September 25, Dear Mr. Lewis:

Transcription

1 1300 Pennsylvania Ave. NW, Rm. 2.2A Washington, DC September 25, 2013 Mr. Bruce C Lewis Manager, Global Security Compliance & Corporate Security Fairchild Semiconductor Corporation 82 Running Hill Road South Portland, Maine Dear Mr. Lewis: The Customs-Trade Partnership Against Terrorism (C-TPAT) is a voluntary initiative between U.S. Customs and Border Protection (CBP) and private business to build relationships that strengthen international supply chains and improve U.S. border security. C-TPAT benefits include priority processing and reduced delays at the border. Thank you for taking part in the C-TPAT revalidation of Fairchild Semiconductor Corporation (Fairchild Semiconductor). Enclosed, please find a copy of our report for your review and prompt reply. As noted in the executive summary and elsewhere in the report, your company has demonstrated effective security within your own organization as well as a dedication to working with business partners to address supply chain security vulnerabilities that may exist. This work is the essence of C-TPAT, and CBP appreciates your commitment and cooperation. After review of the revalidation report for Fairchild Semiconductor, it has been determined your company has continued to exceed the current minimum security criteria for importers. Therefore, Fairchild Semiconductor will retain its Tier III benefits, the highest level provided to C-TPAT members. C-TPAT membership requires a commitment to continually review and strengthen security measures throughout your international supply chain. All members are encouraged to continue to monitor their supply chain security practices and adopt security measures, which CBP has identified as Best Practices. Security measures identified by CBP as Best Practices include, but are not limited to, requiring the adoption of C-TPAT security measures throughout a company s entire international supply chain(s). Best Practices incorporate a system of checks, balances, accountability, consistency, and continuity that ensure security measures are carried out effectively throughout the international supply chain. The company is urged to consult the C-TPAT Best Practices Guide to continue to achieve additional Best Practices. The guide is accessible through the C-TPAT Public Documentation Library in the C-TPAT Security Link Portal.

2 Mr. Bruce C Lewis Page 2 To fully realize the C-TPAT benefits of reduced examinations for ocean cargo, importers must ensure the timely filing of their Importer Security Filing (ISF) prior to the lading of the cargo onto the vessel at the foreign port. C-TPAT benefits are aligned with a C-TPAT participant s importer of record (IOR) number, and are not applied until the IOR is transmitted with the ISF or CBP entry. A prompt reply to the expectations included the report is due within 90 calendar days from the date of this letter. Please respond to the revalidation report through the C-TPAT Security Link Portal by selecting the Partner tab and clicking on Validation Response. Upon receipt of your response, the assigned Supply Chain Security Specialist (SCSS) will review your response and contact you to address any questions. If you have any questions regarding the findings or recommendations contained in the report, please contact Supply Chain Security Specialist Guillermo Salomon, a member of my staff, at (281) I appreciate the support Fairchild Semiconductor has given to the C-TPAT program and I look forward to strengthening our partnership as we work together to secure the international supply chain. Sincerely, Lauren Kaufer Director, C-TPAT/Industry Partnership Programs Office of Field Operations U.S. Customs and Border Protection Enclosure

3 Revalidation Report Fairchild Semiconductor Corporation July 25, 2013

4 Table of Contents A. Executive Summary 1 B. Findings 3 <<Visits>> Error! Bookmark not defined. C. Best Practices 14 D. Expectations, Actions Required and Recommendations 15 E. Partnership «ValidationType» Team Members 18

5 A. Executive Summary Fairchild Semiconductor Corporation July 25, 2013 On September 3, 2002, Fairchild Semiconductor Corporation (Fairchild Semiconductor) signed a Memorandum of Understanding to voluntarily participate in the Customs-Trade Partnership Against Terrorism (C-TPAT) as an Importer. By entering into that partnership with U.S. Customs and Border Protection (CBP), Fairchild Semiconductor acknowledged the importance of maintaining the integrity and security of their international supply chain. Fairchild Semiconductor submitted to CBP their required C-TPAT security profile that was reviewed and approved. The security profile summarized the procedures Fairchild Semiconductor has in place to ensure effective supply chain security. To ensure the security measures declared in a participant's C-TPAT security profile are carried out and continue to be effective, CBP created the C-TPAT revalidation process in accordance with SAFE Port Act guidelines, enacted into Federal Law in October As noted below and as described in the attached report, that process allowed CBP and representatives of Fairchild Semiconductor to jointly review their C-TPAT security profile and assess its overall effectiveness via onsite visits and procedural reviews. On April 17, 2013, CBP selected Fairchild Semiconductor to participate in a C-TPAT revalidation. The CBP revalidation team met with Fairchild Semiconductor (Section E) on June 5, A visit was made to Fairchild Semiconductor's foreign manufacturing facility and nonrelated logistics service provider located in Cebu City, Philippines. The CBP revalidation team reviewed the importer's security procedures and systems in place. The group worked together to review and discuss the overall supply chain security program for Fairchild Semiconductor, including their interaction with business partners and review the company's efforts to correct any gaps noted in the original validation report. A closeout meeting was also held on July 25, 2013 to discuss the findings and other issues pertaining to the C-TPAT revalidation. Fairchild Semiconductor, established in 1957, is a public company and a global supplier of highperformance power products with corporate offices located in South Portland, Maine. The company designs and manufactures analog mixed signal and electronic components for various electronic applications, including optoelectronic products. Fairchild Semiconductor employs approximately 9,000 personnel and has over 35 subsidiaries throughout the globe that are focused on sales and customer service, design, research and development, or manufacturing. The company primarily contracts airlines to ship their commodity to the U.S. from manufacturing sites, approximately 98% of the company s total shipments are transported via air. The remaining 2% are shipped in containers by contracted sea carriers. In 2012, Fairchild Semiconductor s total revenue was $1.4 billion. The company is a participant of the Authorized Economic Operator programs in Europe and South Korea. Page 1

6 For this year s validation process, CBP selected Fairchild Semiconductor s Cebu City supply chain in the Philippines. The majority of cargo from this site is destined to the U.S. via air freight. Once the product has been inventoried, bar-coded, picked, packed, and invoiced, it is temporarily staged for shipping. All shipping documentation is confirmed by a Fairchild Semiconductor s manager prior to loading onto contracted conveyances. FedEx is responsible for shipping cargo from the supplier site to the air cargo facility. However, it subcontracts, Airlift Asia Inc., a logistics service provider, to move the freight to their site on their behalf. Fairchild Semiconductor s final product is loaded onto subcontracted box-trucks and transported to the Philippines Economic Zone Authority s (PEZA) Customs Officers for processing prior to heading to the air cargo facility. Once processed by Philippines Customs Officers, the goods are transported to the air cargo facility with no further stops. At the air cargo facility, 100% of the cargo is verified and handed off to the designated air carriers for x-ray inspections and loading onto aircraft. FedEx and Airlift Asia Inc. are Fairchild Semiconductor's business partners within the Cebu City supply chain. These companies have access to Fairchild Semiconductor's facility and cargo. However, the importer works with these business partners to ensure that pertinent security measures are in place and adhered to throughout the supply chain. Fairchild Semiconductor's contracted security company, Probe Security Agency, also has limited access to cargo and conveyances. Probe Security Agency officers are responsible for inspecting commercial vehicles upon entering the facility. Several other companies are contracted as in-house service providers but do not have unsupervised access to cargo or the facility. Based on the C-TPAT security profile, the validation activities summarized within and their willingness to implement the recommendations contained in this report, it is the opinion of the CBP validation team that Fairchild Semiconductor has acknowledged the importance of their supply chain security. Included in this report for Fairchild Semiconductor are the findings of the revalidation team and CBP's overall assessment of their supply chain security program. A response to the revalidation report is due within 90 days of its issuance to Fairchild Semiconductor. Page 2

7 B. Findings The security profile submitted by Fairchild Semiconductor in addition to the supplemental information volunteered by its representatives during meetings and site visits provides a comprehensive and verifiable account of their security procedures. Management was available to answer any questions and provide a tour of the facility. Management Support / Self-Assessments / Audits Successful participation in the C-TPAT program is the result of a high level of managerial support given to the program. Throughout the validation process, management was engaged in supporting the C-TPAT program and was focused on monitoring and improving security procedures through periodic self-assessments. Fairchild Semiconductor 82 Running Hill Road South Portland, Maine United States Prior to the foreign validation, the C-TPAT validation team conducted outreach to Fairchild Semiconductor in order to verify their compliance with the following core C-TPAT minimumsecurity criteria for importers, Risk Assessment and Business Partner Requirements. A visit to the domestic facility was not conducted. The following are the findings of the validation team based on communication with the company by phone and documentation review. Selected Foreign Site Supply Chain Security / Risk Assessments - Verification Fairchild Semiconductor has conducted a comprehensive assessment of their security practices based on C-TPAT minimum security criteria. Supplier and freight forwarder visits are conducted at foreign by Fairchild Semiconductor s corporate staff to evaluate security procedures and methods. Reports are created and include vulnerabilities or deficiencies discovered during assessments that are required to be addressed prior to a subsequent visit. Risk assessment reports were provided to the CBP team for review. Based on Fairchild Semiconductor s corporate policy, all suppliers must be subject to verification of compliance with C-TPAT security criteria; this includes suppliers that are not participating in the C-TPAT program, either by choice or ineligibility. Business Partner Requirements Fairchild Semiconductor has written and verifiable processes for the screening of all business partners. Security verifications are conducted on their suppliers and service providers on a reoccurring basis to ensure supply chain security is maintained. Business partner contracts stipulate security measures partners must apply and adhere to within their supply chains. A Dun & Bradstreet query is conducted on all prospective business partners. A visit to a partner's site is Page 3

8 conducted to determine security measures and location. Fairchild Semiconductor verifies the partner s government identification numbers to ensure legitimacy. Professional associations and business references are contacted and verified as well. The importer requires its partners, where available, to participate in the C-TPAT program or its equivalent. Business partners that participate in the C-TPAT program are required to provide their Status Verification Interface (SVI) number. The company verifies the SVI status within the C-TPAT Security Link Portal for all partners on a monthly basis. For partners that are not able to participate in C-TPAT, Fairchild Semiconductor requires them to have security practices in place that meet the minimum security criteria. The company verifies non C-TPAT partners security measures through a security questionnaire provided to the partner. On an annual basis, Fairchild Semiconductor reviews its business partners' practices to ensure adequate security measures are still in place. Fairchild Semiconductor requires its business partners to provide evidence of certification if they are participating in a supply chain security program administered by a foreign Customs Administration or private organization. Business partners must provide this information in the security questionnaire provided by the importer. Fairchild Semiconductor Philippines Inc. Mactan Economic Zone 1 Lapu Lapu City, Philippines The validation meeting was held on June 19, The meeting was conducted at Fairchild Semiconductor Philippines Inc. in Lapu Lapu City. A comprehensive review of their security profile was conducted and additional information was provided by the company's representatives. Management was on hand to answer questions and provide a tour of the facility. Fairchild Semiconductor Philippines was established in 1979 and is a manufacturer of transistors and semiconductors. The facility is located within one of several Philippine Economic Zone Authority (PEZA) zones in the country and occupies approximately 44,559 square meters of space with a built up area of over 26,000 square meters. The company employs over 1300 personnel. Their product is primarily transported to its related importer, Fairchild Semiconductor Corporation, based in the U.S. However, clients such as Dell, Apple, and Samsung purchase the imported product to insert in their electronics. The company sends approximately seven shipments a week to the U.S. Fairchild Semiconductor Philippines shares an Electronic Data Interchange (EDI) system with its clients. Upon the client's electronic request, the manufacturer produces and prepares product for transport. Once all documentation has been verified by the manufacturer and logistics provider, shipments are transported to the PEZA Customs Officers for processing. Seals are placed after the Customs Officers have reviewed and approved the process for shipping. Cargo is transported to the logistics provider's air freight facility and then the airport terminal. Approximately 98% of product shipped from this site is moved via air carriers, the remaining 2% is moved via sea. Page 4

9 Container / Conveyance / Transport Security In order to maintain a high level of cargo integrity, Fairchild Semiconductor Philippines requires multiple company employees to be present during the loading process, one of which is always required to be a supervisor. The supervisor ensures employees load the correct cargo according to the shipping documents and that no unauthorized cargo is accidentally or purposefully loaded onto the trailer. Box-trucks are primarily utilized to ship the company s cargo. Procedures are in place to verify the physical integrity of box-trucks prior to the loading process. Fairchild Semiconductor Philippines conveyance procedures are utilized to prevent unauthorized introduction of materials and people into their cargo. The company requires its transportation service provider to conduct a truck/trailer 12-point inspection before arriving to their facility. Fairchild Semiconductor Philippines then conducts a documented 12-point inspection at their site prior to initiating the loading process. The trailer structure, door locking mechanism, and door hinges are also inspected prior to loading. Supervisors at times observe the inspection process. The integrity of instruments of international traffic is maintained while en route by utilizing an informal system of tracking and monitoring. Fairchild Semiconductor Philippines cargo is shipped from their site to the FedEx facility less than five minutes away and then taken to the airport cargo terminal. The company requires its logistics service providers to track their conveyances and provide them with a daily electronic report. On a random basis, the manufacturer will follow the trucks to their destination or provide escorts. Procedural Security Fairchild Semiconductor Philippines has verifiable policies in place to ensure the integrity and security of processes relevant to the transportation, handling, and storage of cargo in the supply chain are maintained. Policies were provided to the CBP team for review. Procedures are in place governing how information is physically and electronically safeguarded. A Clean Desk Policy is practiced by all employees and enforced by company management. The company maintains its active shipping information in lockable cabinets within their facility. Archived documents are secured from three years to an indefinite period of time depending on the type of document. An archive room in a separate building is utilized to store archived documents. The room can only be accessed by an archive administrator. Once the archived documents have met their retention period, they are shredded by a contracted company in the presence of security officers. At a minimum, five Fairchild Semiconductor Philippines employees are responsible for verifying all information in the shipping documents and ensuring their correctness. The driver is also required to review the documents handed to him/her. Copies of BOL s, manifests, and loading sheets were provided to the CBP team for review. Documents were legible, complete, and included the weight, labels, piece counts, and client information. All data is electronically created to minimize human error and the introduction of erroneous information. Any discrepancies noted during review of documents are attended to until resolved. Page 5

10 Upon departure of an aircraft, the manufacturer s Air Freight Consolidator (AFC) transmits each manifest for CBP processing. Fairchild Semiconductor Philippines also sends an Advanced Shipping Notice (ASN) to its clients that includes an invoice, airway bill, shipping alert, product description, and tracking number. Products are boxed prior to being staged for departure. Departing cargo is reconciled with information off of shipment documents and verified as it is being loaded onto box-trucks. Drivers picking up or dropping off cargo are always requested to provide identification at the gate. Security officers at the main gate record incoming and outgoing cargo traffic. When Fairchild Semiconductor Philippines discovers a cargo discrepancy before shipping commences, the entire shipment is stopped until the discrepancy has been satisfactorily resolved. The company requires its employees to resolve issues involving shortages, overages and other significant discrepancies or anomalies discovered as well. Additionally, if illegal or suspicious activities are detected, personnel notify security officers or appropriate authorities. Physical Security The Fairchild Semiconductor Philippines facility is equipped with physical barriers and deterrents to guard against unauthorized access to conveyances and cargo. At the North and South ends of the facility, an eight feet wall/fence combination is in place. At the East and West ends of the facility a seven feet wall/fence combination is in place. Most of the perimeter fencing is topped with barb-wire for added security. Internal fencing is in place to prevent unauthorized access to cargo within staging areas. The facility has ten gates, which are monitored via a Closed Circuit Television (CCTV) system. However, only three gates are currently being utilized for operational purposes. The remaining gates are pad-locked and only accessed when required. The three gates in use are monitored by security officers on a 24-hour basis. Employees are required to park their private vehicles away from cargo handling areas. Security officers provide parking tags to each vehicle entering the facility. The fence, gates, and surrounding areas are inspected for repair on a daily basis by the security officers conducting periodic patrols. In addition, maintenance staff conducts an inspection of fences and gates on a monthly basis. The office buildings are constructed of concrete block and steel. Internal and external doors within the offices have single locking mechanisms to prevent unauthorized access. Some facility windows can be opened but are always maintained locked. Emergency exits are in place and can not be accessed from the outside. Lighting fixtures are strategically located to cover entrances and exits, handling and storage areas, perimeter fencing, and parking areas. Lighting fixtures are made up of a combination of manual and sensor operated units. The facility is equipped with a CCTV system to monitor the premises and prevent unauthorized access to cargo handling areas. The company has a total of 32 fixed digital color-cameras that are monitored live by security guards. There are 15 interior cameras and 17 exterior cameras that record onto a DVR for a period of 56 days before initiating a new cycle. Fairchild Semiconductor Philippines has strategically positioned the cameras throughout the facility to monitor the production and engineering areas, entrances, all gates, the lobby area, the parking Page 6

11 area, the shipping area, and the administrative offices. Cameras are inspected on a daily basis to ensure they are operable. Physical Access Controls Fairchild Semiconductor Philippines has written policies and procedures in place that govern physical access controls and provide for a positive identification of employees and contractors. The company provides each employee with a company identification that is required to be worn at all times within company premises. Company badges include a photograph of the employee, employee name, company name, a control number, company address, employee signature, and an entry date. Company badges are color coded to distinguish permanent employees from contractors. A PEZA badge and colored uniforms are also provided to each employee. In addition, fingerprint technology is utilized at the employee exit point for all employees departing the facility. Employees are provided access to areas they are required to have to accomplish their duties. Fairchild Semiconductor Philippines requires all visitors to present photo identification upon arrival to the facility. Vendors and contractors are also required to present photo identification upon arrival. Everyone requesting access to the facility must register into a logbook and are provided temporary visitor badges. Visitors are required to wear temporary visitor badges at all times while on company premises. All non-employee personnel are escorted at all times while in the premises. Fairchild Semiconductor Philippines has written procedures for personnel to screen deliveries and mail before distribution. The company has trained its personnel to identify, challenge and report unauthorized persons on company premises. Written procedures exist describing the processes and proper actions to take when unauthorized persons are found on company premises. The Human Resources department is responsible for controlling access devices, to include their issuance, retrieval, and deactivation. Procedures for issuance, retrieval, and changing of access devices are in writing and were provided to the CBP team for review. The company ensures to record access device retrieval on a checklist. However, the issuance of said devices are currently not being formally documented. Termination procedures are in place and were provided to the CBP team for review. Upon termination, badges and keys are returned and computer access is immediately revoked. An Accountability Verification Form is utilized to document retrieval of all items collected. Personnel Security Fairchild Semiconductor Philippines has a formal hiring process in place and provided a copy to the CBP team for review. The company contracts the services of an employment agency, Cebu General Services to carry out portions of the hiring process. Prospective employees are required to complete a verification process and an interview process. An application must be submitted that includes personal information such as; address, previous employment history, personal references, etc. The contracted employment agency is responsible for handling an applicant s Page 7

12 police clearance, conducting drug tests and medical evaluations, verifying education and previous employers. Documentation collected during the hiring process is filed in each employee s record file, including copies of birth certificates, application, medical examination, drug test findings, and evidence of reference checks. The contracted employment agency provides Fairchild Semiconductor Philippines with a report of findings for each prospective employee. Consistent with foreign, federal, state, and local regulations, background checks and investigations are conducted for prospective employees. Multiple criminal investigations are conducted by the contracted employment agency. A local policy clearance and a National Barangay Investigation (NBI) are required to be conducted on each employee prior to hiring. Personal background checks also include an identity verification and a credit check. Periodic drug testing is performed on current employees. The company currently has a vendor qualification program, which evaluates and investigates contracted service providers that will require access to the facility. A standard NBI clearance is verified to be conducted on employees of the contracted company. A financial status of the company is requested and reviewed as well. Security Training And Threat Awareness Fairchild Semiconductor Philippines has established a threat awareness program to recognize and foster awareness of the threat posed by terrorists. All employees are provided periodic training on the following subjects; terrorist threats, the C-TPAT program, access control procedures, document fraud, identifying suspicious cargo, reporting suspicious activities and personnel, package screening, box-truck inspections, tractor inspections, and enforcing IT security. The company also provides a new hire orientation to all new employees regarding the company s safety and security policies. Training is provided in classroom format, through videos, via website E-Learning, or by outsourced personnel. The company provided evidence of training courses to the CBP team for review. All employees are also provided training on how to report significant incidents, anomalies, or issues. Fairchild Semiconductor Philippines has an anonymous Hotline number in place for employees to call when they wish to report an issue without exposing themselves. The company provides gift certificates to employees or recognizes them during meetings when they have actively participated in maintaining supply chain security. Information Technology Security Fairchild Semiconductor Philippines has a formal written policy in place that governs IT security and has provided a copy of it to the CBP team for review. The procedures are provided to all employees given access to systems upon hiring and as periodic training. Fairchild Semiconductor Philippines utilizes antivirus software and firewall to protect all systems against virus intrusion and unauthorized access. The local IT staff has administrative functions but user Page 8

13 accounts are created by the U.S. entity IT personnel. Employees are only given access to areas that are required to perform their daily duties. Daily, weekly, and yearly back-ups are conducted on the system and saved onto a tape. The tapes are secured in a data center. The local IT server room can only be accessed by four employees. Company employees are assigned individual user accounts that require passwords to access. Passwords must be periodically changed every 180 days and are also required to access files and software. The company s systems lock up after five failed attempts to log on. A lock up feature is also in place to block systems when an absence of activity exceeds five minutes. The company's IT staff conduct periodic reviews to identify improper access, tampering, or the altering of business data. The IT staff also monitors any unauthorized attempts into the company s IT system. Proxies have also been created to prevent employees from entering websites not authorized by the company. Employees with access to systems and software who are caught violating Fairchild Semiconductor Philippines procedures will be suspended or terminated, depending on the gravity of the incident. Airlift Asia Inc. AAI Freight Management Center Mactan Economic Processing Zone Lapu Lapu City, Philippines The validation meeting was held on June 20, The meeting was conducted at Airlift Asia Inc. in Lapu Lapu City. A comprehensive review of their security profile was conducted and additional information was provided by the company's representatives. Management was on hand to answer questions and provide a tour of the facility. Airlift Asia Inc. is a logistics service provider sub-contracted by FedEx, Fairchild Semiconductor Philippines' freight forwarder, to transport cargo from the manufacturer's facility to the FedEx facility. Airlift Asia Inc. was established in 1983 and is located in an industrial area near the Cebu City airport. The facility occupies 4,800 square meters of space with built-up space equaling 2000 square meters. The company currently owns 25 box-trucks that are utilized to transport goods. Approximately 20 percent of their business is exported to the United States. Airlift Asia Inc. picks up cargo from the Fairchild Semiconductor Philippines site and transports it to the FedEx air cargo facility. Once cargo arrives to the FedEx facility, it is packed in plastic bags and transferred to the air carriers. The air carriers, Philippine Airlines or Cathay Pacific, are then required to conduct x-ray inspections on all cargo prior to loading onto the aircrafts. Container / Conveyance / Transport Security The integrity of instruments of international traffic is maintained while en route by using an informal system of tracking and monitoring. Airlift Asia Inc. maintains communication with drivers via radio or phone and documents progress on a manual dispatch log. Escorts are utilized to ensure drivers take predetermined routes. The company also audits each conveyances' diesel Page 9

14 usage to determine if there is a shortage. Random route checks are conducted by management to determine suspect behavior. Drivers are required to notify the dispatch office of any route delays due to weather, traffic, or other incidents. Daily on site verifications are conducted by management staff to ensure logs are maintained. Supervisors must sign the log as a confirmation of document verification. Procedural Security Airlift Asia Inc. has verifiable policies in place to ensure the integrity and security of processes relevant to the transportation, handling, and storage of cargo in the supply chain are maintained. Company representatives are responsible for verifying all information in the shipping documents before the load is received. Copies of AWB s, manifests, and export declarations were provided to the CBP team for review during the visit. Documents were legible, complete, and included commodity description and other information required for processing. Documents are electronically created to minimize human error and the introduction of erroneous information. Active and archived files are protected from misuse and abuse. Active files are maintained in a lockable office and archived files are safeguarded for up to three years before being shredded by a contracted company in the presence of Airlift Asia Inc. personnel. Products are weighed, boxed, and sealed with company tape prior to being staged for departure. Departing cargo is reconciled with information off of shipment documents and verified as it is being loaded onto conveyances. Drivers picking up or dropping off cargo are always requested to provide identification. To help ensure the integrity of cargo exported from its client, Airlift Asia Inc. has procedures in place to ensure that information provided is reported accurately and timely. Multiple employees review the shipping information prior to releasing it. Airlift Asia Inc. transmits the manifest utilizing its software, Airlift Logistics Solution Systems. All shipping information is transmitted to CBP shortly after the aircraft has departed from the airport. When Airlift Asia Inc. discovers a cargo discrepancy before shipping commences, the discrepancy is investigated appropriately until resolved. The company requires its employees to contact supervisors in the event shortages, overages and other significant discrepancies or anomalies are discovered. Additionally, if illegal or suspicious activities are detected, personnel notify appropriate law enforcement agencies. Physical Security Airlift Asia Inc. s facility is equipped with physical barriers and deterrents to guard against unauthorized access to conveyances and cargo. The front of the facility is equipped with a seven feet fence and the rear of the site is equipped with ten feet fencing topped with barb wire. The facility has two gates, which are monitored by security personnel. Employee and visitor parking areas are located adjacent to the facility compound but away from cargo handling areas. Private vehicles are restricted to an area in front of the building and are prohibited from entering and parking near conveyances. The fence, gates, and surrounding areas are inspected for repair on a monthly basis by the logistics supervisor and the safety/security supervisor. Page 10

15 The building is constructed of concrete block and steel. Internal/external doors, windows, and gates have adequate locking mechanisms to prevent unauthorized access. Lighting fixtures are strategically located to cover entrances and exits, handling and storage areas, perimeter barriers, and parking areas. Lighting fixtures are made up of a combination of automatic and manually operated units. The company has a stand-by generator as an emergency power source in the event of a power loss. The company contracts SSMI to monitor an existing intrusion alarm system located on site that covers the entire building. The alarm is composed of motion sensors only, which are utilized to monitor the warehouse. Physical Access Controls Airlift Asia Inc. has written policies and procedures in place that govern physical access controls and provide for a positive identification of employees and contractors. The company provides its employees with company identification badges that are required to be displayed during working hours. Company badges include a photograph of the employee, employee name, position held, company name, and a control number. Personnel are only authorized to access areas of the facility that are needed to perform their duties. All visitors are required to present photo identification upon arrival to the facility. Vendors and contractors are also required to present photo identification. Visitors are given a temporary visitor s badge and logged into the visitor s log. Visitors are required to be escorted and wear temporary visitor badges at all times while on company premises. Procedures exist that govern how personnel screen deliveries and mail before distribution. All mail packages are handled and screened by security. The company has trained its personnel to identify, challenge and report unauthorized persons on company premises. Written procedures exist describing the processes and proper actions to take when unauthorized persons are found on company premises. The Human Resources department is responsible for controlling access devices, to include their issuance, retrieval, and deactivation. Procedures for issuance, retrieval, and changing of access devices, such as keys, are in writing and were provided to the CBP team for review. The company ensures to record access device issuance on a checklist. However, the company badges are not included in this process. Termination procedures are in place and were provided to the CBP team for review. Upon termination, badges and keys are returned and computer access is immediately revoked. A formal checklist is in place to document retrieval of most items. Personnel Security The company has processes in place to screen prospective employees prior to hiring. Airlift Asia Inc. utilizes the services of a hiring agency, CK Ros Management Consultant, who provides a full report of selected applicants to the company. All employees begin as direct hires for five Page 11

16 months and then become contract employees under CK Ros Management Consultant. Any prospective employee must submit an application or resume with personal information, such as; address, previous employment history, personal references, etc. Applicants are also subject to an interview process. Current hiring processes require the verification of employment history and references. Reference verifications are documented onto checklists. Consistent with foreign, federal, state, and local regulations, background checks and investigations are conducted for prospective employees. Multiple criminal investigations are conducted by the contracted employment agency. A local policy clearance and a National Barangay Investigation (NBI) are required to be conducted on each employee prior to hiring. Personal background checks also include an identity verification and a drug test. Once employed, periodic checks are routinely performed based on company policy. Criminal checks and reinvestigations are conducted annually and include an NBI along with a drug test. Security Training And Threat Awareness The company has a security training program in place for new hires and current employees. Airlift Asia Inc. documents all training on employee training logs. Training logs were provided to the CBP team as evidence of training. Depending on the subject matter, training is provided annually or as needed in classroom or meeting settings. Topics typically discussed during training are the following; security, terrorist threats, threat of smuggling, access controls, cargo integrity, identifying suspicious cargo, IT, and package screening. Employees also receive training on company procedures, to include reporting security breaches or suspicious activity, conveyance door integrity, and the C-TPAT program. Specific employees are trained in conducting conveyance inspections and searching natural or hidden compartments. The company occasionally provides testing after training to determine employee retention levels. The company provides its employees with incentives to encourage participation in maintaining security awareness. During periodic meetings, the company will recognize an employee or provide him/her with a gift. Also, an Improvement Proposal Program provides free meals and drinks as rewards for active participation. Employees are provided regulations, as well as security procedures practiced throughout the facility, in regards to reporting security breaches or suspicious situations. Employees are encouraged to report directly to their management staff or to security guards when reporting significant incidents. Information Technology Security Policies are in place to govern Airlift Asia Inc. s procedures for maintaining the IT system secure and provide training to employees regarding their responsibilities and duties. The policy was provided to the CBP team for review. The company s IT staff is composed of two people that create individually based user accounts and provide system access to employees, per management. Daily, weekly, monthly, and annual back-ups are recorded onto tapes, which are maintained in two locations, on site and at manager s home. Only the IT staff and authorized Page 12

17 management staff member have access to the server room. Reserve power units are in place in the event that power is lost. Airlift Asia Inc. computers are equipped with updated anti-virus software, firewall, and antispyware software. Delineated access levels ensure that employees only have access to files and programs that are necessary in the performance of their specific duties and responsibilities. Employees are required to possess a password to access the operating software and systems. Passwords are required to be periodically changed annually. Each computer is also programmed to lock up after three failed login attempts and after thirty minutes of activity absence. The company has system software in place that tracks user access and identifies abuse. Employees that abuse system access are subject to disciplinary actions ranging from verbal warnings to termination depending on the gravity of the abuse. Page 13

18 C. Best Practices The CBP validation team found that Fairchild Semiconductor has the following best practice(s): Fairchild Semiconductor Philippines Inc. Personnel Security Background Checks / Investigations: Multiple criminal investigations are conducted by the contracted employment agency. A local policy clearance and a National Barangay Investigation (NBI) are required to be conducted on each employee prior to hiring. Personal background checks also include an identity verification and a credit check. Periodic drug testing is performed on current employees. Airlift Asia Inc. Personnel Security Background Checks / Investigations: Multiple criminal investigations are conducted by the contracted employment agency. A local policy clearance and a National Barangay Investigation (NBI) are required to be conducted on each employee prior to hiring. Personal background checks also include an identity verification and a drug test. Page 14

19 D. Expectations, Actions Required and Recommendations Consistent with the C-TPAT Partner Agreement and the goals of the program, it is expected that your company will insert the following management practices into supply chain security processes: Procedural changes should be made when necessary and new policies written as additional threats emerge. An annual review of your security profile should be completed in the C-TPAT Security Link Portal. The annual review should identify any enhancements or updates to your security profile and any changes made to your company profile. For guidance and further clarification regarding the annual security profile review please follow the link to the Q & A s webpage. The CBP Supply Chain Security Specialist (SCSS) should be kept up to date on issues or changes regarding contact information, security procedures, and security practices. A procedure should be in place to ensure the SCSS is notified immediately in the event of a supply chain security breach and procedures should be in place to ensure this occurs. If applicable to your company's business model, management should ensure that all business partners are following the same practices and procedures in all of their facilities worldwide. Recommendations / actions required in this report should be implemented throughout the company's entire international supply chain. Acknowledgement of expectations and, if applicable, responses to Recommendations and/or Actions Required is required. Please respond to the validation report within 90 days through the C-TPAT Security Link Portal main menu by selecting the 'Partner' tab and clicking on 'Validation Response'. Failure to respond may result in a suspension of program membership and benefits. Domestic Verification Selected Foreign Site Supply Chain Security / Risk Assessments - Verification RECOMMENDATION: Fairchild Semiconductor should ensure all follow-ups conducted to resolve gaps, weaknesses, or deficiencies are formally documented onto the risk assessment. Page 15

20 Fairchild Semiconductor Philippines Inc. Container / Conveyance / Transport Security Container / Trailer / Instruments of International Traffic Inspections: RECOMMENDATION: Fairchild Semiconductor Philippines should implement a supervisor's signature block in the checklist as evidence of him/her witnessing the inspections. Physical Access Controls Access Devices / Badges / Key Controls: RECOMMENDATION: Fairchild Semiconductor Philippines should document its current issuance procedures for access devices provided to all employees, including badges, keys, etc. Access Termination Procedures: RECOMMENDATION: Fairchild Semiconductor Philippines should add the use and purpose of the "Accountability Verification Form" onto its current termination policy. Personnel Security Background Checks / Investigations: RECOMMENDATION: Fairchild Semiconductor Philippines should conduct periodic criminal investigations on current employees that hold or are being promoted to critical positions or based on cause. Airlift Asia Inc. Physical Access Controls Access Devices / Badges / Key Controls: RECOMMENDATION: Airlift Asia Inc. should also document the issuance and retrieval of company badges. Security Training And Threat Awareness RECOMMENDATION: Airlift Asia Inc. should conduct training scenarios to elevate their employees' alertness and security awareness. Page 16

21 Information Technology Security RECOMMENDATION: Airlift Asia Inc. should require passwords to be changed every days. Additionally, the current absence of activity feature should match what is currently in policy. Finally, disciplinary actions for abuse should also be placed under the IT policy. A response to recommendations/actions required contained in this report is due within 90 days of the issuance of this report to Fairchild Semiconductor. Page 17

22 E. Partnership Revalidation Team Members U.S. Customs and Border Protection Guillermo Salomon Eloy Sanchez Supply Chain Security Specialist Supply Chain Security Specialist Fairchild Semiconductor Philippines Inc. Mactan Economic Zone 1 Lapu Lapu City Philippines Jesus Maguate Department Manager IS Kim Managing Director Ronald de Guzman Senior Manager Human Resources Carmencita Alviola Section Head, Administrative Services Bruce Lewis Manager of Global Security Compliance R. James Mohan Manager, Security & Safety Airlift Asia Inc. AAI Freight Management Center Mactan Economic Processing Zone Lapu Lapu City Philippines Loy Badilla Customer Service Manager Jesse Maguate Department Manager Bogie Santiago National Account Manager Bruce Lewis Manager, Global Security Compliance Robert Ramos Senior Security Specialist R. James Mohan Manager, Security & Safety Importer ID: Page 18