Rx-360 Supply Chain Security Template -- Requirements for Third Party Logistics Providers 6 June 2012

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Rx-360 Supply Chain Security Template -- Requirements for Third Party Logistics Providers 6 June 2012"

Transcription

1 Rx-360 Supply Chain Security Template -- Requirements for Third Party Logistics Providers 6 June 2012 This template is a tool that was developed In order to assist manufacturer clients with the application of the concepts in the Rx-360 Supply Chain Security White Paper: Audits and Assessments of Third Party Warehousing and Distribution Facilities. This template requirements document is formatted so that it can quickly be edited and included as an addendum to a contract or can be used as a points-to-consider document in formulating a standard in supply chain security in the warehousing and distribution segment of the supply chain.

2 Supply Chain Security Requirements - Table of Contents 1 Supply Chain Security Requirements Document Scope Sub-contractor Compliance General Requirements Statement of Confidentiality Restrictions for the Purchase, Sale and Shipment of <COMPANY NAME> Sourcing of Components Required for <COMPANY NAME> Products National Cargo Security Program Requirements Sub-contractor Approval External Security Providers Physical Security Site Security Personnel Employee Searches Construction Secured Points of Entry Facility Inspections Lighting Video Surveillance and Monitoring Systems Communication Alarm System Auxiliary Power System Perimeter Barrier Perimeter Fencing Private Vehicle Control <COMPANY NAME> Internal Storage Area Requirements Access Control Visitor Identification Visitor Chaperoning Identification Badges Verification of Identity Records and Logs Security Records Employee Records Video Surveillance Logs Computer System Logs Site Access Records and Logs Driver and Vehicle Information Required for Transport Tracking Records Scrap and Destroy Records Inventory and Use Records of <Company Name> Goods Inventory Records of Cargo Shipments Procedural Security Data Access Policy and Procedures Disaster Recovery Plan Business Continuity Plan Security Incident Procedures User Account Procedures Internal Access Control Procedures Cargo Security Standards... 8 Page 1

3 1.7 Personnel Security Employees Handling <COMPANY NAME> Product or Intellectual Property Retention of Training Records Cargo Security On-site Cargo Security Controlling Access to Cargo Control of <COMPANY NAME> Goods in the Facility Storage of <COMPANY NAME> Goods Access to <COMPANY NAME> Goods Returned and Rejected Product Mandatory Scrap and Destruction Destruction of Scrap and Returns Reporting and Notification Good Distribution Practices Violations Supply Chain Security Requirements Violations Notification of Damage or Loss Firewall Access Violations After-hours Alarm Notification List Scrap Recycling List Employee Background Issues Use of Sub-contracted Individuals or Equipment Security Incidents Solicitations by Unauthorized Sellers Unusual Discrepancies in Sales or Orders Reporting Violations of Government Regulations Reporting Revisions of this Document Information Protection Information Security Management Protected Access to <COMPANY NAME> Confidential Information Environmental Controls Fire Suppression Appendices Page 2

4 1 Supply Chain Security Requirements In performing services hereunder, Vendor shall comply with <COMPANY NAME> s Supply Chain Security (SCS) requirements (this document) which may be amended from time to time by <COMPANY NAME> in its sole discretion. Vendor shall use its best efforts, which shall in no event be less than generally accepted industry standards, to ensure the safety and security of <COMPANY NAME> products while such products are in the possession and control of vendor or its <COMPANY NAME>-approved subcontractor pursuant to this Agreement. Vendor shall report any loss of or damage to any <COMPANY NAME> product or its packaging, and any violation of the SCS Requirements, within twenty-four (24) hours of becoming aware of such loss, damage or violation. 1.1 Document Scope Except where noted, the following requirements apply to all packagers, manufacturers, suppliers, contracted carriers, testing laboratories, customs brokerages and distributors ( Vendors ) of <COMPANY NAME> product, whether in finished or unfinished, packaged or unpackaged form, including the handling of any components of said finished or unfinished products and including but not limited to API, excipients, packaging, package inserts, labels, and any raw materials required to produce same (collectively, <COMPANY NAME> Goods ) Sub-contractor Compliance The requirements set forth herein also apply to any <COMPANY NAME> approved sub-contractors used by vendors engaged in any aspect of handling <COMPANY NAME> Goods to the same extent that they apply to vendors. It is the responsibility of all vendors to ensure that their own sub-contractors fully comply with the provisions of this document. 1.2 General Requirements Statement of Confidentiality Vendor must have appropriate confidentiality agreements on file Restrictions for the Purchase, Sale and Shipment of <COMPANY NAME> Segregation of duties must apply in all instances when such activities occur (i.e., the person ordering goods cannot be the person receiving goods). Orders and receipts are also to be tracked Sourcing of Components Required for <COMPANY NAME> Products Vendor may only source components required for <COMPANY NAME> products from suppliers authorized by <COMPANY NAME> National Cargo Security Program Requirements Vendor is either a participant in the C-TPAT program or the applicable foreign equivalent National Cargo Security program (PIP, AEO, etc), or at a minimum, satisfies <Company Name> s minimum Supply Chain Security requirements. Vendor is already an approved member of the applicable National Cargo Security program or has signed a memorandum of understanding ( MOU ) with <Company Name> guaranteeing vendor compliance with <Company Name>'s specified minimum security criteria. Vendor has completed <Company Name> s Security Profile Questionnaire Sub-contractor Approval All sub-contractors used by vendors to handle <COMPANY NAME> Goods must be approved by <COMPANY NAME> before any work is performed External Security Providers In the event that an external firm is retained to provide security for facilities that house <COMPANY NAME> Goods or IP, said firm must be licensed to the full extent required under applicable laws, and have no business connection with any firm providing temporary staff to the authorized supplier. Page 3

5 1.3 Physical Security Facilities shall include the following security features Site Security Personnel One point of contact for site security is required. This point of contact must develop relationships with the local law enforcement agencies in order to encourage timely response to incidents at the LSP site, facilitate receipt of crime trends and other intelligence received by local law enforcement that potentially affects the site s risk assessment, and allow for the exchange of information with neighboring entities. For staffed points of entry, a guard must be present to allow site access during working hours Employee Searches To detect or deter internal theft, a bag/pocket check should take place at the beginning and end of each shift, or as employees enter and leave the premises Construction Material construction of the facility, including doors, windows, skylights and all potential points of entry, must be suitable to withstand forced entry Secured Points of Entry Locking devices are required on all potential points of entry, including visitor access, shipping and receiving access, fire exits and roof hatches. All points of entry must be closed and locked except as necessary for normal operations. All windows and skylights must have security screens. Warehouse exit doors and dock doors must resist forced entry. Dock and warehouse door hinges must be pinned or welded Unstaffed Points of Entry Unstaffed access points must be: Locked Covered by security screens Alarmed Facility Inspections Structures and fencing must undergo regular inspections Lighting Lighting must be adequate to identify all persons entering and exiting facility and parking areas using the video monitoring system. Lighting must be constantly on, twenty-four (24) hours per day Video Surveillance and Monitoring Systems The resolution of live and recorded surveillance images must be good enough to clearly recognize individuals. Video surveillance must be maintained 24 hours per day, and must cover all sides of the facility and all potential points of entry. Video must be both monitored in real time and recorded. The surveillance system must include continuous date and time-stamping. Video recording must be on digital media rather than analog tape Maintenance and Inspection The surveillance system must be inspected and tested no less than monthly. Repairs and adjustments must be made immediately upon detection of damage, malfunction or misalignment. Procedures must be in place for manual testing of systems or equipment. Page 4

6 Video and audio surveillance media must be stored for a minimum of 30 days from the time of their recording, unless they document an event. Audio and video media documenting an event must be retained indefinitely. An event is defined as any breach of security or deviation from this addendum s inclusions Location Cameras must be installed: At a height sufficient to prevent tampering In an environmentally protective housing With conduit to protect cabling into and out of the cameras Video surveillance equipment and media must be kept in a secure location. Video media must be stored in a secure internal location separate from the recording equipment Communication Facility must have internal and external communications systems that connect to internal security and local police Alarm System The alarm system must be physically wired and include motion-detection sensors. Glass-break detectors must be used wherever necessary, particularly on ground floor windows or other windows that can be easily accessed. The alarm control system must be placed in a secure location Maintenance and Inspection The alarm system must be inspected and tested regularly. Repairs and adjustments must be made immediately upon detection of damage, malfunction or misalignment. Procedures must be in place for manual testing of systems or equipment Auxiliary Power System There is a back-up power system for alarm systems and video surveillance equipment Perimeter Barrier A perimeter barrier which defines site boundaries while deterring and delaying intruders from entering the site anywhere other than at designated entry points is required. The focus of the first layer of security will be the perimeter barrier, i.e. a fence, wall, or combination thereof Perimeter Fencing Facility perimeter is fenced. Perimeter fencing and fence topper must be free of vegetation and in a good state of repair. Fencing must be far enough from adjacent structures to prevent site access from them. Perimeter fencing must be at least 8 feet high, not including height of the fence topper. Perimeter fencing has a four-strand or five-strand barbed wire or razor wire fence topper. If the fence topper is barbed wire, it must be angled at 45 degrees out of the facility. Perimeter fencing must completely enclose the facility, penetrated only at designated access points. Vegetation must be cleared for ten meters on both sides of the perimeter fencing. There can be no view blocks (outbuildings, vehicles, etc.) along the perimeter fencing. Camera and guard views along the perimeter fencing and cleared adjacent space cannot be obstructed. Perimeter fencing must be patrolled by Security and adequate CCTV coverage should be installed Private Vehicle Control Private vehicles must be parked in a fenced parking area that is physically separate from facilities housing <COMPANY NAME> Goods or IP. The vendor must also institute a registration system for all vehicles permitted access to said parking area. In no event will private vehicles be permitted in or next Page 5

7 to cargo handling locations. The fenced private parking area should be outside of the vendor s facility. No private vehicles are permitted to enter the facility unless they are searched on entry and exit <COMPANY NAME> Internal Storage Area Requirements <COMPANY NAME> storage areas must be located within the confines of the facility and must be kept closed and locked. 1.4 Access Control Visitor Identification The identity of all visitors must be verified against government-issue photographic identification before they are granted access to facilities housing <COMPANY NAME> Goods or IP Visitor Chaperoning Visitors must be accompanied at all times by an authorized employee when in facilities housing <COMPANY NAME> Goods or devices containing <COMPANY NAME> IP. Visitors and vendors accessing secure internal locations housing <COMPANY NAME> Goods or devices containing <COMPANY NAME> IP must be accompanied by an authorized employee. Vendor shall maintain an electronic visitor log and retain all visitor records for 12 months Identification Badges Photo or serialized ID badges must be provided to all personnel and visitors. Access to the card issuance system must be controlled Verification of Identity Identification of all personnel or visitors granted access to the facility must be verified by electronic means or directly by staff security. 1.5 Records and Logs This section addresses the records and logs required of all vendors and sub-contractors, as applicable Security Records Records of Security personnel are to be kept indefinitely unless and until instructed to the contrary by <COMPANY NAME>. Personnel records must be kept for external Security personnel Employee Records The following records must be kept for both vendor and sub-contractor employees: Employee Terminations Employees Ordering <COMPANY NAME> Goods or <COMPANY NAME> IP Employees Receiving Goods Employees Shipping Goods Training Records Video Surveillance Logs Video surveillance equipment maintenance and testing is recorded in a log. Each camera must have an operational specification written on it, and the officers must audit each camera no less than monthly to ensure that it is performing as required Computer System Logs All computer systems containing <COMPANY NAME> IP, and the critical computing resources on which they depend, must be logged and tracked in accordance with applicable laws and regulations. Access Control Logs must be reviewed every 60 days to verify that only users with valid business reasons and existing management approval have access to systems containing <COMPANY NAME> IP. Page 6

8 Computer log files must be retained for at least 60 days Site Access Records and Logs Site Visitor Log A Site Visitor log documenting all visitors and vendors is required. All visitor records must be retained for a period of 12 months Controlled Access Records and Logs The following controlled access records and logs are required: Access Code Logging Access Code/ Key Possession Records Controlled Access Log Digital Access Log Controlled Access records must be reviewed for irregularities every 12 months and updated for every change of access. Digital Access Logs must be reviewed every 60 days Driver and Vehicle Information Required for Transport The following records must be kept for each shipment of <COMPANY NAME> Goods: Driver Name and License Records Vehicle License Record Cargo Seal Serial Number Log Date and Time of Cargo Pick-up Tracking Records The following records must be kept for each shipment of <COMPANY NAME> Goods: GPS Tracking Records must be kept for a period of 12 months Scrap and Destroy Records The following applicable records must be kept for scrapped <COMPANY NAME> Goods or IP: Scrapped <COMPANY NAME> Goods Records Scrapped <COMPANY NAME> IP Records Inventory and Use Records of <Company Name> Goods Vendors shall regularly reconcile physical inventories of the following against inventory records and report any discrepancies to <COMPANY NAME> as security incidents Inventory Records of Cargo Shipments Vendors shall keep records of each cargo shipment including at a minimum: Name of shipper/consignee Description of shipment Weight of shipment Number of units shipped Shortages/overages, if any Dates (shipment and receipt) Accompanying documentation Customs manifests, if any In addition: Seals must be tracked and verified Each shipment must be compared to its shipment manifest Page 7

9 1.6 Procedural Security All vendors must create written plans, standards or procedures addressing each of the following topics, as applicable. All such written documentation must be submitted to the attention of the Vendor s <COMPANY NAME> account manager within sixty (60) days of receipt of this contract for <COMPANY NAME>'s approval Data Access Policy and Procedures The data access policy must require password protection of systems. Procedures must ensure that user accounts and passwords used to access these systems are not posted, otherwise distributed, or shared by more than one person. Procedures that establish and maintain the authorization mechanisms which control data access are required Disaster Recovery Plan Disaster Recovery Plans must include: Details of all physical systems Details of information systems Details of network security processes and requirements A list of all persons to be contacted whenever a disaster or other business-affecting event necessitates it. The contact list must be updated whenever changes occur and reviewed for accuracy every three months. Disaster Recovery Plans must be printed out and stored in secure on- and off-site locations Business Continuity Plan The Business Continuity Plan meets the requirements specified in the SCS Contract Security Incident Procedures Security incident documentation must include: Provisions to escalate incidents Emergency contact information for both <COMPANY NAME> and the vendor Security Incident report, including a management review of said report User Account Procedures Procedures to create, maintain and terminate user accounts must be included in the vendor s Network Security document Internal Access Control Procedures Internal access control procedures must address: Site access Visitor control Video surveillance & monitoring Alarm and access control systems monitoring and response Cargo Security Standards Cargo security documentation must include: Procedures for the use and verification of high security seals Procedures for verifying the physical integrity of trucks, trailers, containers, rail cars, and aircraft Procedures for verifying the reliability of locking mechanisms on all transportation Procedures to ensure that: All outbound shipments are destined to an authorized location Page 8

10 Shipments are scheduled for delivery during normal business hours, unless a shipment has a specific receiving procedure in place prior to shipment 1.7 Personnel Security This section contains requirements for vendor and sub-contractor employees who may come into contact with <COMPANY NAME> Goods or IP. Sub-contractors and their employees must meet the same criteria set for <COMPANY NAME> vendors and their employees Employees Handling <COMPANY NAME> Product or Intellectual Property Vendor agrees to use proprietary, full-time employees, and to avoid using any sub-contracted individuals or equipment without first notifying a representative of <COMPANY NAME>. Vendor must verify that all employees have successfully passed a drug analysis test, as permitted by law, prior to commencing contracted employment with <COMPANY NAME> Background Investigations & Toxicology Screening If permitted by law, background investigations must be conducted on any individual or entity prior to hiring or assignment, and prior to granting access to <COMPANY NAME> Goods or IP. These background investigations must be documented and shall include at minimum: Verification of personal identity Criminal background checks for the previous five (5) years (to the extent permitted under local laws) Name search within check lists of known terrorist organizations Employment verification back to age 18, including any gaps of greater than thirty days Motor Vehicle Records (MVR) for those subjects driving company-owned vehicles, or driving on company business as a primary component of their job. Where applicable by law, ten-panel toxicology screening measures should be used on a preemployment, random and for-cause basis. Name search within government de-barred lists If the individual or entity is on any such list or has past criminal activity in their background investigation, <COMPANY NAME>'s account manager must be contacted and written approval obtained prior to allowing any such individual or entity access to <COMPANY NAME> Goods or IP Employee Terminations All terminations of employees and sub-contractor employees must be documented. If any employee is terminated - not eligible for rehire, the facts of their termination must be documented to the extent permitted by law. All such records must be retained indefinitely unless and until instructed to the contrary by <COMPANY NAME>. Access control devices (keys or cards) must be collected from every terminated employee and subcontractor employee immediately upon termination. Systems access permissions must be removed within 24 hours of termination. Employees not eligible for re-hire must be placed on a list. New applicants must be checked against the list prior to employment Retention of Training Records Detailed records must be kept of all personnel receiving <COMPANY NAME> training and updates to <COMPANY NAME> training. Page 9

11 1.8 Cargo Security On-site Cargo Security All vendors must comply with the following cargo security requirements High Security Container Seals All trucks, trailers and containers ( Cargo Vehicles ) must be secured using high-security seals that comply with the standards of: The country of origin Applicable trans-shipment countries The country of destination Access to container seals must be limited, seals should be affixed either by shipping or security personnel (never by the driver) and seals must be destroyed upon removal Cargo Delivery, Loading and Unloading Trucks are permitted to enter and leave the facility through secured access points only. When unattended, containers, trucks, and trailers containing <COMPANY NAME> Goods must be: Parked in secure holding areas Monitored through video surveillance or directly by security personnel Cargo loading and unloading must be supervised by <COMPANY NAME>-authorized personnel. Full pallets, partial pallets, and single shipped master cartons must be weighed before shipment. The weight must be noted in the related shipping documentation. Delivery, loading and unloading should be scheduled in advance and must be during applicable business hours only. <COMPANY NAME> Goods cannot be pre-loaded into Cargo Vehicles except under preapproved conditions. When unloading cargo, cargo weight and carton count must be reconciled against the manifest documents while the cargo vehicle is still present. Damage or tampering must also be noted. Damaged or short shipments must be reported to <COMPANY NAME> within 48 hours of receipt. Before loading cargo, the vendor must: Inspect the cargo vehicle for unauthorized or un-manifested materials Verify that all outbound shipments are destined to an authorized location Verify that shipments are scheduled for delivery during normal receiving business hours, unless a shipment has an alternate receiving procedure in place prior to shipment. Each alternate receiving procedure can apply to one specific shipment only Segregation of Shipping and Receiving Functions One of the following methods must be used to ensure that <COMPANY NAME> Goods cannot be simultaneously loaded on and unloaded from the same truck, trailer or container: There must be a physical barrier between shipping and receiving facilities that prevents comingling of these activities, OR Shipping and receiving must be scheduled so they do not occur at the same docks at the same time Cargo Vehicle Inspections Cargo Vehicles must be physically secure, with working locking mechanisms that are inspected upon each loading of <COMPANY NAME> Goods or IP. Inspection logs must list the names of the person(s) conducting the inspections and their findings. Page 10

12 Protection of Shipment Information Information regarding incoming and outgoing shipments, including the routing of said shipments, is to be kept confidential and securely guarded. Vehicles must depart with approved and verified drivers directly from the protected loading area. Under no circumstances shall another person move a loaded vehicle Controlling Access to Cargo Uncontrolled access to shipping and loading docks, cargo areas, trailers, containers, or any other vehicle involved in the transport of <COMPANY NAME> Goods is prohibited. At a minimum, access must be controlled as follows: Access to such areas must be logged and records retained indefinitely unless and until instructed to the contrary by <COMPANY NAME>. Drivers must be accompanied by authorized personnel when in a shipping/receiving area for <COMPANY NAME> Goods, and otherwise must remain in their vehicle or be restricted to a designated area. Vendors must keep complete records of driver names, license number, vehicle license number and issuing governmental authority (tractor and trailer, if applicable), seal serial number, and the date and time of pick-up. 1.9 Control of <COMPANY NAME> Goods in the Facility Storage of <COMPANY NAME> Goods <COMPANY NAME> Goods must be transferred upon reception to secure, access controlled internal location(s) by <COMPANY NAME> - authorized personnel. All <COMPANY NAME> storage locations must be within the facility Access to <COMPANY NAME> Goods The following access controls are required for <COMPANY NAME> Goods and <COMPANY NAME> storage areas Granting Access to <COMPANY NAME> Goods Access to <COMPANY NAME> Goods should be provided for established business needs only <COMPANY NAME> Storage Area Access Locations <COMPANY NAME> storage areas must be accessible from specific monitored locations only Code, Key or Card Access to <COMPANY NAME> Storage Areas Access to <COMPANY NAME> storage areas should be by assigned access code. However, if the facility cannot accommodate an access code system, keys or cards may be used to control access Access Code Requirements Access codes should be issued to authorized individuals only. Sharing codes is prohibited. Access codes must be changed at least once every three (3) months. Access codes are to be controlled and logged by authorized individuals only. Employee access changes must be reported to security immediately and their access privileges must be modified immediately Access Control Devices Access control devices (keys or cards) must be collected from every terminated employee immediately upon termination. Extra, unused or returned access keys or cards must be kept in a secure location Access Control Records Page 11

13 Electronic access logs that include the name of the authorized individual, the date of access, and the time of access must be maintained indefinitely unless and until instructed to the contrary by <COMPANY NAME>. Records identifying all persons in possession of keys, cards or access codes must be maintained indefinitely unless and until instructed to the contrary by <COMPANY NAME> Employee Identification The identity of each person seeking access to <COMPANY NAME> Goods must be verified in real time. Persons monitoring access must be trained in how to challenge persons seeking inappropriate access. Visibly displayed photo or serialized identification badges are to be used by all personnel provided access to <COMPANY NAME> Goods Visitor Access No visitors are to be allowed access to <COMPANY NAME> Goods without prior <COMPANY NAME> approval, a verified government-issued ID and a <COMPANY NAME>-authorized escort Temporary Staff Temporary staff (for example, maintenance or cleaning crews) are to be supervised at all times by authorized personnel Personal Belongings in <COMPANY NAME> Storage Areas Bags, backpacks and personal cell phones must remain in the locker room and should not be allowed in the warehouse Returned and Rejected Product Mandatory Scrap and Destruction Vendors must remove affected product, packaging labels, product inserts, and <COMPANY NAME> electronic files from their inventory, store these in a dedicated secure area on the premises, and document said <COMPANY NAME> Goods and/or IP as scrapped and destroyed within five (5) business days if any of the following events occur: Vendor in possession of <COMPANY NAME> Goods is no longer required by <COMPANY NAME> to fulfill contract/agreement with <COMPANY NAME> <COMPANY NAME> Goods are determined to be corrupted or unusable <COMPANY NAME> Goods are at end of life Vendor s agreement with <COMPANY NAME> is terminated or no further production, supply and/or distribution of <COMPANY NAME> Goods is authorized Determination of whether one of these events has occurred shall be at <COMPANY NAME>'s sole discretion Destruction of Scrap and Returns <COMPANY NAME> Goods Goods scheduled for destruction (including seals) must be kept in a dedicated secure location. Destruction must be performed in the presence of an authorized <COMPANY NAME> representative, and must be certified. Certificates of destruction must be kept indefinitely, unless and until instructed otherwise by <COMPANY NAME>. Logs of all scrapped goods must record: Date of destruction Description and quantities of scrapped goods Identifying control numbers, if any Name of the person authorizing destruction Name(s) of the person(s) witnessing and destroying <COMPANY NAME> Goods. Page 12

14 Electronic Files Electronic files scheduled for destruction are to be securely deleted using procedures specified by <COMPANY NAME>, and said destruction must be documented Reporting and Notification Good Distribution Practices Violations Vendor will notify <COMPANY NAME> within one (1) business day upon becoming aware of any violation of the GDP Supply Chain Security Requirements Violations Vendor shall notify <COMPANY NAME> within twenty-four (24) hours of becoming aware of any violation of the SCS Requirements Notification of Damage or Loss Vendor shall report any loss of or damage to any <COMPANY NAME> product or its packaging within twenty-four (24) hours of becoming aware of such loss or damage Firewall Access Violations Firewall access violations must be logged and periodically reviewed to identify potential intrusions After-hours Alarm Notification List An After-hours alarm notification list is required. This list must include multiple layers of redundancy to guarantee that a responder is always available. The list must be updated and tested once every six months Scrap Recycling List The vendor must maintain a list of companies or individuals that provide scrap recycling and provide this list to <COMPANY NAME> Employee Background Issues If the individual or entity being investigated is on lists of known terrorist organizations, government debarred lists, or has past criminal activity, <COMPANY NAME>'s account manager must be contacted and written approval obtained prior to allowing them access to <COMPANY NAME> Goods Use of Sub-contracted Individuals or Equipment Vendor must report their intent to use sub-contracted individuals or equipment to a representative of <COMPANY NAME> prior to use Security Incidents The <COMPANY NAME> Vendor must designate a local management contact to be telephoned in the event of a security incident Solicitations by Unauthorized Sellers Attempts to buy or sell <COMPANY NAME> Goods by unauthorized sellers must be reported to <COMPANY NAME> within 24 hours of the solicitation. The report should include as much detail as possible Unusual Discrepancies in Sales or Orders Unusual discrepancies in sales or orders from a given supplier or distributor must be reported to the appropriate <COMPANY NAME> account manager within 24 hours of discovery. ( Unusual is to be determined on an individual basis by the <COMPANY NAME> account manager for each <COMPANY NAME> Vendor and agreed upon in writing). Page 13

15 Reporting Violations of Government Regulations Vendors shall report to <COMPANY NAME> any violation of government regulations that impact their ability to fulfill any contractual obligations to <COMPANY NAME>. Such reports must be made within 24 hours of the discovery of the violation Reporting Revisions of this Document Vendors will inform their <COMPANY NAME> approved sub-contractors of <COMPANY NAME> revision changes to this document within five (5) business days of receiving the changes Information Protection Vendors must implement the following measures to control access to, and protect the storage and transmission of, <COMPANY NAME> confidential electronic information Information Security Management The vendor s network and servers must be protected by an information security function that: Establishes information security management policies and controls Monitors compliance to established controls Assigns information security roles and responsibilities Assesses information risks and manages risk mitigation Protected Access to <COMPANY NAME> Confidential Information <COMPANY NAME> Confidential Information: May only be stored on secure servers that are protected from general purpose computer networks by a dedicated firewall May not be stored on any internal drives to which external portable media recordable devices can be attached for the extraction of data Environmental Controls All critical computer resources must be housed in accordance with equipment manufacturer s operating specifications for temperature ranges, humidity levels and particulate count Fire Suppression Data centers and computer rooms housing critical computer resources must be equipped with fire suppression systems. Page 14

16 2 Appendices 2.1 Document Review Schedule Note that all supply chain security documentation required by <COMPANY NAME> should be periodically reviewed for accuracy and revision. The following table is provided for vendor convenience, but may not address all review issues. Page # Documentation Review Cycle 8 Disaster Recovery Plan Annual 8 Business Continuity Plan Annual 8 Disaster Recovery Contact List 3 months 8 Business Continuity Contact List 3 months 6 Access Control Logs 60 days 7 Controlled Access Records Annual 13 Firewall Access Violation Logs Periodically 2.2 Record Retention List Note that all records, lists and logs required by <COMPANY NAME> should be periodically reviewed for accuracy and revision. The following table is provided for vendor convenience, but may not address all retention requirements. Page # Record, List or Log Retention Period 9 Employee Termination Records Indefinite 7 Computer Log Files At least 60 days 11 Cargo Access Records Indefinite 5 Uneventful Audio and Video Recordings 3 months following recording 5 Audio and Video Recordings Documenting an Event Indefinite 3 Orders of <COMPANY NAME> Product Indefinite 3 Receipts of <COMPANY NAME> Product Indefinite 11 Access Logs Indefinite 11 Key, card and access code records (as applicable) Indefinite 12 Certificates of destruction Indefinite Page 15

17 2.3 Key Terms Term Definition API Active Pharmaceutical Ingredient cgmp The current good manufacturing practices promulgated by the US Food and Drug Administration. C-TPAT The U.S. Customs and Border Protection program, Customs-Trade Partnership Against Terrorism. Excipients All inert ingredients (such as sugar) in a product s formulation GDP Good Distribution Practices Intrusion Detection This is very similar to anti-virus software. Both use signatures or Technology or Software identifying characteristics, to locate viruses. Anti-virus software searches the files on selected drives for these signatures. Intrusion detection software searches active packets of information transmitted on the network in the same manner. Other materials Coatings (such as wax), binders, casings, etc. PDMA The Prescription Drug Marketing Act of Pre-API A processed and/or controlled product used in the creation of an API. Pre-APIs have their own control systems. SCS Supply Chain Security. <COMPANY NAME> Confidential Information <COMPANY NAME> Goods <COMPANY NAME> IP Two-factor Authentication Vendor Sensitive information, including shipment details, pricing, labels, packaging, and <COMPANY NAME> technical information. <COMPANY NAME> product and product components, whether in finished or unfinished, packaged or unpackaged form, including the handling of any components of said finished or unfinished products and including but not limited to active pharmaceutical ingredients, excipients, packaging, package inserts, labels, any raw materials required to produce the preceding items, extra access devices, video surveillance recordings, and any other product or component specified by <COMPANY NAME>. <COMPANY NAME> patents, trade secrets, confidential information, copyrights and trademarks or other forms of <COMPANY NAME> intellectual property. In order to access a device protected by two-factor authentication, you must have something (like an RSA token) and know something (like your pin number). There are multiple forms of two-factor authentication described on the Internet. A packager, manufacturer, supplier, contracted carrier, testing laboratory, customs brokerage or distributor of <COMPANY NAME> product. Page 16

Supply Chain Security Audit Tool - Warehousing/Distribution

Supply Chain Security Audit Tool - Warehousing/Distribution Supply Chain Security Audit Tool - Warehousing/Distribution This audit tool was developed to assist manufacturer clients with the application of the concepts in the Rx-360 Supply Chain Security White Paper:

More information

Intermec Security Letter of Agreement

Intermec Security Letter of Agreement Intermec Security Letter of Agreement Dear Supplier, Please be advised that Intermec Technologies has joined US Customs and Border Protection (USC&BP) in the Customs-Trade Partnership Against Terrorism

More information

Seventh Avenue Inc. 1

Seventh Avenue Inc. 1 Seventh Avenue Inc. Supply Chain Security Profile Customs-Trade Partnership against Terrorism Supplier Questionnaire Seventh Avenue is a member of the Customs-Trade Partnership against Terrorism (C-TPAT).

More information

Customs-Trade Partnership against Terrorism Supply Chain Security Profile

Customs-Trade Partnership against Terrorism Supply Chain Security Profile Customs-Trade Partnership against Terrorism Supply Chain Security Profile Service Provider Assessment (Warehouse) Please answer the following questions about your company s cargo security processes and

More information

WAREHOUSE SECURITY BEST PRACTICE GUIDELINES CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM

WAREHOUSE SECURITY BEST PRACTICE GUIDELINES CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM BACKGROUND WAREHOUSE SECURITY BEST PRACTICE GUIDELINES CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM In the aftermath of September 11, U.S. Customs and Border Protection (CBP) in cooperation with its trade

More information

Security Criteria for C-TPAT Foreign Manufacturers in English

Security Criteria for C-TPAT Foreign Manufacturers in English Security Criteria for C-TPAT Foreign Manufacturers in English These minimum security criteria are fundamentally designed to be the building blocks for foreign manufacturers to institute effective security

More information

Customs-Trade Partnership against Terrorism Supply Chain Security Profile

Customs-Trade Partnership against Terrorism Supply Chain Security Profile Customs-Trade Partnership against Terrorism Supply Chain Security Profile Service Provider Assessment (Trucker) Please answer the following questions about your company s cargo security processes and participation

More information

C-TPAT Importer Security Criteria

C-TPAT Importer Security Criteria C-TPAT Importer Security Criteria Importers must conduct a comprehensive assessment of their international supply chains based upon the following C-TPAT security criteria. Where an importer outsources

More information

MINIMUM SECURITY GUIDELINES FOR SOURCE MANUFACTURER/WAREHOUSEMEN C-TPAT INFORMATION

MINIMUM SECURITY GUIDELINES FOR SOURCE MANUFACTURER/WAREHOUSEMEN C-TPAT INFORMATION MINIMUM SECURITY GUIDELINES FOR SOURCE MANUFACTURER/WAREHOUSEMEN C-TPAT INFORMATION 1.0 Objective The purpose of this procedure is to ensure that Toys R Us, Inc. and its manufacturers, suppliers, and warehousemen

More information

C-TPAT Self-Assessment - Manufacturing & Warehousing

C-TPAT Self-Assessment - Manufacturing & Warehousing Task # Section/Control Description 1 Security Management System 1.1 Is there a manager or supervisor responsible for implementing security within the company? Please provide the security manager s name

More information

Global Supply Chain Security Recommendations

Global Supply Chain Security Recommendations Global Supply Chain Security Recommendations These minimum security criteria are fundamentally designed to be the building blocks for foreign manufacturers to institute effective security practices designed

More information

welcome to Telect s Minimum Security Criteria for Customs-Trade Partnership Against Terrorism (C-TPAT) Foreign Manufacturers Training Presentation

welcome to Telect s Minimum Security Criteria for Customs-Trade Partnership Against Terrorism (C-TPAT) Foreign Manufacturers Training Presentation welcome to Telect s Minimum Security Criteria for Customs-Trade Partnership Against Terrorism (C-TPAT) Foreign Manufacturers Training Presentation Minimum Security Criteria Scope Designed to be the building

More information

Importers must have written and verifiable processes for the selection of business partners including manufacturers, product suppliers and vendors.

Importers must have written and verifiable processes for the selection of business partners including manufacturers, product suppliers and vendors. Security Profile For each of the sections below, you will be required to write a response and/or upload a document demonstrating how your company adheres to the stated requirement. There is no one right

More information

A Message for Warehouse Operators And Security Guidelines for Warehouse Operators

A Message for Warehouse Operators And Security Guidelines for Warehouse Operators A Message for Warehouse Operators And Security Guidelines for Warehouse Operators Kingchem LLC is a participant in the Customs-Trade Partnership Against Terrorism (C-TPAT). C-TPAT is a voluntary joint

More information

OTI, Consolidator and Customs Broker. Security Questionnaire Customs-Trade Partnership against Terrorism

OTI, Consolidator and Customs Broker. Security Questionnaire Customs-Trade Partnership against Terrorism OTI, Consolidator and Customs Broker Security Questionnaire Customs-Trade Partnership against Terrorism Introduction and General Instructions The Customs-Trade Partnership against Terrorism (C-TPAT) is

More information

Partners in Protection / C-TPAT Supply Chain Security Questionnaire

Partners in Protection / C-TPAT Supply Chain Security Questionnaire Partners in Protection / C-TPAT Supply Chain Security Questionnaire Dear: Supply Trade Partner As you are aware there have been several changes in the transportation industry over the past few years. One

More information

Customs & Trade Partnership Against Terrorism (C TPAT)

Customs & Trade Partnership Against Terrorism (C TPAT) Customs & Trade Partnership Against Terrorism (C TPAT) Bristol Myers Squibb Company Customs & Trade & Corporate Security Departments As a result of the events of September 11, 2001, the United States Customs

More information

Customs-Trade Partnership Against Terrorism (C-TPAT) Security Guidelines for Suppliers/Shippers

Customs-Trade Partnership Against Terrorism (C-TPAT) Security Guidelines for Suppliers/Shippers Customs-Trade Partnership Against Terrorism (C-TPAT) Security Guidelines for Suppliers/Shippers In support of Vectora's C-TPAT program implementation, these security requirements and guidelines are provided

More information

APEC Private Sector. Supply Chain Security Guidelines

APEC Private Sector. Supply Chain Security Guidelines APEC Private Sector Supply Chain Security Guidelines 1 Contents Executive Summary 3 Physical Security 4 Access Control 5 Personnel Security 6 Education and Training Awareness 7 Procedural Security 8 Documentation

More information

Guidance Notes FSR 2014

Guidance Notes FSR 2014 Definition (page 13) TERM DEFINITION GUIDANCE/ AMENDMENT BACKED UP To make a copy of a data file which is stored securely in a separate location and can be used as a security copy. To make a copy of a

More information

ABBVIE C-TPAT SUPPLY CHAIN SECURITY QUESTIONNAIRE

ABBVIE C-TPAT SUPPLY CHAIN SECURITY QUESTIONNAIRE AbbVie is a participant in the U.S. Customs supply chain security program called the Customs-Trade Partnership Against Terrorism (C-TPAT). Participation in C-TPAT requires AbbVie to ensure that its overseas

More information

Rx-360 Supply Chain Security White Paper: Audits and Assessments of Third Party Warehousing and Distribution Facilities

Rx-360 Supply Chain Security White Paper: Audits and Assessments of Third Party Warehousing and Distribution Facilities Rx-360 Supply Chain Security White Paper: Audits and Assessments of Third Party Warehousing and Distribution Facilities 6 June 2012 INTRODUCTION Today s global corporations frequently outsource various

More information

Appropriate security measures, as listed throughout this document, must be implemented and maintained throughout the consolidator s supply chains.

Appropriate security measures, as listed throughout this document, must be implemented and maintained throughout the consolidator s supply chains. Page 1 of 5 Print this Page Close this Window Printer Friendly Version Of: http://www.cbp.gov/xp/cgov/trade/cargo_security/ctpat/security_guideline/guideline_air_freight.xml Printed: Thu Feb 16 21:13:43

More information

Rail Carrier Security Criteria

Rail Carrier Security Criteria Rail Carrier Security Criteria Rail carriers must conduct a comprehensive assessment of their security practices based upon the following C-TPAT minimum-security criteria. Recognizing that rail carriers

More information

Best Practices For. Supply Chain Security

Best Practices For. Supply Chain Security Best Practices For Supply Chain Security Document Information Created By: Family Dollar Imports Updated On: 10.21.2015 2 Contents What is C-TPAT? 5 Family Dollar s Distribution Network 6 Distribution Centers

More information

Return the attached PPG Supply Chain Security Acknowledgement by email, fax, or mail within two weeks from receipt.

Return the attached PPG Supply Chain Security Acknowledgement by email, fax, or mail within two weeks from receipt. TO: International Suppliers shipping to the United States PPG Industries, Inc., and its affiliates have been certified as a member of the U. S. Customs Trade Partnership Against Terrorism ( C-TPAT ). C-TPAT

More information

Physical Security Assessment Form

Physical Security Assessment Form Physical Security Assessment Form Security Self-Assessment T Wake 10 February 2012 Security Assessment Contents Facility / Site Security Assessment Form... 3 Identification Details... 3 Facility Details...

More information

Customs -Trade Partnership Against Terrorism (C-TPAT) Vendor Participation Overview

Customs -Trade Partnership Against Terrorism (C-TPAT) Vendor Participation Overview Customs -Trade Partnership Against Terrorism (C-TPAT) Vendor Participation Overview On September 11, 2001, combating the threat of terrorism became U.S. Customs number one priority. Due to the attacks

More information

What is C-TPAT? Customs Trade Partnership Against Terrorism

What is C-TPAT? Customs Trade Partnership Against Terrorism Learning Objectives What is C-TPAT? Terrorist Awareness Supply Chain Security Container Security Program 7 Point Inspection Seal Program Locks, Keys & Access Control / Visitor Controls Pre-Employment Verifications

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

APPENDIX 1: ORACLE SUPPLY CHAIN AND HIGH VALUE ASSET PHYSICAL SECURITY STANDARDS

APPENDIX 1: ORACLE SUPPLY CHAIN AND HIGH VALUE ASSET PHYSICAL SECURITY STANDARDS APPENDIX 1: ORACLE SUPPLY CHAIN AND HIGH VALUE ASSET PHYSICAL SECURITY STANDARDS The requirements of these Oracle Global Supply Chain and High Value Asset Physical Security Standards apply to all geographical

More information

CVS Pharmacy C-TPAT Requirements For Import Product Suppliers

CVS Pharmacy C-TPAT Requirements For Import Product Suppliers CVS Pharmacy C-TPAT Requirements For Import Product Suppliers To Our Import Product Suppliers: CVS Pharmacy, Inc. (CVS) is committed to ensuring supply chain security within a framework consistent with

More information

C-TPAT Security Criteria Sea Carriers

C-TPAT Security Criteria Sea Carriers C-TPAT Security Criteria Sea Carriers Sea carriers must conduct a comprehensive assessment of their security practices based upon the following C-TPAT minimum-security criteria. Where a sea carrier does

More information

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan SAMPLE TEMPLATE Massachusetts Written Information Security Plan Developed by: Jamy B. Madeja, Esq. Erik Rexford 617-227-8410 jmadeja@buchananassociates.com Each business is required by Massachusetts law

More information

Customs-Trade Partnership Against Terrorism (C-TPAT) Minimum Security Criteria Third Party Logistics Providers (3PL)

Customs-Trade Partnership Against Terrorism (C-TPAT) Minimum Security Criteria Third Party Logistics Providers (3PL) Customs-Trade Partnership Against Terrorism (C-TPAT) Minimum Security Criteria Third Party Logistics Providers (3PL) Since its inception, the Customs-Trade Partnership Against Terrorism (C-TPAT) program

More information

CVS Pharmacy C-TPAT Requirements For Product Suppliers

CVS Pharmacy C-TPAT Requirements For Product Suppliers CVS Pharmacy C-TPAT Requirements For Product Suppliers To Our Product Suppliers: CVS Pharmacy, Inc. (CVS) is committed to ensuring supply chain security within a framework consistent with Customs-Trade

More information

TKMNA Carrier/Forwarder C-TPAT Security Questionnaire

TKMNA Carrier/Forwarder C-TPAT Security Questionnaire Carrier/Forwarder: Address: Address: Intent: TKMNA has committed to participation in the Customs Trade Partnership Against Terrorism (CTPAT) Program administered by Customs. CTPAT is a supply chain security

More information

Security Profile. Business Partner Requirements, Security Procedures (Updated)

Security Profile. Business Partner Requirements, Security Procedures (Updated) Security Profile For each of the sections below, you will be required to write a response and/or upload a document demonstrating how your company adheres to the stated requirement. There is no one right

More information

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification Publication

More information

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL 9.1 USE SECURITY AREAS TO PROTECT FACILITIES 1 GOAL Do you use physical methods to prevent unauthorized access to your organization s information and premises? 2 GOAL Do you use physical methods to prevent

More information

SECURITY IN TRUCKING

SECURITY IN TRUCKING SECURITY IN TRUCKING A CHECKLIST FOR FLEET OPERATORS SECURITY IN TRUCKING A CHECKLIST FOR FLEET OPERATORS This checklist for fleet security has been compiled by the Private Motor Truck Council of Canada

More information

Music Recording Studio Security Program Security Assessment Version 1.1

Music Recording Studio Security Program Security Assessment Version 1.1 Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND

More information

Food Defense Self-Assessment Checklist for. Slaughter and Processing Plants

Food Defense Self-Assessment Checklist for. Slaughter and Processing Plants Food Defense Self-Assessment Checklist for Slaughter and Processing Plants Outside Security 1. What food defense measures does your plant have in place for the exterior of the building? Are the plant s

More information

C-TPAT Customs Trade Partnership Against Terrorism

C-TPAT Customs Trade Partnership Against Terrorism Food and Agriculture Border Gateway Summit C-TPAT Customs Trade Partnership Against Terrorism Robert Gaydo, Senior Trade Advisor A.N. DERINGER, INC. Feb. 20, 1014 Who can participate? Air/Rail/Sea Carriers

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

1. Perimeter fencing or walls should enclose the vicinity around cargo handling and loading areas, as well as storage facilities.

1. Perimeter fencing or walls should enclose the vicinity around cargo handling and loading areas, as well as storage facilities. 2. Physical Security Cargo handling and storage facilities in domestic and foreign locations must have physical barriers and deterrents that guard against unauthorized access. Where applicable, there must

More information

FAST. Highway Carrier Application Process. BSF5106(E) Rev. 09

FAST. Highway Carrier Application Process. BSF5106(E) Rev. 09 FAST Highway Carrier Application Process BSF5106(E) Rev. 09 Available on-line only. La version française de cette publication est intitulée EXPRES Processus de traitement des demandes de participation

More information

Facility XXXX Site Security Survey Date: 10/9-10/10/02. (A) Perimeter Security Feature Yes No Comments

Facility XXXX Site Security Survey Date: 10/9-10/10/02. (A) Perimeter Security Feature Yes No Comments Facility XXXX Site Security Survey Date: 10/9-10/10/02 (A) Perimeter Security DELAY/DETER Site Boundary None of the critical facilities have protective Fence (Height and Construction) fences. Outriggers

More information

Contents. Global Security Verification (GSV) Standard. Introduction... 2. The Global Security Verification Criteria Implementation Guidance...

Contents. Global Security Verification (GSV) Standard. Introduction... 2. The Global Security Verification Criteria Implementation Guidance... Global Security Verification (GSV) Standard Contents Introduction.................................... 2 The Global Security Verification Criteria Implementation Guidance......................................

More information

Administrative Procedure

Administrative Procedure Administrative Procedure Effective: 12/21/2012 Supersedes: N/A Page: 1 of 5 Subject: SECURITY ALARMS 1.0. PURPOSE: The purpose of this procedure is to coordinate and control the installation, monitoring,

More information

C-TPAT Validation/Revalidation Results

C-TPAT Validation/Revalidation Results C-TPAT Validation/Revalidation Results September 2014 Wayne Kornmann Director, Los Angeles C-TPAT Field Office Bryant Van Buskirk Supervisor, Los Angeles C-TPAT Office Agenda Methodology Core Criteria

More information

C-TPAT Highway Carrier Security Criteria

C-TPAT Highway Carrier Security Criteria C-TPAT Highway Carrier Security Criteria The supply chain for highway carriers for C-TPAT purposes is defined from point of origin from the yard or where the tractors and trailers are stored, through pickup

More information

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Managed Hosting & Datacentre PCI DSS v2.0 Obligations Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version

More information

PHYSICAL SECURITY STANDARDS

PHYSICAL SECURITY STANDARDS (T.D. 72-56) Department of the Treasury--Office of the Secretary Standards for security of international cargo There are published below for information of the public recommended physical and procedural

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

GUIDE TO DEVELOPING A FOOD DEFENSE PLAN FOR Food Processing Plants

GUIDE TO DEVELOPING A FOOD DEFENSE PLAN FOR Food Processing Plants Adapted from information provided by the U.S. Department of Agriculture Food Safety and Inspection Service GUIDE TO DEVELOPING A FOOD DEFENSE PLAN FOR Food Processing Plants March 2008 BY COMPLETING PAGE

More information

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index Index Section 5.1 Purpose.... 2 Section 5.2 Definitions........2 Section 5.3 Validation Information.....2 Section 5.4 Procedures for Opening New Accounts....3 Section 5.5 Procedures for Existing Accounts...

More information

Security Guidelines for. Agricultural distributors

Security Guidelines for. Agricultural distributors Security Guidelines for Agricultural distributors SECURITY GUIDELINES FOR AGRICULTURAL DISTRIBUTORS As a result of global uncertainties the security of agricultural retail facilities has taken on a whole

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

Food Defense Supplier Guidelines

Food Defense Supplier Guidelines Food Defense Supplier Guidelines Revised: 16 March 2010 Table of Contents Topic Introduction 1. Plan administration a. Plan management b. Roles and responsibilities c. Reporting procedures d. Self assessments

More information

SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES

SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES by the American Chemical Society, Committee on Chemical Safety, Safe Practices Subcommittee Introduction Terrorism

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

DOT HAZMAT SECURITY AWARENESS TRAINING

DOT HAZMAT SECURITY AWARENESS TRAINING ERI Safety Videos DVDs, Digital Media & Custom Production 1319 DOT HAZMAT SECURITY AWARENESS TRAINING Leader s Guide Safety Source Productions DOT HAZMAT SECURITY AWARENESS TRAINING This easy-to-use Leader

More information

Supplier IT Security Guide

Supplier IT Security Guide Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA

More information

SUPPLIER SECURITY STANDARD

SUPPLIER SECURITY STANDARD SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

Introduction. Conducting a Security Review

Introduction. Conducting a Security Review Chapter 3 PHYSICAL SECURITY Introduction In elections, physical security refers to standards, procedures, and actions taken to protect voting systems and related facilities and equipment from natural and

More information

FSIS Security Guidelines for Food Processors

FSIS Security Guidelines for Food Processors United States Department of Agriculture Food Safety and Inspection Service FSIS Security Guidelines for Food Processors Food Security Plan Management Dear Establishment Owner/Operator: The Food Safety

More information

Does a fence or other type physical barrier define the perimeter of the facility?

Does a fence or other type physical barrier define the perimeter of the facility? PHYSCIAL SECURITY SURVEY CHECKLIST PERIMETER BARRIERS TRANSIT FACILITIES Does a fence or other type physical barrier define the perimeter of the facility? (1) Specify type and height of physical barrier

More information

543.7 What are the minimum internal control standards for bingo?

543.7 What are the minimum internal control standards for bingo? Bingo Purpose This section provides guidance on the development of internal controls, policies, and procedures for the operation of bingo. It has been compiled by tribal regulators, Class II gaming operators,

More information

FSR2014 FACILITY SECURITY REQUIREMENTS. Transported Asset Protection Association. All Rights Reserved

FSR2014 FACILITY SECURITY REQUIREMENTS. Transported Asset Protection Association. All Rights Reserved FSR2014 FACILITY SECURITY REQUIREMENTS About TAPA Cargo crime is one of the biggest supply chain challenges for manufacturers of high value, high risk products and their logistics service providers. The

More information

POLICY TEMPLATE. Date initially approved: November 5, 2013 Date of last revision: same

POLICY TEMPLATE. Date initially approved: November 5, 2013 Date of last revision: same POLICY TEMPLATE Video Surveillance Category: Approval: Responsibility: Date: Operations PVP VP Finance and Administration Date initially approved: November 5, 2013 Date of last revision: same Definitions:

More information

PROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT

PROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT Office of Employee Benefits Administrative Manual PROGRAM TO PREVENT, DETECT & MITIGATE IDENTITY THEFT 150 EFFECTIVE DATE: AUGUST 1, 2009 REVISION DATE: PURPOSE: Ensure that the Office of Employee Benefits

More information

"DOT IN-DEPTH HAZMAT SECURITY TRAINING"

DOT IN-DEPTH HAZMAT SECURITY TRAINING PRESENTER'S GUIDE "DOT IN-DEPTH HAZMAT SECURITY TRAINING" For the Department of Transportation's 49 CFR 172.700 Subpart H Training Requirements Quality Safety and Health Products, for Today...and Tomorrow

More information

Lauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L.

Lauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L. Document No: IG10d Version: 1.1 Name of Procedure: Third Party Due Diligence Assessment Author: Release Date: Review Date: Lauren Hamill, Information Governance Officer Version Control Version Release

More information

THE BENEFIT OF ADOPTING SECURITY MEASURES

THE BENEFIT OF ADOPTING SECURITY MEASURES HOW C-TPAT IDENTIFIES BEST PRACTICES Best practices in a general sense are innovative security measures that exceed the C-TPAT minimum security criteria and industry standards. In order for best practices

More information

AEO SELF ASSESSMENT. Mauro Giffoni

AEO SELF ASSESSMENT. Mauro Giffoni AEO SELF ASSESSMENT Mauro Giffoni AEO Self Assessment is a practical tool to enable an economic operator to perform a self-assessment Questionnaire developed by the WCO Provide the appropriate information

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

Surveillance Equipment

Surveillance Equipment University of North Dakota Loss Control Committee Standard Practice 240 Surveillance Equipment Effective 12/2005 Revised 10/07 I. Purpose The purpose of this standard practice is to regulate the use of

More information

Identity Theft Prevention Program Compliance Model

Identity Theft Prevention Program Compliance Model September 29, 2008 State Rural Water Association Identity Theft Prevention Program Compliance Model Contact your State Rural Water Association www.nrwa.org Ed Thomas, Senior Environmental Engineer All

More information

Key Small Parcel Requirements

Key Small Parcel Requirements Key RECIPIENT INFORMATION Enter the KLX facility address or destination location. PACKAGE WEIGHT & SIZE Individual package weight up to 150 lbs. (pounds) Maximum dimensions 180 in length, 165 in length

More information

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

FOOD DEFENSE STRATEGIES: Four Ways to Proactively Protect Your Brand

FOOD DEFENSE STRATEGIES: Four Ways to Proactively Protect Your Brand FOOD DEFENSE STRATEGIES: Four Ways to Proactively Protect Your Brand Food Defense: Proactively protecting the food supply chain is paramount for protecting company profitability, liability, and survival.

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

PII Compliance Guidelines

PII Compliance Guidelines Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last

More information

Security Policies and Procedures

Security Policies and Procedures Security Policies and Procedures April 26, 2012 Kristen Whelan Transportation Consultant kwhelan@libertyint.com www.libertyint.com Customs-Trade Partnership Against Terrorism What is C-TPAT? CBP and Industry

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

IT - General Controls Questionnaire

IT - General Controls Questionnaire IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM

CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM INTRODUCTION CHAPTER OSCEOLA COUNTY IDENTITY THEFT PREVENTION PROGRAM The Osceola County Board of County Commissioners is committed to protecting consumers who do business with Osceola County, and as such

More information

IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN

IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN IOWA LABORATORIES FACILITIES PHYSICAL SECURITY PLAN Submitted pursuant to SF 439, Section 14 Iowa Department of Public Safety Senate File 439 of the 80 th General Assembly, Section 14(1) directed the Department

More information

Hosted Testing and Grading

Hosted Testing and Grading Hosted Testing and Grading Technical White Paper July 2014 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or

More information

Effective Date: Subject Matter Experts / Approval(s): TAC: LASO: C/ISO: Front Desk: Technology Support Lead: Agency Head:

Effective Date: Subject Matter Experts / Approval(s): TAC: LASO: C/ISO: Front Desk: Technology Support Lead: Agency Head: Policy Title: Effective Date: Revision Date: Subject Matter Experts / Approval(s): TAC: LASO: C/ISO: Front Desk: Technology Support Lead: Agency Head: Every 2 years or as needed Purpose: The purpose of

More information

Content Protection & Security Standard

Content Protection & Security Standard Content Protection & Security Standard MANAGEMENT CONTROLS PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND AWARENESS BUSINESS RESILIENCE Content Protection & Security

More information

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Information Technology General Controls Review (ITGC) Audit Program Prepared by: Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the

More information

Print4 Solutions fully comply with all HIPAA regulations

Print4 Solutions fully comply with all HIPAA regulations HIPAA Compliance Print4 Solutions fully comply with all HIPAA regulations Print4 solutions do not access, store, process, monitor, or manage any patient information. Print4 manages and optimize printer

More information

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 -------------- w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information