003 - Security Manual-DONE

SECURITY MANUAL

Overview:1. Introduction…………………………………………………………………………2. Customs Trade Partnership against Terrorism (C-TPAT)…………………….……3: Phased Security Standards for Factories……………………………………..4. How to use this Manual…………………………………………………………….6. Physical Security…………………………………………………………………..7. Access Controls…………………………………………………………………….8. Procedural Security…………………………………………………………………9. Personnel Security………………………………………………………………….10. Information technology……………………………………………………….…...11. Education and Training …………………………………………………………….12. Appendix of forms13: Employee Badge……………………………………………………….…...14: Restricted Area Access List……………………………………………….15: Key Log Form……………………………………………………………..16: Non-Business Hours Access List…………………………………………17: Visitor Log Form…………………………………………………………..18: Vehicle Log Form………………………………………………………….19: Transit Monitoring Log Form………………………………………….…..20: Written Application………………………………………………………... 21: Reference Check Log Form………………………………………………..22: Background Check Log Form………………………………………….…...23: Terminated Employee Checklist……………………………………….…..24: Training Attendee Sheet……………………………………………………25: Training Agenda……………………………………………………………26: Factory Security Policy Instructional Document…………………………..27: Appendix of Postersa. “No Parking for Private Vehicles”…………………………………………b. “Restricted Access for authorized personnel only”………………………..c. “This Facility is equipped with a video surveillance system. You are Subject to recording.”………………………………………………………d. “All visitors must sign the visitor log”……………………………………..e. “All employees and visitors and their belongings, including vehicles, areSubject to search”…………………………………………………………..f. “Truck Drivers and their helper cannot be in the loading area. They must wait in_________________ until the loading is complete”………g. “For security, call ________h. “No Trespassing”…………………………………………………………..

1

14. Appendix of Tables

1. Introduction Customs-Trade Partnership against Terrorism (C-TPAT)In response to the events of September 11, 2001, US Customs (now Customs and Border Protection [CBP] within the Department of Homeland Security [DHS]) introduced an anti-terrorism initiative named “Customs-Trade Partnership against Terrorism” (CTPAT). The initiative is a cooperative partnering of Customs and the trade community in the war against terrorism. Customs developed recommendations applicable to the various actors within the trade community that are designed to enhance security at US borders.

The program is open to U.S. Importers and logistics services providers, as well as a select group of foreign manufacturers. Currently, the program is not open to any of suppliers and factories, but there are plans to expand the program to include more foreign manufacturers in the future. will make suppliers aware of the opportunity to join CTPAT once it arises. It is strongly encourages its entire product and services providers to join this important security initiative.

4. Phased Security Standards for FactoriesPhysical Security

1. Doors must have adequate locks while all windows must have locks that prevent opening from outside. Windows and doors must be locked at all times when building is not occupied.

2. The packing and loading areas must be segregated from the rest of the factory in a way that is sufficient to provide secure access restriction.

3. International, domestic, and dangerous goods cargo must be marked and segregated within the warehouse of the factory by a safe, caged, fenced-in, or otherwise area.

4. Buildings must be constructed of durable and impenetrable materials such as cement, cinder block, or brick in order to prevent unlawful entry and to protect against outside intrusion.

5. All access points and ground floor windows must have adequate lighting min 800 lucks at all times of the day and night.

6. The parking lot must have lighting, and private vehicles are parked no closer than 10 meters to the shipping/loading dock areas.

7. The factory must have an internal communications system in place to contact security personnel and/or local law enforcement.

2

Access Controls

1. Employees must have a factory issued photo identification badge and this badge must be visible at all times while on factory grounds.

2. Visitors and vendors must present photo identification to be verified and logged by security personnel before receiving a visitor’s badge. The Visitor badges must be collected at the conclusion of the visit.

3. The facility must have procedures to verify the identity and authorize all persons entering the packing and loading areas.

4. Visitors and vendors must be monitored by an employee during their visit at the facility 5. The facility must have procedures in place to challenge unauthorized/unidentified persons 6. Employees must be physically checked and their identity must be verified by security personnel before being allowed onto factory grounds.

Procedural Security

1. A factory security guard must supervise the loading of merchandise into the vehicle/container destined to our consolidator/carrier/freight forwarder. For approved factory loads, the security officer is also responsible for inspecting the container prior to loading to verify that it is secure and empty. If abnormalities are discovered, management must review prior to releasing the freight.

2. The facility must have procedures to ensure the timely movement of finished goods from the factory to the carrier/consolidator/freight forwarder. If there is abnormality local law enforcement must be notified.

3. During the loading/unloading of cargo, the facility must have procedures to match the actual product count with the accompanying shipping documentation. Management must review any discrepancies before the shipment in question is released.

3

4. The factory must have procedures for verifying seals on containers, trailers, and railcars.

5. Truck drivers and their helpers are prohibited from actively participating in the loading of freight. For full container loads, drivers and their helpers are not allowed access to the loading area until the loading process is complete. However, the truck drivers are allowed a final inspection. 6. The factory must have formal, written procedures pertaining to their security procedures, incorporating all FMG security standards. 7. Loaded containers, which are not moved immediately, must be stored in a secure area. Unloaded containers must be stored in a secure manner. 8. The factory must notify local law enforcement agencies in the event illegal activities or suspicious behavior is suspected or detected.

Procedural Security

9. The factory must have verification procedures in place so that all shipments are properly labeled, marked, weighed, counted, and documented.

10. The factory must have procedures in place to maintain the integrity of data by preventing unauthorized personnel from making any unauthorized change.

Personnel Security1. The factory should conduct pre-employment screening of all prospective employees, including contract and temporary employees. All employees should complete an application to be maintained on file.

2. As a standard hiring procedure, a copy of the employee’s government issued identity document must be made. This applies to temporary workers as well.

Information Technology

1. The factory protects its IT system from illegal use and access through the use of firewalls, employee passwords, and anti-virus software.

2. The factory backs-up data on a regular basis

3. The factory has procedures so that employees change their passwords on a periodic basis.

4. The factory has policies to determine which employees is authorized access to its IT system

4

Education and Training

1. The factory must have a mandatory security program for its employees to cover recognizing internal conspiracies, maintaining product integrity, and challenging unauthorized access.

2. The factory must encourage active employee participation in its security procedures through the use of rewards, recognition, etc.

5. Physical Security

1. Doors must have adequate locks while all windows must have locks that prevent opening from outside. Windows and doors must be locked at all times when building is not occupied.

All exterior doors must be outfitted with functional locking devices.

All ground floor windows must be equipped with functional locking devices that prevent the window’s opening from the outside.

Alternately, window bars (see picture) or mesh wire may be used to secure windows.

Windows and doors must be locked when the building is not occupied.

Emergency exits should be equipped with an audible alarm that will alert security/management if they are opened. Alternatively, a factory can choose doors. With electronic locks that will unlock automatically when the fire alarm is triggered.

In order to guarantee a secondary exit without compromising security, panic bars are useful to satisfy both requirements.

5

Door hinges should always be on the inside of a door, not on its outside. If hinges are on the outside, they could be removed and the door could be opened without opening the lock.

A person should be charged with making sure those doors and windows are locked after the last employee leaves for the day.

As an added security practice, the person locking all doors can place a paper sticker over the door lock and initial on the sticker. This way, one can verify in the morning if the door has been unlocked overnight.

It is suggested that one door of the structure be a ‘lock-up door;’ i.e., this door is first opened and last closed, with all other doors locked from the interior with slide bolts, hasps, etc. The lock-up door should be secured by a deadbolt.

Any wooden exterior doors should be solid and at least 1 ¾ inches (4.445 cm) thick.

Sole key-in-knob and double cylinder locks shall never secure exterior doors.

If the facility relies on swipe key cards or other electronic locks, records of door openings should be maintained for at least 30 days

The packing and loading areas must be segregated from the rest of the factory in a way that is sufficient to provide secure access restriction. The packing area (definition: the areas where finished products are put into shipping cartons) and the loading area (definition: the area where shipping cartons are loaded onto the conveyance or container) must be secured in a manner thatAllows restricting access to these areas to authorized employees only. In other words, no one should be able to enter these restricted areas unless they have a legitimate reason (employees who work in these areas, security guards etc.)Required:

The packing area and loading area should be closed off to all transit activities. For example, if employees have to walk through the packing area to get from the ironing department to the cafeteria, then the factory management needs to find another way for employees from the ironing department to access the cafeteria. The same logic applies for the loading area. Oftentimes, employees walk by the loading area on their way to other buildings on the premises. Again, the zones need to be restricted against this kind of unauthorized foot-traffic.

6

Access restriction must be based on business need and job function. An office employee does not normally need to access to the loading area, and a sewing employee does not need to access the packing area etc.

Buyer understands that restricted access to the packing and loading areas can have a serious impact on a factory’s operations. For example, many factories have the packing area as the last step of the finishing department. Workers move back and forth between different elements of finishing (trimming, spot-removal, ironing, bagging, packing etc.). In these cases, restricted access to one element of the finishing department, namely packing, will impede the movement flow. Nonetheless, we have to make sure that the packing area is one of the most sensitive areas in terms of security. Only by restricting access to these areas, will factories by able to satisfy US Customs demands and meet the CT-Pat requirement.

It is the factory manager’s responsibility to determine which solution or combination of solutions (listed below) will best secure the packing and loading areas, without impeding the factory’s daily operations:

How this can be accomplished by

1: Issuing different colored badges to employees allowed in restricted areas. Security guard or supervisor to check badges and restrict access. This color coded system allows for easily identifying an employee in a restricted zone. For example an employee wearing a pink badge (which identifies ironing workers) should not be found in the cartooning area (where packing employees wear blue badges).

2: Issuing different colored badges to employees allowed in restricted areas. Controlled and monitored CCTV systems.

7

3: Temporary fencing (for small or shared loading areas). A supervisor should control and restrict access.4: Physical barriers (fence, door, gate, turnstile etc.). A supervisor or security guard should control and restrict access. Having a physical barrier that can be passed only by authorized employees (swipe card, key, access code, biometric etc.) is the most effective form of securing access.

SMALL FACTORIES:1: Packing: The packing areas should be in an area of the factory that is segregated and secure. All employees should be properly trained to pack and handle goods according to the facilities outlined security procedures.

2: Loading: A security guard or supervisor should monitor all loading activities. All employees should be properly trained to load and handle goods according to the facilities outlined security procedures. If the container is parked on a public area, employees should walk the cargo into the conveyance and not leave them stacked on the street.

3: All factory employees should wear badges that permit them to enter both the packing and loading areas, however a factory supervisor should be aware of the traffic through the areas in order to maintain security.

4: If the facility chooses to use temporary workers for packing and loading, it is imperative that a security guard or supervisor monitors their activities at all time in these areas.

Additional Security required.

By stationing a security guard or a supervisor in the area. This person must check employee’s badges to confirm that they work there or otherwise be able to visually distinguish employees that are authorized in these areas. If the factory elects to have a supervisor ensure that only employees working in the specific department enter the area, this additional responsibility must be included in the supervisor’s job function. While it is acceptable that the supervisor attends to

8

Additional duties while ensuring that only authorized employees are in these areas, he or she must be aware of the additional responsibility related to restricting access to these areas to authorized employees only.

By posting signs with the name and picture of the supervisor in the packing and loading areas.

By posting the number of employees that work in the packing loading department allows a security guard or supervisor who is entering the workstation or monitoring the area through cameras, to easily identify when there are unauthorized individuals present.

The packing (cartooning) area should be segregated from the work floor by means of a physical barrier. For example, packing could take place behind a mesh wire fence or in a separate room that is accessible only to employees working there.

The loading area should allow for access restriction. For example, the loading area can be secured with fencing.

Signs stating “Restricted Zone. Access for authorized personnel only” should be posted.

Security/management should have access lists for each individual restricted area these lists should be checked monthly to ensure they remain updated.

3. International, domestic, and dangerous goods & cargo must be marked and segregated within the warehouse of the factory by a safe, caged, fenced-in, or otherwise controlled area required:

Dangerous goods/hazardous materials must be marked and segregated within the warehouse. Access to the hazardous materials storage area must be restricted. If necessary, hazardous materials require secondary containment.

International cargo must be segregated from domestic cargo and marked as such.

Segregation of goods must be in form of a physical barrier or other appropriate means of separation. Suitable examples are: a separate room, a fence, a room divider, or a demarcated area that is under supervision of security guard or CCTV.

Access to the warehouse should be restricted to authorized personnel only. Entry and exit of persons should be monitored.

The factory should segregate all merchandise from other merchandise within its warehouse. It is preferred that such segregation is not merely a demarcation (for example lines pained on the floor), but in form of a physical barrier (a separate room, vault, fenced in area).

9

4. Buildings must be constructed of durable and impenetrable materials such as cement, cinder block, or brick in order to prevent unlawful entry and to protect against outside intrusion.

Each individual building must have a structural perimeter barrier; i.e. a medium that defines the physical limits of the building.

Production buildings and warehouses must be constructed of durable and impenetrable materials, which include, but are not limited to: Cement, Wood, Cinder Block, Metal and Brick

The only openings in such buildings are: Doors, Windows, Vents, Cargo gates etc.Corrugated plastic sheeting (see picture) may only be used as a roof, not as a sidewall.

Additional Security Suggestions.

Openings, such as vents and utility holes greater than 96 square inches (.06194 m2), through which unauthorized entry may be gained should be blocked/covered as necessary. Air conditioners and vent covers should be secured to the structure.

When considering renovations to existing buildings and constructions of new buildings, security should be an aspect to be taken into account when planning the structure.

5. All access points and ground floor windows must have adequate lighting (minimum of 10 foot candles) at all times of the day and night.

This rule applies to all access points of the facility—doors, windows, vents, cargo gates/dock door etc.Instead of applying a light fixture above each entry point, a factory could chose floodlights that are pointed at the building exterior and illuminate the entire complex.

During daylight hours, sunlight may be sufficient, depending on construction type and/or vegetation. For example if buildings are built so close to each other that little or no natural light can filter down, lights must be turned on. The same applies to vegetation: If trees filter out natural light, artificial lighting must be used to create adequate light conditions. Lights must be turned on in inclement weather.

In certain regions, several factories may share a building. In these cases, the doors to the individual factory are considered access points. They could for example be in a hallway.

LEFT: Entry point to factory in a hallway—adequately illuminated.

RIGHT: Entry point to a facility in a hallway—too dark.

10

Additional Security Suggestions:

Use a light meter to obtain foot-candle reading.

Best illumination standards are floodlights that provide daylight conditions without shadows.

The lighting system should be checked by security guards on patrol on a daily basis and maintained professionally on a semi-annual basis. Maintenance records should be maintained.

Interior lights should be kept on a 24 hours a day, 7 days a week basis.2

this acts as a deterrent and allows better CCTV recording.

6. The parking lot must have lighting, and private vehicles are parked no closer than 10 meters to the shipping/loading dock areas.

The parking lot must be illuminated.

If the factory premises are too small to establish a 10-meter no parking zone around the loading gates, an alternative solution is to remove all private vehicles from the premises whenever loading or unloading takes place. At small facilities, this is usually not on a daily basis, thus disruption should be minimal.

If the factory premises are too small to establish a 10 meter no parking zone around the loading gates and removing private vehicles from the premises during loading and unloading activities is not feasible, the factory can also use portable fences (as used on construction sites) and establish a secure perimeter around the loading area.

Portable fences/ barricades (see picture below) can also be used to make the loading area Secure when the loading gate is shared with other facilities in the same building. Fences can be erected temporarily while loading activities take place to ensure that no UN manifested material can be loaded.

11

SMALL FACTORIES:

O Parking: If the loading and unloading takes place on a public street or in a public parking area, it is not necessary to move the cars. However, a security guard or trained supervisor should monitor all loading activities.

O Private Parking Area: If possible, cars should be moved during loading and unloading. At all other times cars may be parked near the loading area, but access should be restricted to Authorized persons only.

O Public Parking or Street Loading: If the conveyance is parked on a public area, employees should walk the cargo into the conveyance and not leave them stacked on the street.

ABOVE: Portable fencing

LEFT: A private vehicle is parked less than 10 meters from the loading dock.

RIGHT: No private vehicles are parked near the loading dock.

Factories should use floodlights to illuminate the parking lot.

It is best to paint “No Parking for private vehicles” on the ground in a 10-meter zone from the loading gates.Signs stating “No parking for private vehicles” should be attached to walls.

LEFT: Floodlights

The factory must have an internal communications system in place to contact security personnel and/or local law enforcement.

Employees must be made aware of how to reach security personnel. Posters should be posted throughout the work floor and in other areas of the factories premises.

The factory must have a means of communication on the premises that is accessible by at least one person present at all times. For example, if there is only one phone on the premises, in the manager’s office, which is locked

12

after the manager leaves, at least one person of those that stay longer must have a key to the office.Acceptable communication devices:I. To reach internal security personnel:1. Face-to-face communication2. Walkie-talkies/ Radios3. Emergency buttons4. Intercom5. Regular phones6. Mobile phonesii. To reach local law enforcement:1. Regular phones2. Mobile phones3. Radios4. Communication system connected directly to local police station

Additional Security Suggestions

Ideal alarm systems are the ones that automatically alert a third-party security provider or local law enforcement if security has been breached. It is recommended that such alarm systems are equipped with wireless back up to ensure that they function even if main telephone lines have been compromised.

The communications system should be functional even under hardened circumstances. For example, facilities should have several “old-fashioned” phones that do not rely on electric power to function. Facilities should have back-up batteries for prolonged use of walkie-talkie and mobile phones.

A factory should have a back-up communication system in case the primary system fails due to a mechanical problem (power outage) or from manipulation (clipped phone lines).

The functionality of the communications system should be tested on a daily basis and professionally maintained on a semi-annual basis. Maintenance records should be maintained

Additional Security Suggestions for “Physical Security” Location:

When considering opening a new production site, the following should be taken into account when searching for a location:

Response time: How far is the site from the nearest police station/ private security service?Area crime rate: If possible, obtain statistics from police station or ask other businesses in the area.Access to transit systems: Are the roadways leading to major roads or ports considered safe?

Neighboring businesses: what types of businesses are in this area?

13

Is there a chance for cooperating in security matters?

The facility perimeter should be surrounded by a fence or wall.

The facility’s perimeter should be cleared of vegetation and debris that could be used to breach fences.

“No trespassing” signs should be posted at regular intervals along the fence/wall.

Routine security patrols of the perimeter, at alternating times, combined with surveillance, anti-intrusion devices and lighting are recommended.

Fencing should be 8 feet (2.4 m) high and, if not constructed of solid material, use at least 9-guage galvanized steel of 2 inch (5.08 cm) wide chain link construction topped with an additional 2 foot (0.61 m) barbed wire outrigger consisting of 3 strands of 9-guage galvanized barbed wire at a 45-degree outward angle above the fence. The bottom of the fence should beNo more than 2 inches (5.08 cm) from the ground.

Security Equipment:

The factory should be equipped with an anti-intrusion alarm system

All access points (doors, windows, dock door etc.) should be connected to the alarm system. Motion detection devices should be activated in sensitive areas (packing area, warehouse) after business hours.

The alarm system should have back-up power (for power loss or failure) and wireless backup (for telecommunication system failure). It should connect to either local law enforcement or to a private security company.

Access to the control room and the alarm system itself should be highly and selectively restricted.

The alarm system should be tested internally on a weekly basis and professionally maintained on a semi-annual basis. Maintenance records are to be maintained.

Alarm codes must be secure. When an employee who has knowledge of any alarm codes is terminated, the codes must be changed. This act should be recorded in the “Terminated Employee Checklist”

Detailed records of alarms (even accidental triggering) should be maintained for at least 60 days.

14

Closed Circuit Television System/ Surveillance Cameras.

As an added security measure, the factory building and its perimeter should be outfitted with security cameras feeding real-time pictures to a control room where pictures are monitored by a guard and recorded by a recording device.

Such tapes should be maintained in a secure location for at least 30 days

All CCTV images should be recorded in real time and no more than 16 cameras should be recorded per disk or tape. If the facility uses a VCR, there should be no more than 12 hours of images on one tape.

There should be a quarterly preventive maintenance of equipment (alarms and video cameras). Records of this maintenance should be kept on file.6

Sophisticated cameras can record even without adequate lighting.

However, most models depend on adequate illumination in order to deliver a clear picture. Thus, illumination must be considered when installing cameras.

If you consider buying a new CCTV system, opt for a color rendition system.

15

Cameras are a very useful tool to monitor and record access to restricted areas (warehouses, packing area, loading area).

By posting the number of employees that work in the packing loading department allows a security guard or supervisor who is entering the workstation or monitoring the area through cameras, to easily identify when there are unauthorized individuals present.

The security staff member monitoring the cameras should consistently evaluate the activity within restricted areas. If suspicious activity occurs or there is an unaccounted overage in employees, the security staff member should notify either the factory manager or local law Enforcement."

Key controls:

i. When keys are given to employees, this act should be noted in a key logbook

ii. Keys must be returned when an employee is terminated. If a key is not returned, the locks must be changed.

iii. High-security keys (keys that cannot be duplicated) should be used.

Security personnel:

The factory should have security personnel to patrol the grounds and ensure the physical security of the premises.

o Management can verify that security personnel is indeed going on regular rounds of the premises by using a DETEX style watchmen’s clock system, which allows for recording when a security guard was at a given point. Detex devices can be obtained from a variety of companies such as

o If security personnel are not feasible (high personnel costs, small size of factory), a member of the factory should be designated as person in charge of security. This person should receive special training

7. Access Controls

16

Employees must have a factory issued photo identification badge and this badge must be visible at all times while on factory grounds.

At a minimum, employees must be issued a cardboard badge, which bears their name, department, and photo.

Employees must be told during orientation to wear the badge at all times while on the on the premises.

The facility should have procedures in place to remove identification, facility, and system access for terminated employees (badges, keycards, etc.) ABOVE: Examples of acceptable employee badges

Additional Security Suggestions: Examples of Visitor’s badges:

While “homemade” cardboard badges are acceptable. It is recommend laminated plastic badges, as bearing company logos etc. as those are more difficult to forge.

Many companies chose to combine identification badges with timekeeping purposes, making employees swipe their machine-readable badges to record their time-in and time-out.

It is best to have badges issued in different colors to identify different employment status (permanent versus temporary employee), different positions (senior staff versus workers) and different workstations (packing versus sewing). This color-coded system allows for easily identifying an employee in a restricted zone. For example an employee wearing a pink badge (which identifies ironing workers) should not be found in the cartooning area (where packing employees wear blue badges).

Employees should be informed to take good care of their badge and never to lend their badge to anyone. They must report a lost or stolen badge to security.

Visitors and vendors must present photo identification to be verified and logged by security personnel before receiving a visitor’s badge.

All non–employees wishing to gain access to the premises, must present an identification document (driver’s license, national identity card, passport, etc.)

This document is to be verified by the security guard/receptionist.

After their identity has been verified, visitors must sign the visitor’s log.

Visitors must receive a visitor’s badge to display at all times while on the factory premises. The badge has to be visually different (e.g. different color) from the employee badges.

17

Company management or security personnel must control the issuance and removal of employee, visitor and vendor identification badges.

Additional Security Suggestions (Standard 2):

The identity and company affiliation of visitors, vendors, contractors etc. can be verified by calling their company.

Visitor’s logs should be kept in a secure location for at least 6 months.

A poster stating, “All visitors must sign the visitor’s log”, should be posted in the reception area.

The best types of visitor’s badges are:

Personalized badges that are printed out on stickers for the visitor, bearing his/her name and the date of the visit. These stickers do not have to be returned.

Reusable visitor’s badges, specific to the company (and difficult to forge). These badges have numbers and the number of the badge issued to the visitor is logged on the visitor’s log. The badge must be returned at the end of the visit.

Visitor’s badges can also be used to classify visitors into different groups. For example, some visitor badges could be colored red and bear “Must be escorted”, indicating that this visitor must be escorted at all times, and other passes could be colored green, meaning that this visitor does not have to be escorted at all times.

3. The facility must have procedures to verify the identity and authorize allPersons entering the packing and loading areas

Sample Procedures: A security guard must be stationed at the access point to the packing area at all times during business hours (the access point is to be locked during non-business hours).

The guard is to verify that each employee attempting to enter the packing area is indeed wearing an employee badge, which identifies him/her as a packing area employee. A security guard must be stationed at the access point to the loading area at all times during business hours (the access

18

Point is to be locked during non-business hours).

The guard is to verify that each employee attempting to enter the loading area is indeed wearing an employee badge, which identifies him/her as a loading area employee.

A company employee must monitor the visitor throughout the visit. The degree of monitoring should be determined by the type of visitor. For example, a QC person who has been visiting this facility for several years several times per months, needs less monitoring than a person who is a potential buyer and who has never been at this facility (the latter should be escorted at all times).

All security personnel should be notified when a visitor is on factory grounds. The supervisors in the areas where the visitor will be accessing should also be notified. In addition, if no one is assigned to escort the visitor the supervisor in that area of the facility is responsible for monitoring the visitor (keeping an eye on them).The head security person and/or supervisor responsible for the visitor should know where that person is at all times, while they are on factory grounds. All visitors should be escorted and monitored in restricted areas by an individual that is authorized to access that area.

It is best to escort all visitors at all times.

If a visitor is not escorted at all times and the facility is equipped with a CCTV system, the person monitoring the CCTV system should be alerted to the visitor’s presence so that the CCTV monitor can keep “an eye” on the visitor. Security guards should also be alerted for the same reason.

The facility must have procedures in place to challenge unauthorized/ unidentified persons Required:

The factory must establish in writing how to deal with unidentified/unauthorized persons on the premises in general and in restricted areas in particular.

Sample Procedures: If an unauthorized or unidentified person is discovered on the premises or in a restricted area, Security or Management must be notified immediately. The unidentified person(s) must be detained and questioned. An investigation is to follow, and if necessary, law enforcement has to be notified. An incident report must be written and the breach of security and corrective action must be addressed.


There should be different procedures for different circumstances:19

An unidentified person in a non-restricted zone on the premises during business hours

An unidentified person in a non-restricted zone on the premises during non business hours

An unauthorized employee in a non-restricted zone on the premises during non-business hours

An unauthorized visitor in a restricted area

An unauthorized employee in a restricted area

6. Employees must be physically checked and their identity must be verified by security personnel before being allowed onto factory grounds

Required:Each and every employee entering the premises must be verified. The following areDifferent options:

Security guard or a management representative is stationed at the access point toThe premises and checks each employee’s badge._

Employees can use swipe cards to access the premises.

Employees have a key/keycard/code to open an access point.

Access is remotely controlled via CCTV and Intercom. Employees ring a doorbell and identify themselves orally via Intercom. Their identity is verified physically via CCTV.

Employees are registered in a biometric access control system (iris scan, hand scan etc.) which needs to be passed on order to gain access to the premises).

ABOVE: Biometric access control solutions


The factory should have access control procedures in place. There should be one set of procedures used for regular business hours and a separate set used for after business hours.

Access for non-business hours should be restricted. A facility should either establish procedures on what positions can have access (senior management, office employees etc.) or what persons (by drawing up a list of pre approved names). Anyone entering the facility after hours should sign in with the guard

20

8. Procedural Security Container loading

1. A factory security guard must supervise the loading of merchandise into the vehicle/container destined to our consolidator/carrier/freight forwarder. For approved factory loads, the security officer is also responsible for inspecting the container prior toLoading to verify that it is secure and empty. If abnormalities are discovered, management must review prior to releasing the freight

Required:For transport to the consolidator’s premises:

A security guard or a senior manager must supervise the loading of finished goods into the vehicle.

The security guard or senior manager may not help with the loading; his or her sole duty must be to observe and supervise the loading process.

For approved factory loads:

In addition to the supervision duties as outlined above, a security guard or senior manager must examine the container to check for hidden compartments and for structural serviceability prior to loading, following these guidelines:

Areas of inspection:Front wallLeft side/ Right sideFloor/ Ceiling/ RoofInside/ Outside doorsOutside/ Undercarriage

21

Container Check list before loading

Hidden Compartments:

1: Check for the odor of fresh paint, burnt wood, or body filler.

2: Check for sign of fresh paint, welding burns, and variances in wall texture.

3: Structural Serviceability: Check for cracks in the front and rear corner posts.

4: Check to see if the panels are holed cut, torn or cracked; missing loose parts or fasteners

5: Perform the Light Leak Test for the interior: Check for light penetration through defects in door gaskets, holes, damaged welds, damaged or separated floor boards, and loose or missing fasteners. This inspection is performed from the interior with the doors completely closed and secured.

6: On the door end, inspect the locking bars (rods), including brackets, guides, and cams, and look for any deformation such as a bend, bow, dent, etc. that impairs door operation or secure closure.

7: On the understructure, inspect the cross members, outriggers and attachments for holes.

8: On the understructure, inspect floorboards, panels or planks for tears, cracks, or cuts.

If any abnormalities related to the container are discovered, management must review these, prior to releasing the freight.

If the container is not empty or not structurally safe, a new container must be requested and the questionable container may not be used to transport merchandise.

Factories should require that empty containers be sealed before they leave the consolidator’s/shipping lines depot en route to the factory. The factory should verify that the seal (number) is still the same as the seal (number) that was originally applied.

Container Inspection Guidelines from the Carrier Initiative Program:

o False Front Walls: When examining a normal front wall of a dry van container, both corner blocks and the corrugation between the marking panels and the front wall are visible. False walls have been detected where

22

the smuggler has manufactured corner blocks but the false wall was flush against the marking panel. The false wall may be of the same type of corrugated metal as the legitimate front wall. Inspectors need to look for signs of alteration such as: fresh paint, welding burns on either the interior or exterior of the container wall, variances in wall texture or lack of corrugation, the odor of fresh paint, burnt wood or body filler.


LEFT: A false wall is being removed

1: False Floors: The floors in unaltered containers are normally flush with the front door frame. If the floorboards protrude above the level of the frame or appear new, not level or slanting upward toward the front wall of the container, a possible false floor may exist. Another method of detecting a false floor is to reach for the ceiling of the container upon entering and then walk towards the front wall. A change in height or the ability to touch the ceiling should be evident if the floor has been altered.

2: False Ceilings: The construction of a false ceiling may be either internal or external. The external false ceiling, or false roof, can be detected by observing the distance between the top of the corner block and the top of the roof. Normally, the roof is slightly below or flush with the top of the corner blocks. If the roof is above the corner blocks, then a false roof is possible. An internally constructed false ceiling can be detected by reaching for the ceiling. When a false ceiling – or floor – exists, a change in height or the ability to touch the roof should be noticed. Other signs to look for are: fresh paint, obscured corner blocks, welding burns, etc.

3: Container Frames: Container frames that are used to conceal contraband are the most difficult to detect. In the absence of other signs, the only way to detect concealment is by drilling the frame and probing.

2. The facility must have procedures to ensure the timely movement of finished goods from the factory to the carrier/consolidator/freight forwarder. If there are abnormalities, FMG and local law enforcement must be notified

The factory can choose between several ways of fulfilling this requirement:

1: They may elect to have a factory representative accompany the shipment to the consolidator by riding along with the driver on the truck.

2: They may elect to monitor the movement of goods by calling the destination (consolidator or port) after the amount of time that one could

23

reasonably expect the transit to take and verify whether the vehicle has arrived. If this is not the case, and the transport arrives late, the driver must be questioned as to possible reasons such as inclement weather, heavy traffic, accidents,Mechanical failures etc. All communication must be tracked on the monitoring logbook

Sample procedures “Escort”: No shipment or merchandise may leave the premises without a factory representative escorting the goods and driving along in the cabin of the truck. The factory representative must be either a member of the security personnel or management. The factory representative is to be equipped with a communication device such as a mobile phone and is to be instructed to contact the factory in case of any problems.

Sample procedures “Remote Monitoring”: Security/ Management must monitor the movement of goods to the next link in the supply chain by contacting this entity and enquiring about the timely arrival of the conveyance. Inquiries and results must be noted in the monitoring logbook.


Factories should require that their truckloads do not pick up additional shipments at other factories in route to the consolidator.

If a factory has its own fleet of vehicles and employs the drivers directly; it should issue mobile phones to the drivers, so that drivers can call for help if necessary without abandoning the vehicle.

If a factory has its own fleet of vehicles; it should consider outfitting the vehicles with GPS technology to be able to track the vehicles in transit.

If the factory has its own fleet of vehicles; it should always use hard-sided, hard top trucks for transporting

9: During the loading/unloading of cargo, the facility must have procedures to match the actual product count with the accompanying shipping documentation. Management must review any discrepancies before the shipment in question is released

A supervisor must observe all loading and unloading activities in order to ensure that the actual product count is exactly the same as reflected on the shipping papers.

When products are being unloaded and the count does not match, the source of those products must be notified and the products may not be introduced into the factory’s stock until management has reviewed the discrepancies and determined that they are not suspicious.

24

Sample Procedures: Whenever cargo is unloaded or loaded, quantities must be counted and cross-referenced with the relevant documentation. Management must review any discrepancies.

13: In case of shortages and overages, an investigation into causes must follow. The investigation and its results should be documented.

A factory should have all product counts conducted by at least 2 persons to ensure accuracy.

Loading checklist is another tool to ensure product count accuracy.

The supervisor should sign the Bill of Lading after loading/unloading, and mark the product count next to his/her signature.


Seal Procedure:

The factory must have procedures for verifying seals on containers, trailers, and railcars

For incoming raw materials: The factory must verify that the seal is intact and that the seal number matches the number stated on the Bill of Lading. If the seal has been broken, security has been breached. The only exception would be if the seal had been broken for valid inspection purposes (customs officials, police) and if the officials would have noted this inspection on the

Bill of Lading.For outgoing materials: o Full container Loads: For FMG approved factory loads follow the sealing practices as prescribed by Buyer o For non-factory loads (freight being transported to the consolidator for containerization): If your land carrier provides a hard-sided, hard-top or boxed truck (see picture), then proper sealing procedures must be followed.

ABOVE: Hard-sided, Hard-top or boxed trucksSample Procedures: In case of factory loads, seals must be placed on the fully loaded container. The seal number must be recorded onto the Bill of Lading. The driver is to be provided with an additional seal. If the original seal is broken in transit (by a government official), the authority (Police or

25

Customs) that demanded access to the container must note/mark this on the Bill of Lading. The driver is then to apply the spare seal on the container and record the new seal number on the Bill of Lading. In case of transport of boxed trucks or vans the same procedures apply.

When choosing seals, keep the following in mind:

The easiest to break and tamper with are indicative seals, which have the sole purpose of providing information if a container or truck doors have been opened at a certain stage of the journey.The next group is barrier seals of many grades and various shapes, such as steel bolts, cables and flat metal strips. These seals cannot be ripped off bare handed by an impulsive burglar, nor twisted off using a small crowbar, screwdriver or similar tool. Barrier seals provide good evidence if container doors have been opened between the shipping point and the final destination check. These seals also require heavier tools to be removed or cut off and the most common one used and capable to do it are the double lever shears. It is quite easy to get hold of such a tool and for a professional burglar it takes only seconds to cut those barrier seals and get access into the container or truck, without causing any noise, or involving excess time or effort.

To provide real tamper evidence, seals on containers and trucks must be applied on the door rods, in order to unite those and not to enable opening without breaking the seal. Such sealing is achieved by the use of long type cable seals or interlocking bars. There are many types of cable seals on the market, which provide this solution, and all are classified as barrier seals, because cables cannot be defeated easily and to be removed, tools are required. However such tools arealso easily available and concealable by thieves, therefore cable seals applied on the door rods provide tamper evidence, but are not a real physical deterrent to prevent cargo theft.

Interlocking solid steel bars which join firmly the inner rods of a container or truck doors are a class by themselves and those accepted by customs as High Security seals are not only seals but also provide strong physical prevention.

Truck drivers and their helpers are prohibited from actively participating in the loading of freight. For full container loads, drivers and their helpers are not allowed access to the loading area until the loading process is complete. However, the truck drivers are allowed a final inspection.

Required:

For less than container loads:

26

o Truck Drivers and their helpers may be present during loading, but they cannot actively participate in the loading process (i.e. by moving shipping cartons)

o Truck drivers and their helpers may advice the factory loaders on how to most efficiently load the conveyance.o They are allowed a product count/inspection.

For full container loads:o Truck drivers and their helpers are not permitted in the loading zone while loading activities take place.o They are allowed a final visual inspection before the container is being locked and sealed.

Additional Security Suggestions (Standard): For less than container loads:o The loading supervisor should remind drivers and their helpers that they may not be helping in the loading process. For full container loads:o The factory should designate a waiting area for truck drivers (canteen, reception area etc.)o The factory should post signs, reminding truck drivers that they cannot be in the loading area

Security Policy Instructional Docume n t provides an idea of different points to consider for a security policy. Every factory must develop an individual security policy to match the factory’s specific requirements. When drafting their security policy, a factory must ensure that all points of the CT-Pat Security Standards for Factories are addressed.

Security Standards for Factories. Written procedures are a very useful means of achieving efficient and consistent practices. They allow for easy training of new hires and provide a useful reference tool in emergency situations when there may not be time to devise a plan.

Other areas that should be addressed by a security policy are:o What to do in case of bomb threats?o What to do in case of political unrest/ riots?

27

o How to secure a potential crime scene until law enforcement arrives?o How to communicate quickly and effectively with suppliers and buyers in aCrisis situation?o Etc.

7. Loaded containers, which are not moved immediately, must be stored ina secure area. Unloaded containers must be stored in a secure manner.

Required: Loaded containers must be stored on the factory premises, which have to be surrounded by a fence or wall. If this is not possible, loaded containers must be stored in another secured (fenced in) lot. If this is not possible, they may be stored on public premises, only if they are guarded at all times.

Whenever loaded containers are stored; they have to be locked and sealed.

Empty container must be stored in a secure manner, i.e. they can be stored either on a secure area on the premises, or, if that is not feasible they can be stored off the grounds, provided they are secured by seals.

Loaded and unloaded containers should be stored door-to-door or with the door facing a wall in order to prevent access.

Both loaded and unloaded containers should be sealed prior to being stored.

8. The factory must notify local law enforcement agencies in the event illegal activities or suspicious behavior is suspected or detected

Required:The facility must notify law enforcement if illegal activities are suspected or detected.The facility must notify law enforcement if an employee is found involved in an illegal activity that could potentially compromise the security of merchandise.The facility must notify law enforcement if an unauthorized person is found in a restricted area and no satisfying explanation can be given.The factory should keep track of any incident where law enforcement was involved.The factory should communicate any security breaches in regards to merchandise.

The factory must have verification procedures in place so that all shipments are properly labeled, marked, weighed, counted, and documented.

Required:The factory must establish in writing who is authorized to complete and/or sign shipping documents.Sample Procedures: Only the shipping supervisor or Management are authorized to make minor (less than +/- 5%) quantity changes in shipping

28

documents If major (more than +/- 5%) changes are required, authorized office staff must make these changes and a new form must bePrinted.

It is recommended that all changes, no matter how small, result in a new document being printed.

The factory should clearly identify which positions may make changes onto shipping documents (supervisors, controller etc.) and who may not (regular loading employees etc.)

The factory should not accept any deliveries without an advance appointment

The factory should have procedures and practices in place to monitor any subcontractors they may have to ensure that all subcontractors implement be notified if subcontractors are to be used for the production of any its merchandise. Factories may not work with unauthorized subcontractors.

The factory should have procedures on screening mail. For example: Mail and packages are to be delivered only to the security guard in the gatehouse. Before passing the mail along to the office, the security guard is to do a preliminary check to ensure that mail and packages do not contain any explosive or chemical/biological agents. The following are indicators of suspicious mail (but they do not necessarily mean that the mail or package in question is dangerous):

o Foreign mail, airmail and special delivery. _o Restrictive markings, such as confidential, personal, etc.o Excessive postage. (Usually stamps - not meter strips).o Handwritten or poorly typed addresses.o Incorrect titles.o Titles, but no names.o Misspellings of common words.o Oily stains or discoloration.o No return address.o Excessive weight.o Rigid envelope.o Lopsided or uneven envelope.o Protruding wires or tinfoil.o Excessive security materials, such as masking tape, string, etc.o Visual distractions.9o Unknown powered substance on outside of itemo Ticking soundo A city or state in the postmark that does not match the return

Personnel Security

29

1. The factory should conduct pre-employment screening of all prospective employees, including contract and temporary employees. All employees should complete an application to be maintained on file. Required:Each candidate must complete a written application.

The application should be maintained in the employee’s file.

The hiring manager or another senior company official must interview the candidate

All files should be maintained for 3-6 following the termination of employment

Management should track all employees’ “START DATE” and “END DATE” at the facility, especially for temporary workers.

The hiring manager or another senior company official should interview the candidate

The hiring manager or another senior company official should conduct a reference check on the candidate and record his/her findings in writing.

The hiring manager or another senior company official should verify that the information on the application is accurate

If possible, the hiring manager or another senior official must conduct a background check on the candidate, must be recorded, for example on the background check form. The background check may be outsourced to third party investigation companies.

Upon hire, fingerprints of employees should be made. Not only will they act as a deterrent, but they will also be useful for criminal background checks and in case of future investigations, should any incidents occur at the factory.

Upon hire, employees should submit 2 recent pictures, or the factory should take pictures. The pictures are to be maintained in the employee file. Again, this practice acts as a deterrent and will facilitate investigations should an incident ever occur.

If imported workers are hired, they should only be hired through companies that conduct background checks on the workers in their homeland.

Factories should vary their hiring procedures according to a person’s job functions. For certain employees who have special access (IT managers, security guards etc.) more stringent hiring procedures should be used.

30

If a background check or reference check reveals negative information on the candidate, the offer for employment may have to be withdrawn.

Temporary Employees :

Temporary employees should undergo the same hiring practices as other employees, which includes; filling out an application and providing a copy of their photo identification.

If temporary employees are hired through an agency the facility should request the agency provide a statement explaining their hiring practices, to ensure they are compliant with security standard.

Management should track all employees’ “START DATE” and “END DATE” at the facility, especially for temporary workers.

The hiring manager must make a copy of the employee’s official identification document. For a list of approved identification documents per country law requirement.

The copy is to be kept in the employee’s file.

This rule applies to all persons on the company’s payroll, including temporary workers.

For special employees, such as security guards, a copy of their licenses, certifications, training records etc. should also be made and maintained in the employee file.

The validity of the identification document should be verified with the agency that supposedly issued the document.

“Personnel Security”:The factory should conduct internal audits of its hiring practices. A senior management representative should periodically check employee files for completeness and accuracy. Results of such internal audits should be recorded and maintained. If internal audits reveal deficiencies, the facility should address those by implementing corrective actions.

31

10. Information Technology

1. The factory protects its IT system from illegal use and access through the use of firewalls, employee passwords, and anti-virus software.

The factory must use anti-virus software and a firewall to protect its IT system

The factory must require login/password combinations to access its IT system. Additional

The following security measures are also recommended:

Locked key server environment: The physical protection of the server and equipment. It should be stored behind a locked door.128-bit encryption: The highest level of protection possible for one’s Internet communications and transactions. Encryption electronically scrambles information to minimize the risk that outside parties can view or alter that information when it is Transmitted.

Public Key Infrastructure (PKI): Method to protect confidential / secret electronic message sent over the Internet. The message sender holds the private key, and may distribute the public key to those who will receive the message. The receiver uses the public key to decrypt the message. _

Virtual Private Network: This method encrypts or scrambles all your network communications in an effort to provide security to the network and ensures privacy.

2. The factory backs-up data on a regular basis

The factory must back up data in order to ensure that records still exist even if the main IT system is disabled (virus attack, fire at the factory etc.).

Data can be backed up in a variety of means, ranging from less sophisticated methods such as floppy disk or CD-Rom to more sophisticated means such as an off-site backup server.

32

Computer systems that create or update mission critical data on a daily basis should to be backed up on a daily basis.

All software, whether purchased or created, should to be protected by at least one full backup.

System data should be backed up with at least one generation per month.

All application data should be protected by weekly full backup using the three generationprinciple.

All protocol data are to be protected by means of a full weekly backup using the three-generation principle.


A data backup policy should be available to determine how the generated data backups should be documented. Documentation is necessary for orderly and efficient data backup. The following items are to be documented for each generated data backup:

1. Date of data backup

2. Type of data backup (incremental, full)

3. Number of generations

4. Responsibility for data backup

5. Extent of data backup (files/directories)

6. Data media on which the operational data are stored

7. Data media on which the backup data are stored

8. Data backup hardware and software (with version number)

9. Data backup parameters (type of data backup etc.)

10. Storage location of backup copies

Daily backup should be performed after office-hours when computer usage is low Backup data should be stored in a tape backup drive as it provides capacity and mobility; hard disk is another viable option. For a large corporation, backup severs and off-site storage are strongly recommended.

33

Backed-up data should be stored at a secure offsite location. o All backup media should be stored at a safe and secure location. All weekly backup media should be stored in a fireproof safe. All software full backup

3. The factory has procedures so that employees change their passwords on a periodic basis Required:

All employees having access to the computer system must change their passwords at least twice per year.Sample procedures: Employees must change their passwords at least semiannually.

Network administrators should have responsibility to notify computer users regarding password changes. The network administrator should specify the frequency of password change and the dates of change, and the server operating software will remind employees about the change.Employees who fail to change their passwords within the given period should have their access to the computer network blocked until unlocked by the system administrator.


Passwords should be a combination of letters and numbers, at least 6 characters long. Passwords should never be “obvious”, such as choosing birth dates, city names etc.

Employees should change their passwords more often if there is a risk that the privacy of the password has been compromised. If an employee suspects that another person may have discovered the password, a new password should be used immediately.

4. The factory has policies to determine which employees are authorized access to its IT system

The factory must have written procedures to establish which employees are authorized access to its IT system.Sample procedures: Only employees from the following departments are authorized access to the IT system: office support, payroll, warehousing, orders, and sales.

The facility should grant user rights based on job functions. For example, an employee who is only responsible for payroll should not have access to invoicing or order forms.

When a new employee is hired, his or her immediate supervisor must determine if the employee needs access to the IT system. If it is determined that the employee needs access, the supervisor must request access for this employee. The supervisor should send a written request form to the IT

34

Manager, specifying the employees name and which applications he/or she needs access to.

Additional Security Suggestions for “Information Technology”

The factory should have written disaster recovery procedures to salvage the computer network and its data.

The IT team should rehearse the disaster recovery procedures at least once a year.

A disaster recovery plan can be defined as the on-going process of planning, developing and implementing disaster recovery management procedures and processes to ensure the efficient and effective resumption of vital company functions in the event of an unscheduled interruption. All disaster recovery plans must contain the following elements:

o Critical application assessmento Backup procedureso Recovery procedureso Implementation procedureso Test procedureso Plan maintenance


The IT disaster recovery procedures should be part of the facility’s business disaster recovery plan.

A member of the senior management team should be appointed to lead the IT disaster recovery team.

The IT disaster recovery team should identify the components of the facility’s network framework in order to create and update contingency procedures.

The IT disaster recovery team should conduct and document a risk assessment analysis of the facility’s IT system.

The IT disaster recovery team should evaluate, prioritize critical and secondary business functions to be supported.

The IT disaster recovery team should develop, maintain and document written strategic recovery procedures for all critical and secondary business functions.

35

The IT disaster recovery team should develop, maintain and distribute listings of individuals of each critical and secondary business function who can help the facility to recover from the disaster.

The IT disaster recovery team should develop, maintain and deliver a written IT contingency plan training program to all IT employees and the person-in-charge of each critical and secondary business function.

The IT disaster recovery team should test all aspects of the IT contingency plan -- at least annually. This is critical to the contingency plan's success.

The IT disaster recovery team should develop, maintain and document an effective annual reassessment of the IT contingency plan.

11. Education and Training

1. The factory must have a mandatory security program for its employees to cover recognizing internal conspiracies, maintaining product integrity, and challenging unauthorized access

The facility should designate certain employee (i.e. line supervisors), not just security guards need to be trained in basic security procedures. Employees should be encouraged through a recognition/incentive program to alert supervisors, security guards and law enforcement if there is a security breech.

All employees should be made aware of which employees have security training and the proper procedures for reports security breeches.

The necessary training procedures include: Recognizing internal conspiracies:

Employees should be aware of their coworkers and any unauthorized personnel planning or attempting to commit the following:

36

Introduction of unauthorized toxins, explosives, weapons or otherwise hazardous materials into the products, cargo or workspace

Destruction to cargo or products / Theft

Use of materials in a destructive or dangerous manner, or any way that is not consistent with approved manufacturing procedures

Maintaining Product integrity: Employees should seek to protect products and cargo from destruction or damage. Employees should ensure that products are handled and stored in a proper fashion by authorized personnel.

Challenging unauthorized access: Employees must be instructed that they should immediately alert security or their supervisor if they notice any person on the premises who is not wearing an employee or visitors badge.

They should also alert security or their supervisor if they notice an employee in a restricted area and the employee does not work in this area.

The security training should also include an established Threat Awareness program instructing employees how to recognize threats posed by terrorists and contraband smugglers.

The Threat Awareness program should include routine briefings and issuances of memoranda illustrating smuggling trends, seizures and information on terrorist threats along the logistical chain. Factories should document the security-training program for easy verification. Employees should sign an attendee sheet (see Appendix of Forms, Form L). Before each meeting, an agenda should be prepared (see Appendix of Forms, Form M).

Education and Training

It is recommended to conduct security training during the “new employee orientation” and to have a semi-annual refresher session before/or after the fire drill.

To ensure that all employees understand what was communicated in the training, have employees complete a short quiz and keep the result in the employee file.

Factories should employ creative teaching methods when conducting security training to include interactive exercises and role playing to ensure that employees are not just passively taking in the training and that they are actively learning.

Factories should conduct incident response training. Whenever a security breach has taken place, the issue should be communicated to all employees

37

and employees should be educated in practices on how to avoid similar problems in the future.

Factories should ensure that security guards receive specialized training. The training can be provided by the agency that supplies the security guards, or by third parties that specialize in the training of security officials. Training topics should cover the following areas:

o Bomb threatso Communicationso Company orientation and policieso CPRo Crowd controlo Customer service and public relationso Emergency response procedureso Ethics, honesty, professional image and proper conducto Fire prevention and controlo Fire equipmento First Aido Harassment and discriminationo Information securityo Legal aspects of securityo Lock and key controlo Note-taking/report writingo Patrol techniques and observing unusual circumstanceso Physical security and access controlo Preserving the incident sceneo Safety awarenesso Security awarenesso Substance abuseo Technology in securityo Testimonyo Theft preventiono Traffic control and parking lot securityo Urban terrorismo Use of force and force continuumo Workplace violence

2. The factory must encourage active employee participation in its security procedures through the use of recognition .

Employees who point out suspicions to management must be recognized for their active participation in the security program. The same applies for employees who find cartons that have been tampered with, who discover and report internal conspiracies, who alert security to an unidentified person on the premises etc.Recognition can take many forms :

38

o Making this employee “Employee of the Month”

o Pointing out this employee as a positive example during employee meetings

o Granting the employee an extra paid holiday

o Providing a non-monetary bonus (product samples, movie tickets etc.)

Additional Security Suggestions

A factory should try to involve every employee in creating a secure production environment. It should be emphasized that security does concern every one on the premises that the workers’ jobs are at stake if any dangerous cargo ever originates from this facility, and that each and every person can make a difference. It is important to communicate that security is a team effort and that management is supporting an enhanced security program.

Additional Security Suggestions for “Education and Training”

Factories should have an easily accessible drop box/ letter-box where employees can voice suspicions anonymously.

The factory should designate a senior level employee to keep up with the latest developments in terms of Customs Initiatives and new regulations, terrorism threat levels, and security techniques. This person is encouraged to attend seminars and workshops.

Factories should join security initiatives open to them, such as regional and industry initiatives. These programs provide very good training opportunities and a offer a chance to keep up with the latest (security) developments.

The factory should conduct internal audits of its security practices and maintain records of these audit findings and corrective actions that have been implemented as a result of such audits.

Factories should consider getting independent security consultations from third party providers.

12. Appendix of Forms Form A: Employee BadgeCompany: ________________________Employee Name: ___________________Department: ________

39

PHOTOForm B: Restricted Area Access ListLocation:Access granted to:Name Position123456789101112131415

Form C: Key Log FormKeyIssued byKeyIssued toDateIssuedDateReturnedKeynumber(s)Key use/KeydescriptionNotes(lost key; changed locks,etc.)

Signature ofkey issuerSignatureof keyreceiver12

Form D: Non-Business Hours Access List

40

Security Guard(s) on duty: _____________________________________________________________________________Date: ______________________________________________Name of person seekingaccess (print)Reason Time-in Time-out Signature12345

Form E: Visitor LogDate Visitor’s Name (Print)Name of contact person atFactory and/ or Reason forVisitTime-In Time-OutSignature ofVisitorSignature ofEmployeemonitoring theVisitor123456

Form F: Vehicle LogDate Time-in Time-out Company Driver Name Pick-up orDeliveryVehicle typeand Color License Plate12345678910

From G: Transit Monitoring Log FormDate Shipment

41

NumberConveyanceLicense PlateTimeConveyance left factoryTime conveyance arrived at destinationReasonableTimeActualTime Reasons for DelaySignature ofMonitoringEmployee123

Form H: Written ApplicationApplicants Personal Information Sheet

42

EMPLOYEE START DATE: ______________EMPLOYEE END DATE: _____________Date: ______________________________________________Applying for (position): _______________________________Applicant’s Name: ____________________________________Address: __________________________________________________________Phone: __________________________________________________________Have you resided at this address for at least 5 years? : Yes 0 No 0If no, please provide previous address/ addresses:Previous Address:__________________________________________________From (date) ________________________ to (date) ______________________Previous Address:__________________________________________________From (date) ________________________ to (date) ______________________Previous Address:__________________________________________________From (date) ________________________ to (date) ______________________Education (list school/s and addresses:Previous Employment:Company Name: ____________________Address: _____________________________________________________Supervisor Name:____________________Employed from (date)___________ to (date)_______Position:_________________________________Company Name: ____________________Address: _____________________________________________________Supervisor Name:____________________Employed from (date)___________ to (date)_______Position:_________________________________Relationship with this person: _______________________Address:_______________________________________________________Answer this question only if it is legal to ask the question:Have you ever been arrested? _________If yes, when and where: _______________Reason: __________________________I hereby certify that the above information is true and correct to the best of my knowledge. I authorize _______________(Company Name) and its officials, as well as third party investigation companies, to verify all information provided in this application to the extent of the law. I understand that if any part of this background investigation is illegal, this part will not be investigated.Applicant’s Signature: __________________________________Location and Date: _____________________________________***********************************************************************Company use only:Application reviewed by: ________________________Interview conducted by:_________________________Reference Checks conducted by:___________________________Background checks conducted by:___________________________

43

Form I: Reference Check

Reference Checks conducted by: _________________________________Residence verification:Name, Position, Company: ______________________________________Contacted on (date): ______________Contacted by (phone, email, fax, mail, meeting etc.): __________________Results: ______________________________________________________

Name, Position, Company: ______________________________________Contacted on (date): ______________Contacted by (phone, email, fax, mail, meeting etc.): __________________Results: ______________________________________________________Employment Verification:

Name, Position, Company: ______________________________________Contacted on (date): ______________Contacted by (phone, email, fax, mail, meeting etc.): __________________Results: ______________________________________________________

Name, Position, Company: ______________________________________Contacted on (date): ______________Contacted by (phone, email, fax, mail, meeting etc.): __________________Results: ______________________________________________________Education Verification:



44

Form J: Background checkCredit CheckConducted Yes NoIf yes, conducted by: _______________________________________Conducted on: ____________________________________________Results: __________________________________________________Copy attached: Yes No

Drug ScreeningConducted Yes NoIf yes, conducted by: ______________________________________Conducted on: ____________________________________________Results: __________________________________________________Copy attached: Yes No

Criminal Background Check (Police Records)Conducted Yes NoIf yes, conducted by: _______________________________________Conducted on: ____________________________________________Results: __________________________________________________Copy attached: Yes No

Form K: Terminated Employee ChecklistEmployee Name: _____________________________________Position(s) held: _____________________________________Started on: __________________________________________Terminated on: _______________________________________Checklist completed by: _______________________________Item Issued (Yes/No) Returned (Yes/No)UniformEmployee BadgeKey 1Key 2Key 3Key 4Company credit cardConfidential / CompanyDocumentsBusiness CardsItem Issued (Yes/ No) Changed on Changed ByAlarm Code 1Alarm Code 2IT access Code

45

Form L: Training Attendee Sheet

Date: __________________

Conducted by:________________________

Topics Covered:________________________________________________________________________________________________________________________________________________

Employee Name (Print) Employee Signature12345678910

Form M: Training AgendaTraining held on (Date): _______________________________________________Type of Training: ____________________________________________________Special Reasons: _____________________________________________________Topics to be discussed:1. _________________________________________________________________2. _________________________________________________________________3. _________________________________________________________________4. _________________________________________________________________5. __________________________________________________________________6. __________________________________________________________________7. __________________________________________________________________8. __________________________________________________________________9. __________________________________________________________________10. __________________________________________________________________

46

Form N: Security Quiz

Employee Name: _____________________________________________

Date: _______________________________________________________

Question Answer

1 What should you do when you notice someone on the premises not wearing anEmployee or visitors badge?

A I approach the person and ask what they are doing

B I notify the closest security guard

C I trigger the fire alarm

2 What should you do when you notice that the tape on one of the finished goods shipping cartons has come off?

A I get more tape and close it

B I don’t do anything

C I tell my supervisor that this cartons may have been tampered with

3 What should you do if one of your coworkers asks you if you were interested in making a little extra money on the side by taking a few products from the premises?

A I call police

B I don’t tell

C I inform my supervisor/manager.

47

Factory Security Policy

The following questions will help you describe how you address each of the Factory Security requirements. Draft the answers to the questions in the form of procedures that can be documented and communicated to the employees of the factory. Once completed this can serve as the internal factory security policy.

PHYSICAL SECURITY PERIMETER: Where is the entrance to the facility?

What security controls are utilized at the facility entrance to monitor the entry and exit of persons and vehicles?

What are the procedures for maintaining security at the facility entrance?LOCKS:

How does the facility ensure that doors and windows are locked when the facility is closed? Who is responsible?Answer:

CARGO STORAGE:

How does the facility segregate international and domestic goods/cargo in the warehouse?

How does the facility restrict access to hazardous goods/cargo?

Who is responsible for this?

What mechanisms are used? (Barriers? CCTV? Guards? Etc.)

Who is authorized to access different types of cargo and areas?Answer:

PACKING AND LOADING:

How does the facility ensure that unauthorized personnel do not enter the packing and loading areas?

Who is responsible to ensure this?

What mechanisms are used?(Examples: Security guard who checks badges; CCTV that is monitored; Locked and fenced area; etc.) If guards are responsible, when are they posted?

48

What types of employees are allowed to enter each of these areas? Is this documented in any way? Answer:

How does the facility maintain security around the loading area during loading? What mechanisms are in place? Who is responsible? Answer:

MAINTAINING CCTV SYSTEMS:

If CCTV is used, who is responsible for monitoring areas where cameras are posted?

What are the procedures when inappropriate activity is detected?

How long are tapes archived?


Who is responsible for maintenance of this equipment?

Where is the equipment stored?

Who has access to this area? Is it secured?

Answer:

If alarms are used, who has the alarm code?

Who has access to the area where the equipment is stored?

How is that area secured?

What are the procedures in the event of a break-in?Answer:

TRACKING KEYS:

Who has keys to the facility? What is the process for giving out a new set of keys? Is there a log that documents people who have keys?Answer:

PARKING FOR PRIVATE OR VISITORS VEHICLES:

Is private parking for employees or guest vehicles available?

Are there assigned parking spaces?

Who is responsible to monitor the Parking Area?

49

Are there procedures in place to challenge unauthorized vehicles?

Are all incidents documented?

If so where are these records kept?

How long are they kept?

Who is responsible to maintain these documents?

ACCESS CONTROLSEMPLOYEE BADGES:

What is the process for creating badges for new employees?

What information needs to be included on a badge?

Who makes and controls the badges?

What do different badges look like for different types of employees with different levels of access?

Which badges permit employees to enter restricted areas?

What is the procedure for collecting identification, facility, and system access for terminated employees (badges, keycards, etc.)?Answer:

VISITOR ACCESS CONTROLS:

What is the procedure for visitors to the facility?

What type of photo identification is required to be presented by visitors?

What are the access points of the facility for visitors?

Who is responsible to ensure that visitors have access to their approved area?

What type of information is recorded on visitor logs?

How long is that kept, and where is it stored?

Who has access to, is responsible for the distribution and the return of visitor’sbadges?

What is the procedure for visitors who do not have photo identification?

Are visitors monitored when they enter the facility?

50


Who is informed of the presence of visitors?

Which visitors require closer supervision?

In which areas of the facility are visitors prohibited from being unaccompanied?Answer:

CHALLENGING UNAUTHORIZED PERSONS :

What is the procedure for challenging unauthorized personnel, or visitors who are not wearing a badge?

What are workers required to do?

What are managers and security guards required to do?

Which areas of the facility are restricted?

What is the process for correcting areas of weakest security?

EMPLOYEE ACCESS CONTROLS:

How are employees verified upon entry? (Examples: Security guard checking badges,swipe cards, key code, etc.)

How is area access determined?Answer:

PROCEDURAL SECURITY LOADING PROCEDURES ?

What are the security practices related to loading? Who is responsible for supervising the loading process? How are containers inspected? What are the criteria upon which containers are evaluated? Who is responsible for this? What is the procedure when abnormalities are found?Answer:

CARGO TRACKING PROCEDURES:

51

How does the facility ensure that goods are transported to the port or consolidator in atimely manner? Are there different procedures for different situations? Who is responsible for this? Is this documented? Where is documentation kept, and for how long? What is the procedure when abnormalities are found?Answer:

CARGO VERIFICATION PROCEDURES:

What are the procedures for matching the product count with the shipping documentation?


How is this documented?

What is the procedure for abnormalities or discrepancies?Answer:

What are the procedures to verify that all shipments are properly labeled, marked, weighed, counted, and documented?

Who is responsible for this?Answer:

SEAL VERIFICATION PROCEDURES:

What are the procedures for verifying seals? Who is responsible for this? How is this documented? What is the procedure when abnormalities are detected?Answer:

PROHIBITING TRUCK DRIVERS FROM LOADING ACTIVITIES:

What is the policy for truck drivers during loading?

52

Who is responsible for ensuring that truckers do not participate in loading?Answer:

ILLEGAL ACTIVITY DETECTION PROCEDURES:

What is the procedure of informing authorities when illegal activities are detected? What is the chain of command for reporting?Answer:

SHIPPING DOCUMENTATION AUTHORIZATION:

Who is responsible for the creation of all shipping documents?

What are the procedures to prevent unauthorized personnel from accessing shipping documents?

Who is responsible for this? Who is authorized to sign documentation?Answer:

CONTAINER STORAGE:

What are the procedures for storing empty containers?

Who is responsible to ensure that they are locked and in a secure area? Are there procedures in place to re-inspect stored containers prior to loading?

Who is responsible for re-inspections?

PERSONNEL SECURITY PRE-EMPLOYMENT SCREENING AND HIRING :

What is the procedure for screening new employees?

53


What type of documentation is required to be completed by new employees?

How long is this documentation maintained?

Who is responsible for interviews? Are there different levels of screening for different types of employees?

Who has access to employee files?

How is access restricted?Answer:

INFORMATION TECHNOLOGY SECURITY COMPUTER NETWORK SECURITY PROCEDURES:

What are the procedures for securing the computer network?


Who has access to passwords?

How often are passwords required to be changed?

How is the system backed up?

How often?

How long are tapes archived?

How often is antivirus software updated?

Where is the hardware stored?

54

Who has access to this?

How is access restricted?Answer:

EDUCATION AND TRAINING EMPLOYEE SECURITY TRAINING :How are employees trained about security? Who is responsible for the training and training materials? How often are employees required to be trained?Answer:

Security PostersPoster A

No Parking for Private Vehicles

Poster B:

RESTRICTED ACCESS FOR AUTHORIZED PERSONNEL ONLY

Poster C:

THIS FACILITY IS EQUIPPED WITH A VIDEO SURVEILLANCE SYSTEM. YOU ARE SUBJECT TO RECORDING.

Poster D:

55

ALL VISITORS MUST SIGN THE VISITOR LOG

Poster E:ALL EMPLOYEES, VISITORS, AND THEIR BELONGINGS (INCLUDING VEHICLES) ARE SUBJECT TO SEARCH.

Poster F:

TRUCK DRIVERS AND THEIR HELPER CANNOT BE IN THE LOADING AREA. THEY MUST WAIT NEAR THE SECURITY ARE UNTIL THE LOADING IS COMPLETE.

Poster G:FOR SECURITY CALL: Mbl : Ext :

Poster H:NO TRESPASSING / No Smoking / No Spitting

14. Acceptable forms of Identification and Security Background Checks that must be copied at time of hire

One of the following documents is an acceptable identification document for all countries:1 : Valid Passport

56

2: Driver’s license with photo3: National identity card with photo

IDENTIFICATION DOCUMENT SECURITY BACKGROUND CHECKS

FOR INDIA

1: Birth Certificate

2: School Leaving Certificate

3: Voter I.D. Card

4: Age Verification Certificate

5: Medical Certificate (through registered doctor)

6: Driver’s License

7: Ration Card

8: Dental Certificate

9: Affidavit from Panchayat Raj (village elder)

10: Affidavit from Notary of the Public

11: School records (offer proof of age and educational background)

12: Police Records: If the person is not able to give any valid reference.

END OF SECURITY MANUAL -

57

003 - Security Manual-DONE

Documents

disaster recovery

local law

actual product

phased security

secondary

carrier initiative

notify law

additional