Xerox Supplier Security Requirements

Similar documents
Minimum-Security Criteria for C-TPAT Foreign Manufacturers

Foreign Manufacturer Eligibility Requirements

C-TPAT Minimum Security Criteria

Security Procedure - Participation / Certification in Foreign Customs Administrations Supply Chain Security Programs

C-TPAT Security Guidelines for Air Freight Consolidators, Ocean Transportation Intermediaries and Non-Vessel Operating Common Carriers (NVOCC)

Importers: C-TPAT Minimum Security Requirements

C-TPAT Partner Application for Importers Instructions

C-TPAT Minimum Security Requirements Importers

C-TPAT Security Standards. Importers

TRUSTED TRADER APPLICATION (C-TPAT AND ISA)

Please complete the questionnaire and fax it to

Air Carrier Eligibility Requirements

A Message for Brokers Letter And Security Guidelines for Brokers

Customs -Trade Partnership Against Terrorism (C-TPAT) Vendor Participation Overview

Milestone AV Technologies TECHNICAL SPECIFICATION

C-TPAT Security Criteria. Sea Carriers

C-TPAT Security Questionnaire PASS FAIL 1

Lowe s Corporate Cargo Security Guidelines for Manufacturing and Warehouse Facilities

WILSONS LEATHER POLICY ACKNOWLEDGEMENT 2008

CTPAT Security Requirements for Import Suppliers

C-TPAT Requirements. Dated: July 1 st, Valued Suppliers. C-TPAT Security Recommendations and Requirements

Rail Carrier Minimum-Security Criteria

C-TPAT Audit Report. General Overview of the Audit s findings. Overall Score (result) Audit Findings & Corrective Action

C-TPAT Expectations for

C-TPAT Information for Foreign Manufacturers & Suppliers

C-TPAT Questionnaire. Type of Partner

IMPORTER SECURITY RECOMMENDATIONS CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM (C-TPAT)

Milliken and Company CTPAT Security Profile. Guidelines and Procedures for maintaining compliance with the CTPAT minimum security requirements

Foreign Factory Profile

ABSTACT 2016 GENERAL SECURITY GUIDELINES AND OPERATIONAL PROCEDURES

Menard, Inc. ( Menard, Inc. ) C-TPAT Protocols for Suppliers

C-TPAT Expectations for Agents, Vendors & Manufacturers

Supply Chain Questionnaire Business Partners

Security Model. Jointly implement a security model within each segment of the supply chain Production Transportation Importation Distribution

Colony Brands, Inc. Supply Chain Security Profile Customs-Trade Partnership Against Terrorism Service Provider Questionnaire

Tenneco is a participant in the Customs-Trade Partnership Against Terrorism (C-TPAT). In the US,

BV Security Assessment (Based on C-TPAT SCS Best Practice, US Customs and Border Protection) (1-day Assessment)

Proactive Approaches. To Minimize. Supply Chain Security. Breaches in the Rail, Air, Ocean and Land Environment

Guidance Notes FSR 2014

CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM

TRAILER/CONTAINER SECURITY

Food Defense Supplier Guidelines

Supply Chain Security Container Inspection and Seal Application

Supply Chain Security Guidelines

Retail Food Establishment. Self-Assessment Checklist. for. Food Defense

AM Retail Group, Inc. C-TPAT EVALUATION

FOOD DEFENCE SELF-ASSESSMENT CHECKLIST GRAIN HANDLING FACILITIES

2011 TAPA FSR Scoring Matrix FOR USE WITH TAPA BUYER AUDIT FORM 2011

Text Slide. Container and Seal Inspection Workshop

Pakistan Supply Chain Security (PSCS) Code

Global Security Verification Report

ACCO Brands Corporation. Global Social Responsibility Policy

SUPPLY CHAIN SECURITY PROGRAMS. Customs-Trade Partnership Against Terrorism. Partners In Protection

The factory must establish in writing the persons who are authorized to complete and/or sign shipping documents.

Global Security Verification Report

Global Security Verification Report

Text Slide. Container and Seal Inspection Workshop

Integrated Compliance Manual for Vendors and Factories

CONVEYANCE INSPECTION PROCEDURES AND SEALING PROCESS. ADAPTED FROM United Global Security: The Challenge Ahead

Food Defense and Emergency Response Security Guidelines. Keep America's Food Safe

Integrated Compliance Manual for Vendors and Factories

FACTORY COMPLIANCE. NEW VENDOR MANUAL

SEAL INTEGRITY PROGRAMME APPENDIX TO ANNEX I FRAMEWORK OF STANDARDS TO SECURE AND FACILITATE GLOBAL TRADE

Global Security Verification Report

TAPA FSR 2009 Kraków 4th June 2009 Leszek Sitkowski LRQA Poland

DEVELOPING A FOOD DEFENSE PLAN A GUIDE

Frequently Asked Questions Regarding Minimum Security Criteria for Importers 03/25/2005

SECTION 1: TRADER INFORMATION

Physical Security Assessment Form

Security Innovations to Adapt to Emerging Threats

CUSTOMS-NOTES. December 13, Important Trade Security Measures

IMPORTER ASSESSMENT PROGRAM FOR FOREIGN VENDORS

C-TPAT Best Practices. Wayne Kornmann Director, Long Beach C-TPAT Field Office

Supply Chain Security: Boeing's C-TPAT Program (Customs-Trade Partnership Against Terrorism) & Commercial Invoices

Table of Contents. Introduction Features for 2015 Implementation Suggestions C-TPAT Project Plan and Organizer Formatting Instructions

Ground Transportation. Robert Fernandez Vice President, Direct Services, Inc. September 3, 2014

Air Cargo & Air Supply Chain Security : Perspective From Integrators

APPENDIX 4-D PROCEDURES FOR ENTERING VAULT STORAGE AREAS OF SENSITIVE STOCKPILE MATERIALS

BIOSECURITY IN THE DAIRY PLANT IDFA's Guidance Document for the Dairy Industry

FSR List of Changes 2014 v 2017

APPENDICES. Agricultural Calcium Ammonium Nitrate Security Code of Practice JANUARY 2019

FACILITY SECURITY PLAN (FSP) REVIEW CHECKLIST

U.S. DOT SECURITY PLAN REQUIREMENTS FOR THE TRANSPORTATION OF PETROLEUM PRODUCTS

AEO Safety and Security Guidelines: Freight Forwarder

ICC Guidelines for Cross-Border Traders in Goods

TEXAS LOTTERY COMMISSION

Cargo and Mail ( )

McCain Foods Limited North American Customer Pickup Policy version 1.0

FSR2017 FACILITY SECURITY REQUIREMENTS DRAFT COPY. Transported Asset Protection Association

SECTION 10. WASTE TIRE FACILITIES and WASTE TIRE HAULERS Standards for Tire Retailers, Wholesalers and Fleet Service Facilities

IMPORTING & EXPORTING NEW DEVELOPMENTS IN OCEAN PRICING AND CUSTOMS SUPPLY CHAIN SECURITY By: Andrew M. Danas, Esq. Grove, Jaskiewicz and Cobert, LLP

Tandy Leather Factory Supplier Code of Conduct

Appendix 2 Authorized Economic Operators (AEO) Self-assessment questionnaire

NORDSTROM factories are required to perform a seven-point inspection process designed to verify the physical integrity of the container.

Supply Chain Security Management Systems The ISO Link

IMPLEMENTING GUIDANCE FOR LICENSEES THAT POSSESS RADIOACTIVE MATERIAL QUANTITIES OF CONCERN

October Import/Export Policy Supply Chain Security for Imports Standard Operating Procedure (SOP) Page 1 of 22.

AAPA. Terminal and Container Cargo Security. Mark Tierney Senior Director Security and Compliance Maersk Inc

DRIVER ADDENDUM TO SERVICES AGREEMENT. Last update: October 20, 2015

Supplier International Shipping Instructions

Transcription:

Xerox Supplier Security Requirements Suppliers who are involved in the manufacture, storage, and transportation of Xerox products ( Suppliers ) for Xerox Corporation and / or its subsidiaries under Xerox Corporation s control (collectively Xerox ) are required, at a minimum, to meet the following Xerox Supplier Security Requirements. 1. Supplier Security Requirements: The Xerox Supplier Security Requirements listed herein need to be present in the security / business processes and practices of Suppliers, as allowed by law, for the manufacture, storage, and transportation of Xerox products to satisfy requirements of the United States Customs-Trade Partnership Against Terrorism (C-TPAT) and the European Union Authorised Economic Operator (AEO) programs that Xerox participates in. a) Suppliers will notify Xerox in writing of C-TPAT, EU AEO or any other certification by foreign customs administrations supply chain security programs. Certification information can be emailed to: CorporateSecurity@xerox.com b) Suppliers will notify Xerox in writing within five (5) business days in the event their C-TPAT, EU AEO certification or other certification is suspended, revoked or cancelled. c) Suppliers will include current and future criteria contained in the Xerox Supplier Security Requirements in their security / business process. Xerox Supplier Security Requirements are, in part, based on criteria found in C-TPAT and EU AEO guidelines. Criteria for the C-TPAT program can be found at the following link: https://www.cbp.gov/border-security/ports-entry/cargo-security/ctpat d) Suppliers should also take steps designed to incorporate these Xerox Supplier Security Requirements into their agreements with their suppliers who manufacture, load, transit, accept, store, deliver, or otherwise affect the integrity of Xerox shipments e) In order to comply with Importer Security Filing requirements for ocean shipments under U.S. Customs and Border Protection regulations, Supplier will provide full cooperation and support as reasonably requested by Xerox, including without limitation, providing complete and accurate data to Xerox s applicable freight forwarder at least 48 hours prior to loading the shipment aboard a vessel destined for the U.S. Supplier shall indemnify and hold Xerox harmless from any fines, penalties, damages, costs and expenses levied against Xerox due to Supplier s failure to comply with the foregoing. 2. Container and Trailer Security and Inspection: Container and trailer integrity protects against the introduction of unauthorized material and/or persons and to prevent the unauthorized removal of material. At point of stuffing, procedures must be in place to properly inspect, seal and maintain the integrity of the shipping containers and trailers. A high security seal must be affixed to all loaded containers and trailers bound for Xerox that will cross an international border. All seals must meet or exceed the current PAS ISO 17712 standards for high security seals. a) Container Inspection: Documented procedures must be in place and followed to verify the physical integrity of the container structure prior to stuffing, to include the reliability of the locking mechanisms of the doors. The following seven-point inspection process must be followed and documented for all containers to ensure that there are no hidden compartments in which unauthorized material could be hidden: 1. Front wall 2. Left side 3. Right side 4. Floor 5. Ceiling/Roof 6. Inside/Outside doors 7. Outside /Undercarriage Xerox Supplier Security Requirements 01/25/2018) Page 1 of 5

b) Trailer Inspection: Procedures must be in place to verify the physical integrity of the trailer structure prior to stuffing, to include the reliability of the locking mechanisms of the doors. The following ten-point process must be followed and documented: 1. Fifth wheel area check natural compartment/skid plate 2. Exterior front/sides 3. Rear bumpers/doors 4. Front wall 5. Left side 6. Right side 7. Floor 8. Ceiling/Roof 9. Inside/Outside doors 10. Outside/Undercarriage c) Container and Trailer Seals: Written procedures must stipulate how seals are to be controlled and affixed to loaded containers and trailers, to include procedures for recognizing and reporting compromised seals and/or containers/trailers to Xerox and appropriate local authorities. Only designated Supplier employees should distribute container seals for integrity purposes. d) Removal of Container Seals: Suppliers who are accepting sealed shipments for Xerox must take steps to ensure the integrity of the seal prior removing it from a container/trailer. The seal must be inspected to ensure the number matches the information on the shipping documents. It must also be inspected for signs of tampering or compromise. If evidence of tampering or compromise is found, the container/trailer should not be opened until management and Xerox Corporate Security is notified. d) Container and Trailer Storage: Containers and trailers must be stored in a secure area to prevent unauthorized access and/or manipulation. Procedures must be in place for reporting and neutralizing unauthorized entry into containers/trailers or container storage areas. 3. Conveyance Security: Conveyances are defined as the combined tractor trailer/container. Conveyances must be secured to prevent against the introduction of non-manifested goods being added to them and to prevent unauthorized access to the actual container/trailer while they are under the control of the Supplier. a) Conveyance Security: Procedures must be in place to ensure that conveyances are capable of being effectively secured against the introduction of unauthorized material and persons. b) Conveyance Inspection: Procedures must be in place to ensure that potential places of concealment of illegal goods on conveyances (natural or hidden) are regularly inspected. All internal and external compartments and panels must be secured. c) Tracking and Monitoring of Conveyance: Procedures must be in place to track and accurately monitor activities relating to the movement of conveyances containing Xerox products both within the Supplier s premises and at handover points between the Supplier and external parties. The tracking and monitoring system can be via (a) electronic means (e.g., transponders, smart cards, electronic seals, videos, digital photos, mobile phones, radios and Global Positioning Systems (GPS)) or (b) activity logs, etc. d) Operators Guide: Operators of conveyances must be trained to maintain the security of the conveyances and the cargo at all times and to report any actual or suspicious incident to designated security department staff. Guidelines must be in place to train operators on: (1) Detail route planning for pick up and delivery; (2) Confidentiality of load, route and destination; (3) Policy on keys, parking area, refueling, and unscheduled stops; and (4) Installation and testing of security alarms and tracking devices, if any. e) Storage of Conveyance: Conveyances must be stored in a secure area and/or manner as to prevent unauthorized access and/or tampering. Xerox Supplier Security Requirements 01/25/2018) Page 2 of 5

4. Physical Access Controls: Access controls prevent unauthorized entry to facilities, maintain control of Supplier s employees and visitors, and protect company assets. Access control processes must include a method to establish the positive identification of all Supplier employees, visitors, and vendors at all points of entry. a) Supplier Employees: An employee identification system must be in place for positive identification and access control purposes. Supplier employees should only be given access to those areas necessary for the performance of their duties. Company management or security personnel for Supplier must adequately control the issuance and removal of Supplier employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. keys, key cards, etc.) must be documented. b) Visitors: Visitors must present photo identification for documentation purposes upon arrival. All visitors should be escorted and visibly display temporary identification. A visitors log must be retained for at least 30 days. c) Driver Identification: All drivers of inbound or outbound loads must be identified using a government issued photo ID (driver s license) and recorded on a log. d) Deliveries (including mail): Proper vendor ID and/or photo identification must be presented for documentation purposes upon arrival by all vendors. Arriving packages and mail should be periodically screened before being disseminated e) Challenging and Removing Unauthorized Persons: Procedures must be in place to identify, challenge and address unauthorized/unidentified persons. 5. Personnel Security: Processes must be in place to screen prospective employees of Supplier and to periodically check current employees of Supplier, including those set forth below, as permitted by applicable law. The purpose is to verify the prospective employee s identity and that their background and employment experience does not demonstrate unethical or illegal conduct that would affect their performance of assigned duties. In the event a Supplier s contract with Xerox contains additional pre-employment verification, background check and/or drug screening requirements, the Supplier must comply with such requirements as permitted by applicable law and, if such requirements conflict with those contained in these Xerox Supplier Security Requirements, the Supplier s contract with Xerox shall take precedence. a) Pre-Employment Verification: Application information, such as employment history, references, and job performance, must be verified prior to employment. b) Background Checks / Investigations: Consistent with governmental regulations, background checks and investigations should be conducted for prospective employees of Supplier. c) Personnel Termination Procedures: Companies must have procedures in place to remove identification, facility, and system access for terminated employees of Supplier. 6. Procedural Security: Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling, and storage of cargo in the supply chain. a) Documentation Processing: Procedures must be in place to ensure that all information used in the clearing of merchandise/cargo is legible, complete, accurate, and protected against the exchange, loss or introduction of erroneous information. Documentation control must include safeguarding computer access and information. b) Manifesting Procedures: To help ensure the integrity of shipments, procedures must be in place to ensure that information required to support the shipping of products to Xerox is provided to Xerox and other entities as required to support the shipment process and is reported accurately and timely. Xerox Supplier Security Requirements 01/25/2018) Page 3 of 5

c) Shipping & Receiving: Arriving cargo must be reconciled against information on the cargo manifest. The cargo should be accurately described, and the weights, labels, marks and piece count indicated and verified. Departing cargo should be verified against purchase or delivery orders. Drivers delivering or receiving cargo must be positively identified before cargo is received or released. d) Storage of Xerox Products: Storage of finished Xerox products must be separated by a physical barrier from Xerox products staged on loading docks awaiting shipment. e) Cargo Discrepancies: All shortages, overages, and other significant discrepancies or anomalies must be resolved and/or investigated appropriately. Applicable law enforcement agencies must be notified if illegal or suspicious activities are detected, as appropriate. f) Property Control: Controls must be in place to control the removal of property. g) Losses & Incidents: All losses and other incidents concerning Xerox products must be reported to Xerox Corporate Security (CorporateSecurity@xerox.com) or 1-866-979-8222) within 1 business day. Supplier must fully investigate losses and other incidents concerning Xerox products under their control. 7. Physical Security: Facilities must have physical barriers and deterrents that guard against unauthorized access. Physical security criteria include: a) Fencing: As practicable, perimeter fencing should enclose the areas around cargo handling and storage facilities. Interior fencing within a cargo handling structure should be used to segregate domestic, international, high value, and hazardous cargo. All fencing must be regularly inspected for integrity and damage. b) Gates and Gate Houses: Gates used to control access through which vehicles and/or personnel enter or exit must be manned and/or monitored. The number of gates should be kept to the minimum necessary for proper access and safety. c) Parking: Private passenger vehicles should be prohibited from parking without authorization in or adjacent to cargo handling and storage area. d) Building Structure: Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair. e) Locking Devices and Key Controls: All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys. f) Lighting: Adequate lighting must be provided inside and outside the facility including the following areas: entrances and exits, cargo handling and storage areas, fence lines and parking areas. g) Alarms Systems & Video Surveillance Cameras: Alarm systems and video surveillance cameras utilized to monitor premises and prevent unauthorized access to cargo handling and storage areas must be functioning and maintained. CCTV images must be maintained for at least 60 days. 8. Security Training and Threat Awareness: A threat awareness program must be in place and maintained to recognize and foster awareness of the threat posed to Xerox products at each point in the supply chain. Supplier s employees must be made aware of the procedures the Supplier has in place to address a situation and how to report it. Additional training should be provided to Supplier employees in the shipping and receiving areas, as well as those receiving and opening mail. a) Specific training should be offered to assist employees in maintaining cargo integrity, recognizing internal conspiracies, and protecting access controls. b) A process for reporting security incidents should be in place and made available to all employees. Xerox Supplier Security Requirements 01/25/2018) Page 4 of 5

9. Information Technology Security: a) Password Protection: Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place and provided to Supplier s employees in the form of training. b) Accountability: A system must be in place to identify the abuse of IT including improper access, tampering or the altering of business data. All system violators must be subject to disciplinary actions for abuse, as permitted by applicable law. 10. Compliance Process: Xerox will assess a Supplier s compliance with these Xerox Supplier Security Requirements through an online self assessment completed by the Supplier and through a physical audit. a) Self Assessments: Suppliers will complete an online security assessment via the Xerox Supplier Security Assessment Tool (XSSAT) that measures compliance with these Xerox Supplier Security Requirements. Follow up online assessments will be required once per year, or more frequently in the event there is a material change to a Supplier s scope of work for Xerox, a significant change in a Supplier s security process, or at the request of Xerox. The survey can be initiated by completing a Self Assessment Initiation Form found at: http://www.xerox.com/perl-bin/formeng.pl?form=xerox_security_assessment. b) Audit: Suppliers will provide Xerox and any agent of Xerox, access, upon reasonable notice, to their records and facilities in connection with an audit to determine compliance with these Xerox Supplier Security Requirements. c) Non-Compliance with Xerox Supplier Security Requirements: Suppliers shall identify areas of its operations that are found to be in non-compliance based on the online security assessment and / or Xerox audit and promptly develop and implement a plan to correct such non-compliance. 11. Questions: Suppliers should contact Xerox with any questions or requests for exceptions to these Xerox Supplier Security Requirements to Xerox Corporate Security (CorporateSecurity@xerox.com). Any exceptions granted by Xerox to these Xerox Supplier Security Requirements shall be made in writing (including without limitation, email or other electronic format) by Xerox Corporate Security. 12. DISCLAIMER: THESE XEROX SUPPLIER SECURITY REQUIREMENTS ARE MINIMUM REQUIREMENTS TO BE A SUPPLIER TO XEROX AND SHALL ONLY BE FOLLOWED AS PERMITTED BY APPLICABLE LAW. XEROX DOES NOT REPRESENT OR WARRANT THAT COMPLYING WITH THESE XEROX SUPPLIER SECURITY REQUIREMENTS WILL BE ADEQUATE TO ADDRESS A SUPPLIER S SECURITY NEEDS. Xerox Supplier Security Requirements 01/25/2018) Page 5 of 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback