Home / Access Control / C-Tpat Compliance Evaluation
c tpat audit checklist firewall
Firewall

C-Tpat Compliance Evaluation

C-Tpat Compliance Evaluation

Following the events of September 11th, the United States Government has increased its efforts to enhance national security. As an agent to U.S. retailers and importers, Buyer has been called upon by some of its customers to support a U.S Customs initiative called Customs-Trade Partnership Against Terrorism (C-TPAT) to strengthen the security of our overall supply chain….

In accordance with the C-TPAT Manufacturer Security Recommendations issued by U.S. Customs, our evaluators will carry out on-site security facility evaluation to assess the factory’s current state of security compliance to U.S. Customs general security recommendations.

The evaluation will include a meeting with the factory’s management, an interview with a select number of workers, an on-site inspection of the factory facilities as well as a review of various security related documents/records. Where security gaps are found, the factory and contractors need to agree on a mutually acceptable timeline for security enhancements and improvements. As supply-chain security is a developing area, Buyer expects that these measures will evolve over time. Security measures of concern are listed below

Physical Security

All buildings should be constructed of materials, which resist unlawful entry and protect against outside intrusion. Physical security should include:

  • Adequate locking devices for external and internal doors, windows, gates, and fences.
  • Perimeter fencing should enclose the areas around cargo handling and storage facilities.
  • Segregation and marking of international, domestic, high-value, and dangerous goods cargo within the warehouse by a safe, caged, or otherwise fenced-in area.
  • All containers bound for Carter’s & Oshkosh in the U.S. are sealed with a high security seal that meets or exceeds the current PAS ISO 17712 standard for high security seals.
  • Written procedures exist stipulating how seals are to be controlled and affixed to loaded containers. These include procedures for recognizing and reporting compromised seals and or containers to local authorities or U.S. Customs.
  • Only designated employees have access to seals.Gates through which vehicles and/or personnel enter or exit must be manned and/or monitored.
  • Parking area for private vehicles should be separate from the shipping, loading dock, and cargo areas.
  • Buildings must be constructed of materials that resist unlawful entry.
  • Adequate locking devices for external and internal doors, windows, gates, and fences.
  • Adequate lighting provided inside and outside the facility including parking areas.
  • Internal/external communications systems in place to contact internal security personnel or local law enforcement police.
  • Segregation and marking of international, domestic, high-value, and dangerous goods cargo within the warehouse by a safe, caged, or otherwise fenced-in area.
  • Adequate lighting provided inside and outside the facility to include parking areas.
  • Separate parking area for private vehicles and that is separate from the shipping, loading dock, and cargo areas.
  • Internal/external communications systems in place to contact internal security personnel or local law enforcement police.

Access Controls

  • Application information, such as employment history and references, should be verified prior to employment.
  • Background checks and investigations should be conducted for prospective employees and periodic checks and reinvestigations should be performed.
  • Procedures in place to remove facility and system access for terminated employees.
  • Unauthorized access to the shipping, loading dock and cargo areas should be prohibited. Controls should include:
  • The positive identification of all employees, visitors and vendors.
  • Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures, and standards must be in place and provided to employees in the form of training.
  • A system must be in place to identify the abuse of IT including improper access, tampering, or altering business data. All system violators must be subject to appropriate disciplinary actions for abuse.
  • Procedures for challenging unauthorized/unidentified persons.
  • An employee identification system must be in place for positive identification and access control purposes.
  • Employees should only be given access to those secure areas needed for the performance of their duties.
  • Procedures in place to control the issuance, removal, and changing of access devices.
  • Visitors must present photo identification for documentation purposes upon arrival. All visitors should be escorted and visibly display temporary identification. Security personnel must
  • dequately control the issuance and removal of identification badges.
  • Proper vendor ID should be presented for documentation purposes upon arrival.
  • Procedures in place to identify, challenging, and address unauthorized/unidentified persons.

Procedural Security

Measures for the handling of incoming and outgoing goods should include the protection against the introduction, exchange, or loss of any legal or illegal material. Security controls should include:

  • Having a designated security officer to supervise the introduction/removal of cargo.
  • Properly marked, weighed, counted, and documented products.
  • Procedures for verifying seals on containers, trailers, and railcars.
  • Procedures for detecting and reporting shortages and overages.
  • Procedures in place to ensure that all information used in the clearing process is complete, accurate, and protected against the exchange, loss, or introduction of erroneous information.
  • Procedures must be in place to ensure that information received from business partners is reported accurately and timely.
  • Procedures in place to ensure cargo is properly marked, weighed, counted, and documented.
  • Procedures for detecting and reporting shortages and overages.
  • Procedures for tracking the timely movement of incoming and outgoing goods.
  • Procedures to notify customs and other law enforcement agencies in cases where anomalies or illegal activities are detected or suspected by the company.
  • Procedures for tracking the timely movement of incoming and outgoing goods.
  • Proper storage of empty and full containers to prevent unauthorized access.
  • Procedures to notify Customs and other law enforcement agencies in cases where anomalies or illegal activities are detected or suspected by the company.

Personnel Security

  • Education and Training Awareness
  • A security awareness program should be provided to employees including recognizing internal conspiracies, maintaining product integrity, and determining and addressing unauthorized access. These programs should encourage active employee participation in security controls.
  • A threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by terrorists at each point in the supply chain.
  • A security awareness program is provided to employees including recognizing internal conspiracies, maintaining product integrity, and determining and addressing unauthorized access. These programs encourage active employee participation in security controls.
  • Additional training should be provided to employees in the shipping and receiving areas, as well as those receiving and opening mail.
  • Currently, Buyer evaluates based on a point scoring system for security measures taken by a factory. Points will be awarded for each of the requirement listed on our self-assessment questionnaires and a total score will be given.

About Engr. Kh. Mashiur Rahman

He is Garment Business ERP Consultant and Digital Marketing Consultant of several RMG factories. He is certified Echotech Garment CAD Professional-China, Aptech-India, NCC-UK and B.Sc. in CIS- London Metropolitan University, M.Sc. in ICT-UITS. He is also re-seller of several top-level Apparel ERP software companies. Contact- apparelsoftware@gmail.com, Cell# +880 1792525354

Similar Post

Network Access Control PG-2750 Installation Procedures

Network Access Control PG-2750 Installation Insert PG network access control installation CD into CDROM for security …

Leave a Reply

Your email address will not be published. Required fields are marked *