher Patterson, GE Erin Thomoson, EI Supply Chain Risk Leadership Council 16

WG: SCRM Best Practices & Standards Development Objective: • Provide non-regulatory framework for collecting, developing, and implementing best practices for supply chain risk and resiliency management. • Create an engagement model to proactively influence standards and regulations across industries and their related organizations/councils. • Work Group Lead: Glen Meskimen, App Materials • Patrick Nowatzky, RR • Casper Hunsche, SCC • Lance Solomon, Cisco Deliverables: • Internal: • Evaluate ISO 31000 and gather member feedback on the applicability of this standard to our objectives and approach for addressing risk in our supply chains – Complete as of Feb 2010 • Determine how to apply ISO 31000 to supply chain risk and resilience management • Develop process for defining cohesive track deliverables and for reviewing/finalizing track deliverables • Deliver a supply chain risk and resiliency maturity model framework • Document SCRM guidelines of best practices of council member companies in a standard framework External: • A strategy to influence standards and how to engage with external orgs. • Determine what and how to publish externally Supply Chain Risk Leadership Council 17

Track: Preparedness, BCP, and Recovery Planning § 2010 Deliverables: Objective: Assess your internal recovery capabilities and assess your suppliers’ recovery capabilities - Internal: Business Processes within your company - External: Sourcing and Logistics § Track Leader: Karen Juhl, Boeing Craig Babcock, P&G §Track Members: Tim Astley, Zurich Amy Cox, Rand Jane Khoury, Cisco Eddy Liu, TSMC Brian Peng, Fox. Conn Jennifer Trost, MNP Dave Pollard, Fed. Ex Bev Williamson, J&J Lance Solomon, Cisco Grover Thurman, Fox. Conn Jennifer Williams, Fox. Conn 1. Definition of business continuity (staying in business) and BC planning – Completed 1/26/2010 2. Identify the critical elements of a business continuity/disaster recovery plan – Completed 2/17/2010 3. Develop/map best practices for each of the critical elements defined – May SCRLC meeting 4. Define performance measurement criteria for a BCP – meeting June & July 5. Determine standard lifecycle of a corporate business continuity program – meeting August & September 6. Define how the BCP elements map to the lifecycle – meeting October 7. Review and clean up 2010 deliverables – meeting November Supply Chain Risk Leadership Council 18

Track: Regulatory Compliance Objective: Get information out there to shape policy and inform policy makers and partner with an organization that can lobby policy makers. 2: Provide input to the ISO standard development team. Best Practice Sharing with the council. This group will start in the US and Europe and eventually will expand the scope globally. § Track Leader: Chris Patterson, GE Nick Wildgoose, Zurich Deliverables: (from Regulatory WG notes) • Create a Framework for evaluating pending and existing regulations that affect our supply chains by region • Develop the strategy for regulatory influence • Develop engagement model with DHS and the Cross Sector Working Group. §Track Members: Sheryl Byrd, GE Ken Kongismark, Boeing Robert Munyon, Genentech Supply Chain Risk Leadership Council 19

Track: Supply Chain Security Objective: Risk minimization – best practices for prevention, avoidance, deterrence security threats in the supply chain Intermodal Supply Chain Security – expanding on the ISO 28000. § Track Leaders: Ken Kongismark, Boeing; Kirsten A Provence, Boeing • Track Members: Jeffrey Beck, Genzyme Terence Brunson, LMI Mary Chenoweth, RAND Andrew Cox, DHS Scott Dedic, Sony Jim Rice, MIT Bob Weronik, GE § Deliverables: To identify new security rules and their impact on supply chain risk and compliance programs Does this share common objective with Regulatory track? Supply Chain Risk Leadership Council 20

Track: Supply Chain Resiliency Objective: Implementing, developing and driving projects that improve resiliency Including; Existing and New Products, Existing and New Supply Chains (transportation, manufacturing, logistics) § Deliverables: § Track Leaders: Robert Larson, Genentech; Chris Patterson, GE §Track Members: Elvira Loredo, RAND Glen Meskimen, Applied Materials David Middleton, Rolls Royce Robert Munyon, Genentech John O'Connor, Cisco Dave Pollard, Fed. Ex Marc Robbins, Ph. D. , RAND Lance Solomon, Cisco Dean Wang, Fox. Conn Supply Chain Risk Leadership Council 21

Track: Risk Assessment and Monitoring Objective: Best practices for performing a risk assessment and impact analysis in the supply chain Resiliency Metrics – metrics for recovery time objectives in the supply chain. Supplier Resiliency, Product Resiliency, Node Resiliency (Internal and external suppliers) § Track Leader: John Brown, Coca Cola § Deliverables: 1. Finalize/publish the following: - Catalog of key risks - Supply chain risk management process - Common and concise risk management terminology §Track Members: Ravi Anupindi, U of M Tim Astley, Zurich Elizabeth Carroll, John Deere David Middleton, Rolls Royce Nancy Moore, RAND Dave Morrow, SCC Robert Munyon, Genentech Christopher Patterson, GE Brian Squire, Zurich Jacqueline Thatcher, Merck Nick Wildgoose, Zurich Taylor Wilkerson, LMI Orlando Zapata, Applied Materials Mahmood Zarei, Sony 2. Provide a table or list of alternative risk analysis methods to add more depth to the toolkit for supply chain risk practitioners. Supply Chain Risk Leadership Council 22

Track: Incident Detection & Crisis Mgt § Deliverables: Objective: Develop Best Practices for Supply Chain Incident Detection and Crisis Management § Track Leader: Bob Weronik, GE §Track Members: Randy Di. Girolamo, Fed. Ex Christopher Patterson, GE Bob Smola, John Deere Mark Wang, Sc. D. , RAND Steve Kay, GE Deliver an “Introduction to Crisis Management” guidance document - Draft complete and reviewed - Final reviews due 2/9 (need format/template) - Delivered to Council 2/11 Deliver a sample Crisis Management Plan - Table of Contents - Include 8 common elements of Sloan crosswalk -1 st draft to Track by April meeting Deliver a sample “Notice of Resiliency Statement” - Similar to a holding statement - Need member companies to supply track with samples Supply Chain Risk Leadership Council 23

Master Track Roster Track/WG Name Lead(s) Members Regulatory Engagement and Landscape Chris Patterson, GE Nick Wildgoose, Zurich; Patrick St. Laurent, EI; Erin Thomoson, EI Sheryl Byrd, GE; Ken Kongismark, Boeing ; Robert Munyon, Genentech; Christopher Patterson, GE Standards & Best Practices Development Glen Meskimen, Applied Materials Grover Thurman, Foxconn; Jackie Thatcher, Merck; John Brown, Coca-Cola; Ken Konigsmark, Boeing; Lance Solomon, Cisco; Linda Conrad, Zurich; Nick Wildgoose, Zurich; Patrick Nowatzky, Rolls Royce; Bob Weronik, GE; Bob Smola, John Deere; Taylor Wilkinson, LMI; Marc Siegel, ASIS Internat’l Supply Chain Security Ken Kongismark, Boeing; Kirsten A Provence, Boeing Jeffrey Beck, Genzyme; Terence Brunson, LMI; Mary Chenoweth, RAND; Andrew Cox, DHS; Scott Dedic, Sony; Jim Rice, MIT; Bob Weronik, GE Supply Chain Resiliency Robert Larson, Genentech; Chris Patterson, GE Elvira Loredo, RAND; Glen Meskimen, Applied Materials; David Middleton, Rolls Royce; Robert Munyon, Genentech; John O'Connor, Cisco; Dave Pollard, Fed. Ex; Marc Robbins, Ph. D. , RAND; Lance Solomon, Cisco; Dean Wang, Fox. Conn; Stephen Fecho, Merck; Marc Siegel, ASIS Internat’l Incident Detection & Crisis Mgt Bob Weronik, GE Randy Di. Girolamo, Fed. Ex; Christopher Patterson, GE; Bob Smola, John Deere; Mark Wang, Sc. D. , RAND Risk Assessment & Monitoring John Brown, Coca Cola Ravi Anupindi, U of M; Tim Astley, Zurich; Elizabeth Carroll, John Deere; David Middleton, Rolls Royce; Nancy Moore, RAND Dave Morrow, SCC; Robert Munyon, Genentech; Christopher Patterson, GE; Brian Squire, Zurich; Jacqueline Thatcher, Merck Nick Wildgoose, Zurich; Taylor Wilkerson, LMI Orlando Zapata, Applied Materials; Mahmood Zarei, Sony Preparedness, BCP, and Recovery Planning Karen Juhl, Boeing; Craig Babcock, P&G Jennifer Williams, Foxconn; John Brown, Coca Cola; Karen Juhl, Boeing; Ken Kongismark, Boeing; Robert Larson, Genentech; Christopher Patterson, GE; Erin Thomoson, EI Governance Lance Solomon, Cisco; Dave Pollard, Fex. Ex John Brown, Coca Cola; Karen Juhl, Boeing; Ken Kongismark, Boeing; Robert Larson, Genentech; Christopher Patterson, GE; Erin Thomoson, EI Supply Chain Risk Leadership Council 24