1. Facility has no documented security improvement action plan summarizing identified vulnerabilities and their relevant corrective actions
2. Facility has no security department/personnel
3. Facility has not conducted a site security assessment
4. Facility has not designated a company official responsible for contractor security
5. Facility has not designated a company official responsible for conveyance/transport security
6. Facility has not designated a company official responsible for personnel security
7. Facility has not designated a company official responsible for plant security
8. Facility has not designated a company official responsible for security audits or evaluations
9. Facility has not designated a security chief
10. Facility security improvement plan is not being updated and reviewed on regular basis
11. Security procedures and improvement plans where relevant, are not documented and verifiable
12. The facility has no policy in place to ensure that security procedures are documented
B. Personnel Security:
1. Background checks on all applicants are not conducted
2. Company identification is not required for entry of personnel
3. Criminal background checks are not updated periodically as needed, and/or when employees' work responsibilities require it
4. Criminal record checks are not conducted
5. Employee personnel files maintained do not include the date of birth of the employee
6. Employee personnel files maintained do not include the name of the employee
7. Employee personnel files maintained do not include the national identification number
8. Employees are not required to return their badges when they leave the company
9. Employment applications are not required of applicants
10. Employment history checks are not conducted
11. Facility does not have a process in place requiring all personnel to participate in the security awareness program
12. Facility does not have a security awareness program in place for all personnel
13. Facility does not have or maintain a written code of conduct for employees
14. Facility does not maintain a permanent employee personnel file for each employee
15. Facility does not maintain records of outcomes of periodic unannounced security checks related to personnel security procedures
16. Facility has no established procedure to conduct periodic unannounced security checks to ensure that all security procedures related to personnel security are being performed properly.
17. Facility has no process in place to publicize the security procedures throughout the facility (i.e. posters, bulletin boards, etc)
18. Facility has no process in place to retain copies of employees' official identification
19. General background checks are not updated periodically
20. IDs are not required to access restricted areas
21. IDs do not specify access for loading/packing dock areas
22. Lost IDs are not replaced and recorded as missing
23. New employee orientation does not include challenging and reporting unidentified persons to security or management personnel
24. New employee orientation does not include computer security
25. New employee orientation does not include confirming that all onsite personnel are wearing ID
26. New employee orientation does not include detection of unlawful activity
27. New employee orientation does not include maintaining cargo integrity
28. New employee orientation does not include recognizing and detecting dangerous substances and devices
29. New employee orientation does not include recognizing internal conspiracies
30. New employee orientation does not include reporting compromised security infrastructure (broken locks, windows, computer viruses, etc.)
Other type of checks such as criminal record checks are not conducted on all employees
31. Other type of checks such as references (personal and employment) are not conducted on all employees
32. Other type of checks such as references (personal and employment) are not conducted on all employees.
33. Periodic updated training covering security awareness is not required
34. Personnel is not encouraged to report irregularities, suspicious activity and/or security violations
35. Reference checks are not conducted
36. Security guidelines for hiring are not evaluated periodically to ensure their effectiveness
37. Security procedures and periodic security checks related to personnel security are not documented and verifiable.
38. The control over distribution and inventory of employee ID badges and facility access keys/cards/codes is not restricted to a limited number of authorized employees
39. The facility does not have written personnel security guidelines for hiring
40. The facility has no process for examining and verifying an applicant's official identification
41. The facility has no process for interviewing applicants
42. The ID does not include a biometric indicator, i.e. a unique physical identifier such as a facial photograph or fingerprint
43. The issuance of employee identification is not centralized and controlled by a specific department
44. There are no procedures in place to retrieve IDs and/or deactivate access as needed
45. The security staff is not informed if missing IDs.
46. Training covering security awareness is not documented
47. Updated background checks on all employees are not conducted
48. Where restricted areas exist, guards do not check employees ID to monitor access to these areas
49. Written personnel security guidelines and requirements are not being applied to contracting temporary and part time employees
50. Written personnel security guidelines are not being evaluated on an annual basis
C. Physical Security
1. Access to the lighting switches is not restricted to authorized personnel only
2. Access to video monitors is not controlled
3. Areas near the cargo conveyances are not lighted
4. A visitors log which records entries and exits is not maintained
5. Broken seals are not reported
6. Broken seals are not reported to local authorities
7. Broken seals are not reported to management
8. Broken seals are not reported to security
9. CCTVs are not monitored
10. CCTVs are not monitored by guards or security personnel that have no other assignments
11. CCTVs are not monitored constantly on all shifts
12. Containers are not stored an adequate distance away from the perimeter walls/fence
13. Containers are not stored away from exterior building walls
14. Containers are not stored door-end to door-end
15. Containers are not stored in a designated container storage area
16. Conveyance drivers are not required to show a truck manifest upon entry and exit
17. Conveyance drivers are not required to show personal identification.
18. Copies are not kept of container seal numbers on incoming shipments
19. Copies are not kept of container seal numbers on outgoing shipments
20. Damaged seals are not immediately replaced on outgoing containers
21. Employee access is not limited to the relevant areas of responsibility
22. Employee parking lots are not located away from entrances and exits?
23. Employees are not observed by and/or subject to security inspection when entering the building
24. Employees' entries and exits are not monitored for suspicious activity
25. Employees' entries and exits are not recorded
26. Entrances/exits for the facility are not secured by gates
27. Entry/exit control points for employees are the same as for visitors, vendors, repairmen, etc.
28. Examinations of containers found with broken seals do not document other anomalies
29. Examinations of containers found with broken seals do not document overages/shortages
30. Examinations of containers found with broken seals or cargo hold locks are not documented
31. Facility buildings are not properly maintained and repaired
32. Facility does not have a back up power source for the alarm system
33. Facility does not have a designated security guard force
34. Facility does not have intrusion detection or an alarm system
35. Facility does not maintain an up-to-date list of names and addresses of all contractor, vendor, repairmen personnel
36. Facility has adjoining/overhanging structures or foliage which would potentially facilitate illicit entry over the fenced areas into the facility
37. Facility has no outside lighting
38. Facility's designated security guard force is not overseeing the facility 24 hours a day, 7 days a week (24/7)
39. For conveyance entries/exits, logs are not maintained with container number
40. For conveyance entries/exits, logs are not maintained with driver's name
41. For conveyance entries/exits, logs are not maintained with name of the guard
42. For conveyance entries/exits, logs are not maintained with records of manifest check
43. For conveyance entries/exits, logs are not maintained with seal number
44. For conveyance entries/exits, logs are not maintained with time and date of entry/exit
45. For conveyance entries/exits, logs are not maintained with truck license information
46. For damaged seals on outgoing containers, the new seal number is not recorded
47. Gates are not monitored by cameras during non-operating hours
48. Gates are not monitored by guards during non-operating hours
49. Gates are not monitored by patrolling guards during non-operating hours
50. Gates are not monitored during operating hours
51. Gates are not monitored during operating hours by cameras
52. Gates are not monitored during operating hours by guards at the gate
53. Gates are not monitored during operating hours by patrolling guards
54. Guards and/or security personnel do not have keys to facility gates
55. If allowed to enter facility area, vendor and visitor vehicles are not inspected
56. Incoming and outgoing cargo vehicles are not checked by an additional or separate process
57. In the cargo handling/packing areas there are no cameras for monitoring
58. Locking devices are not in working order
59. Locking devices are not used to limit access to controlled areas
60. Locking devices do not protect external doors
61. Locking devices do not protect internal doors
62. Locking devices do not protect the gates
63. Locking devices do not protect the windows
64. Locking devices, doors and windows are not inspected
65. No records are maintained of unannounced security checks related to physical security
66. Not all buildings in the facility are constructed of materials that prevent unlawful entry
67. Parking lots are not monitored
68. Parking lots for visitors and employees are not separated
69. Periodic refresher and/or update security training is not provided to security guards
70. Physical security procedures and checks are not documented and verifiable
71. Records of building infrastructure integrity (including inspection dates, reported damages, and completed repairs) are not being maintained
72. Regular inspections (e.g., daily, weekly, monthly), including checking for damages and/or repairs, are not being done on the perimeter of facility
73. Seal numbers are not recorded on incoming shipments
74. Seal numbers are not recorded on outgoing shipments
75. Seals are not inspected on incoming shipments
76. Seals are not inspected on outgoing shipments
77. Security guards are not uniformed
78. Security guards do not log incidents
79. Security guards do not report incidents to management personnel
80. Security guards do not report incidents to the appropriate local authorities
81. Shipping/receiving parking lots are not separated from all other parking lots
82. The activity inside/outside the facility is not monitored by closed circuit television cameras (CCTV)
83. The alarm system or intrusion detection system is not in tested regularly
84. The alarm system or intrusion detection system is not in working order
85. The company does not have direct communication to local law enforcement authorities
86. The company does not provide a threat awareness program to recognize and foster awareness of a security threat
87. The company does not require the use of visual identification for employee parking
88. The company does not require the use of visual identification for visitor parking (a coded parking sticker, tag, decal)
89. The container storage area is not surrounded by a secure fence or wall
90. The entire perimeter of the facility (including gates) is not lighted
91. The facility does not have security guards at all entrances and exits
92. The interior of buildings in the facility is not patrolled by guards
93. The lighting system does not have an emergency power source/generator
94. The perimeter barrier and gates are not properly maintained and repaired
95. The perimeter of the property is not secured
96. The placement of the cameras does not provide an adequate view of activities in relevant areas
97. There are no distribution records of the facility's access keys, codes and cards to employees
98. There are no procedures for detecting and reporting shortages and overages
99. There are no security measures in place to prevent tampering of goods during production
100. There are no security measures in place to prevent the introduction of foreign material(s) into the assembly area
101. There are no security measures in place to prevent the introduction of foreign material(s) into the packing area
102. There are no termination procedures in place to immediately terminate existing physical access when an individual terminates employment or transfers to another position
103. There are no written procedures implemented to periodically screen arriving packages and mail prior to distribution
104. There is no communication process in place between the central security office and the exterior guard posts
105. There is no individual responsible for distributing and maintaining keys/cards
106. There is no positive identification process for recording all visitors and vendors
107. There is no process in place to conduct periodic unannounced security checks to ensure that all security procedures related to physical security are being performed properly
108. The security guards do not receive specific security training
109. The security guards do not receive specific security training in recognizing internal conspiracy
110. The security guards do not receive specific security training in threat awareness
111. The security guards do not receive specific security training in unauthorized access
112. The staff is not provided with an up-to-date list of all personnel access privileges on a regular schedule
113. Underground access points, culverts, utility tunnels, sewers, etc. are no secured to prevent unauthorized access
114. Vehicles are not prohibited/prevented from parking near cargo conveyances
115. Vehicles are not prohibited/prevented from parking near the perimeter fencing
116. Vendors are not required advance information before visiting the facility premises
117. Video recordings are not maintained
118. Violations to the alarm system are not reported
119. Visitor ID badges are not controlled through a log of ID badges issued and returned
120. Visitor ID badges are not controlled through numbering/coding [to identify any missing badges]
121. Visitor parking lots are not located away from entrances and exits
122. Visitors and vendors are not escorted through the building by an authorized employee
123. Visitors are not monitored when accessing high security areas
124. Visitors are not required to wear temporary ID badges
125. Visitors are not subject to additional security controls
126. When an employee leaves the company, keys/cards are not returned or codes are not changed and a record is not maintained of these actions
127. When broken seals or cargo hold locks are discovered, there is no examination of the container's contents
128. When the container is turned over to the next supply chain link, the seal is not checked to ensure it is intact
129. When the container is turned over to the next supply chain link, the seal number is not verified against the accompanying documentation
D. Information Access Controls
1. Computer information backups are not stored at an off site facility
2. Computer information is not saved on a back-up system
3. Incidents of unauthorized IT system access are not investigated and recorded
4. Information Access control related security procedures and checks are not documented and verifiable
5. Information systems are not password protected
6. No records are maintained of unannounced security checks related to information access controls
7. Passwords are not subject to regular forced changes
8. Procedures for disciplining as appropriate IT system violators are not in place
9. Relevant employees are not provided with individually assigned IT System accounts
10. The company does not have procedures to adjust or rescind access to password regular forced changes
11. The facility does not have procedures for identifying which employees are allowed access to automated systems.
12. The facility does not have procedures for identifying which employees are allowed access to company documents
13. The facility does not have procedures for identifying which employees are allowed access to high security seals
14. The facility does not have procedures for identifying which employees are allowed access to shipping/cargo movement data
15. The facility does not have procedures for identifying which employees are allowed access to shipping data
16. The facility does not have procedures for identifying which employees are allowed access to shipping forms
17. The facility has not implemented firewalls into its network system
18. The facility has not implemented intrusion warning systems into its network system
19. There is no designated system administrator within the facility to set up the user IDs
20. There is no process in place to conduct periodic unannounced security checks to ensure that all security procedures related to information access controls are being performed properly
21. There is no process or plan to restore IT data in the case of a failure
22. There is no system in place to review periodically and maintain security logs for invalid password attempts and file access
23. There is no system in place to suspend a log in user ID after a certain number of failed access attempts
E. Shipment Information Controls
1. Information requirements for shipments are not automated
2. No records are maintained of outcomes of unannounced security checks related to shipment information controls
3. Records are not maintained on all shipments
4. Security procedures and checks related to shipment information controls are not documented and verifiable
5. The designated company representative responsible for providing accurate information on the company products to the carrier/broker/forwarder, has not been trained on the information requirements for shipments to the United States
6. There is no company representative responsible for providing accurate shipper, forwarder, and consignee information
7. There is no company representative responsible to provide timely advance information for shipments
8. There is no designated company representative responsible for providing accurate information on the company products to the broker/forwarder
9. There is no designated company representative responsible for providing accurate information on the company products to the carrier
10. There is no process in place to conduct periodic unannounced security checks to ensure that all security procedures related to shipment information controls are being performed properly
F. Storage & Distribution
1. Access to unused seals is not restricted to authorized employee(s) only
2. Cargo documents and packing slips are not prepared accurately, legible and complete
3. Cargo documents and packing slips are not prepared electronically
4. Cargo units are not identified, labeled, and weighed before loading
5. Dangerous cargo, including hazardous materials and munitions and explosives, are not secured and stored separately
6. Doors are not secured for stored containers
7. Doors for stored containers are not secured with high security seals
8. Facility does not have a documented policy which requires that high security seals meeting or exceeding PAS ISO 17712 standard must be affixed to all loaded containers bound for the US
9. Facility is not using ISO/PAS 17712 compliant seals
10. For pick-ups from multiple manufacturers, the facility does not require transportation providers to use secure locking devices for less than full load containers
11. High value cargo is not marked and stored separately
12. International and domestic cargo is not segregated
13. No records are maintained of outcomes of unannounced security checks related to storage and distribution security procedures
14. Not all containers and trucks are checked for tampering, false compartments, and other evidence of unauthorized access before loading
15. Partially loaded containers are not sealed
16. Records are not maintained to indicate when modifications have been made to container structure
17. Seal numbers are not verified at time of final sealing before departure
18. Security seals are not used on departing containers/cargo conveyances
19. Storage and distribution security procedures and checks are not documented and verifiable
20.The facility does not follow a recommended full 7-point inspection process
21. The facility does not keep records of seal numbers together with driver name
22. The facility does not keep records of seal numbers together with the container/cargo conveyance number
23. The facility does not keep records of seal numbers together with time and date of loading
24. The facility does not keep records of seal numbers together with truck license
25. The loading and departure of containers is not supervised by a security officer or other designated supervisor
26. The loading dock access is not restricted to authorized personnel only
27. There are no procedures for affixing, replacing, recording and tracking the seals placed on containers, trucks, and/or railcars
28. There are no procedures for tracking goods for shipment
29. There are no security controls in place to prevent the introduction of foreign materials at point of loading
30. There is no cargo verification procedure in place to prevent unmanifested cargo from being loaded
31. There is no one responsible for issuing and tracking seals
32. There is no process in place to conduct periodic unannounced security checks to ensure that all security procedures related to storage and distribution are being performed properly
33. There is no system in place to ensure the management is informed of all anomalies found in shipments and/or the accompanying documents
34. Trucks are not sealed after loading is complete
35. When necessary, dangerous cargo is not labeled
36. Written procedures to verify the integrity of container structure through inspection are not maintained
G. Contractor Controls
1. Contractor controls related security procedures and checks are not documented and verifiable
2. Contractors are not retained through legally binding contracts
3. Contractors that have access to sensitive areas do not undergo a background investigation
4. No records are maintained of outcomes of unannounced security checks related to contractor controls security procedures
5. The company or its designated third party auditor does not conduct on-site inspections of the contractors' implementation of related security standards/procedures
6. The facility does not have a procedure for contractors to report security violations to the company’s management
7. The facility does not have written security standards and procedures for its contractors
8. There is no process in place to conduct periodic unannounced security checks to ensure that all security procedures related to contractor controls are being performed properly
9. When selecting the contractors used by the company, the company does not consider the contractor's corporate history
10. When selecting the contractors used by the company, the company does not consider the contractor's financial stability
11. When selecting the contractors used by the company, the company does not consider the contractor's hiring practices
12. When selecting the contractors used by the company, the company does not consider the contractor's security controls
13. Where applicable, the company does not require C-TPAT enrollment of its contractors
H. Export Logistics
1. Export logistics related security procedures and checks are not documented and verifiable
2. In-country transport services do not employ security guards
3. In-country transport services do not require goods be transported within defined time-limits
4. In-country transport services do not track/record the times required for transportation
5. In-country transport services do not vary routes
6. No records are maintained of outcomes of unannounced security checks related to export logistics security procedures
7. The carrier does not have intermediate staging/rest period/layover of cargo conveyances prior to reaching the consolidation center/port/border
8. The facility does not have a procedure for in-country carriers to report security violations to facility’s management
9. There is no process in place to conduct periodic unannounced security checks to ensure that all security procedures related to export (carrier/ third party) logistics are being performed properly
10. When selecting carriers, the facility does not consider the carriers' corporate history
11. When selecting carriers, the facility does not consider the carriers' financial stability
12. When selecting carriers, the facility does not consider the carriers' security controls
