BV Security Assessment (Based on C-TPAT SCS Best Practice, US Customs and Border Protection) (1-day Assessment)

Transcription

1 ompany name: (Based on -TPAT SS Best Practice, US ustoms and Border Protection) lause Degree of ompliance 1. PERSONNEL SEURITY 1.1 The company conducts employment screening and interviewing of prospective employees including periodic criminal background checks and application verifications. 1.2 Employees are informed and aware of a written company's code of conduct or policy that addresses security practices and violations (interview at least 3 employees). 1.3 Where local law prohibits criminal background checks, the company utilizes alternative methods to check employees' backgrounds. Personnel termination procedures in writing are established to ensure 1.4 termination procedures are strictly followed. Issuing and recording of physical access devices is controlled and monitored. Terminated employee must return all company security 1.5 property (e.g. ID badge, keys, access cards, entrance codes or computer access). A final check shall not be issued to the employee until all security property is returned. 2. PYSIAL SEURITY The main manufacturing and final storage buildings are of a solid 2.1 structure to prevent unlawful access argo/packed product stored outside the exterior yard area is enclosed with fencing and/or is secured otherwise, to prevent unlawful access. argo/packed product stored outside the cargo storage area is enclosed with fencing and/or secured otherwise, to prevent unlawful access. ajor access and security points are well lit (lights in all critical areas must be functioning). The company provides for segregation and marking of international, domestic, high-value, and dangerous goods cargo within the facility by a safe, caged or otherwise fenced-in area. 2.6 The company has a defined parking area for private vehicles which are separate from the shipping, load dock, and cargo areas. DO NOT DISLOSE OUTSIDE YOUR ORGANIZATION WITOUT BUREAU VERITAS PRIOR WRITTEN ONSENT. Page 1 of 6

2 ompany name: (Based on -TPAT SS Best Practice, US ustoms and Border Protection) lause Degree of ompliance The facility is well protected by security systems and/or security personnel at all times. The following systems or combination of security systems can be used and at least ONE of them shall be in place. If none of below measure is available, 'N' should be checked. 2.7 a) Electronic burglar alarm system b) Surveillance cameras/closed circuit television (TV) c) ameras monitored by local personnel and/or outside security company d) Alarms monitored by outside security company e) Security guards on duty after business hours f) Security guards on duty at all times (24 hours per day, 7 days per week) g) Security dogs/anine units h) Security gate or gate house monitored by employee or security guard i) Area patrolled by local law enforcement 2.8 The company has security systems that cover all critical areas (all external exit doors, loading docks, production areas, etc.) 2.9 The facility has electronic motion detectors and alarms that cover all critical areas The facility has electronic motion detectors linked to a single, central alarm system Incoming trucks/trailers/containers are subject to inspection for contents and cleanliness Outgoing trucks/trailers/containers are subject to inspection for contents and cleanliness Electronic systems are serviced and tested periodically The company maintains recorded security tapes for a minimum of 30 days in a secure location with restricted access. 3. PYSIAL AESS ONTROLS DO NOT DISLOSE OUTSIDE YOUR ORGANIZATION WITOUT BUREAU VERITAS PRIOR WRITTEN ONSENT. Page 2 of 6

3 ompany name: (Based on -TPAT SS Best Practice, US ustoms and Border Protection) lause Degree of ompliance Appropriate access controls are in place to prevent unauthorized access. The following systems or combination of access control systems can be used and at least ONE of them shall be in place. If none of below measure is available, 'N' should be checked. 3.1 a) Photo identification badges for employees b) Electronic proximity/swipe card keys c) Electronic buzzer/release doors d) Security guard checkpoints e) Biometric handprint identification system together with a 4-digit employee code 3.2 If proximity reader system is used, the company periodically reviews proximity reader system to identify unusual patterns of employee access. 3.3 If company has a card access system, records of daily transactions are maintained in a secure location for a minimum of 60 days. 3.4 If company has a card access system, the system is serviced and tested periodically. 3.5 The company reviews employee identification card on an annual basis. 3.6 During extended absences, the employee's access to the facility and information systems is temporarily suspended until his/her return Employees' entry and exit times are restricted according to their work schedule. Attempts to access work areas outside normal hours are recorded and investigated. Employees have limited access to finished products and storage areas. 3.9 Visitors/Vendors are positively identified upon arrival at the facility Visitors/Vendors shall present photo identification. DO NOT DISLOSE OUTSIDE YOUR ORGANIZATION WITOUT BUREAU VERITAS PRIOR WRITTEN ONSENT. Page 3 of 6

4 ompany name: (Based on -TPAT SS Best Practice, US ustoms and Border Protection) lause Degree of ompliance 3.11 Logbooks are kept showing visitor/vendor name, company they are representing, and date/time in and out of the facility Visitors/Vendors shall wear a badge or similar identification Visitors/Vendors are escorted by security personnel or company representative at all times in manufacturing, loading and packing areas Drivers of delivery vehicles are positively identified before cargo/packed product is received Drivers of pickup vehicles are positively identified before cargo/packed product is released The company establishes procedures and an isolated area to screen incoming packages and mail before distribution The company periodically conducts random searches of all persons and packages entering the facility. Workers are provided with lockers separate from the factory's production 3.18 and warehouse areas. Personal bags are not allowed inside of the factory. 4. PROEDURAL SEURITY The company establishes a documented Security Policy (System, Procedure, or anual). (Note: This may be a stand alone document or part of a Quality anual or Procedures anual). Procedures for identifying, challenging, and adressing unauthorized persons attempting to enter facilities are in place. The company has a designated person responsible for implementation of security policy and procedures. The company establishes adequate procedures to protect against unmanifested or unapproved parts, components or raw materials being introduced into production. 4.5 The company establishes adequate procedures for monitoring and documenting the movement of incoming and outgoing products. 4.6 The company establishes adequate procedures to protect against unmanifested or unapproved finished products being switched with or placed with acceptable products before shipment from the facility. DO NOT DISLOSE OUTSIDE YOUR ORGANIZATION WITOUT BUREAU VERITAS PRIOR WRITTEN ONSENT. Page 4 of 6

5 ompany name: (Based on -TPAT SS Best Practice, US ustoms and Border Protection) lause Degree of ompliance 4.7 The company establishes adequate procedures for verifying and securing seals on incoming and outgoing shipping containers, trailers, railcars and trucks. 4.8 The company establishes adequate procedures for comparing cargo against manifest documents (proper marking, weighing, counting, etc) A unique shipping mark is generated for each purchase order that gives the consignee the ability to verify that each shipment is legitimate. The same shipping mark is never used twice. Foreign customers are notified of any change in type and quantity of goods actually shipped. Foreign customers are supplied with revised commercial documentation in the event of changes to the actual type and quantity of shipped goods. ommercial documentation is provided to the foreign freight consolidator or carrier prior to actual exportation from the port of loading. The quantity of product being shipped against purchase orders is verified at point of loading. Procedure for tracking the timely movement of containers is in place from factory to port (record truck#, container#, seal#). The company establishes procedures for notifying local law enforcement and other authorities (i.e. ustoms) in cases where anomalies or illegal activities are detected, or suspected. Procedures restricting access to facilities, equipment, and/or cargo/packed products are established and a minimum of annual review is required Documented procedures are established for reporting and addressing unauthorized entry to containers or container storage areas In the case of authorized subcontracting, the company provides adequate supervision of subcontractors to ensure compliance with security issues The company conducts random, documented security assessments on a regular basis The company stationery and logo (stamps, tape, carton bearing the company's logo) are controlled and their use is monitored. DO NOT DISLOSE OUTSIDE YOUR ORGANIZATION WITOUT BUREAU VERITAS PRIOR WRITTEN ONSENT. Page 5 of 6

6 ompany name: (Based on -TPAT SS Best Practice, US ustoms and Border Protection) lause Degree of ompliance 4.21 Security business documents, including purchase orders, invoices, manifests, customer information and archived records are restricted and secure An updated file of orrective Action procedures for security issues is maintained and up to date. 5. INFORATION TENOLOGY SEURITY - omputer Systems 5.1 Written computer security policies/procedures are established. 5.2 Individual accounts and passwords are created for users to access the system. 5.3 Passwords are changed periodically (at least every 90 days) Access to computer systems is monitored and reviewed periodically. Firewalls/anti-virus/tampering prevention software are used to allow the system to both log and detect viruses, security violations and tampering. 5.6 ardware security is controlled and monitored (e.g. controlling work station, security server, password protected screen severs) The company has a contingency plan to protect its IT systems, which include a full IT disaster recovery plan to prepare for any unforeseen incidents. The company conducts system back-ups daily that are stored in a safe and secure place. Additional back-ups are stored off-site. The company regularly holds meeting that are attended by senior 5.9 management to address information technology issues, including system security. 6. SEURITY TRAINING & TREAT AWARENESS 6.1 The company has integrated security training into its new employee orientation and periodic refresher training is provided to existing employees. 6.2 The security awareness program addresses security procedures. 6.3 The security awareness program addresses facility security. 6.4 The security awareness program addresses internal conspiracies. DO NOT DISLOSE OUTSIDE YOUR ORGANIZATION WITOUT BUREAU VERITAS PRIOR WRITTEN ONSENT. Page 6 of 6

7 ompany name: (Based on -TPAT SS Best Practice, US ustoms and Border Protection) lause Degree of ompliance 6.5 The security awareness program addresses cargo/packed product security. 6.6 The security awareness program addresses container security. 6.7 The security awareness program addresses unauthorized access. 6.8 The security awareness program addresses security incident reporting. 6.9 The security awareness program addresses theft prevention Employees are trained in information system security principles and data integrity Employees must complete a mandatory training course that focus on their area of specialty The company has procedures for reporting of potential security issues observed by employees The company has procedures for increasing security awareness by employees. (recognition of internal conspiracies, maintaining product integrity, determining unauthorized access, etc.) The company conducts periodic employee meetings where security 6.14 issues can be discussed and reported in order to increase the security awareness. 7. ONTAINER SEURITY - Shipment to the USA only Ocean containers are brought to the factory for final loading by factory personnel for shipment to the U.S.A. (If no, then section 7 is "Not Applicable: N/A", if yes continue with 7.2). Written procedures are established for inspection of empty ocean containers to detect false walls, hatches, damages, or other security issues (ulti-point inspection). L 7.3 Written procedures are established for inspection of empty ocean containers door locks to ensure they are secure and functioning. Documented records are on file and up-to-date to validate that empty 7.4 containers have been inspected as per documented procedures. DO NOT DISLOSE OUTSIDE YOUR ORGANIZATION WITOUT BUREAU VERITAS PRIOR WRITTEN ONSENT. Page 7 of 6

8 ompany name: (Based on -TPAT SS Best Practice, US ustoms and Border Protection) lause Degree of ompliance 7.5 Documented records are on file and up-to-date to validate that container locks have been inspected as per documented procedures. Seals to be affixed to ocean containers are obtained in ONE of the following manners; (N/A if not applicable) 7.6 a) From the trucker picking up the container at the facility b) Directly from the ocean carrier c) Stock or inventory of seals at the facility d) Seals are affixed by the carrier or consolidator at their facilities e) Other sources (please clearly specify in the audit finding) Seals are kept in a safe and secure place such as a locked file cabinet or safe. A designated person is responsible for maintaining and distributing the seals. Ocean containers stored overnight are effectively secured to prevent unauthorized access by ONE of the following means: (N/A if not applicable) a) Padlocks are used to lock containers b) Ultra-igh security seals, such as "J-Bar" locks are used to lock containers c) Other locking devices are used to lock containers (specify such devises in the audit finding) d) By backing container doors against a hard surface, such as a building wall or concrete dock e) By keeping containers in a secured, fenced-in yard with guards and closed-circuit television DO NOT DISLOSE OUTSIDE YOUR ORGANIZATION WITOUT BUREAU VERITAS PRIOR WRITTEN ONSENT. Page 8 of 6