1、第 1 页 共 6 页Lowes C-TPAT 评估过程 审核过程概况SGS 概况国际性质量控制和检测公司总部在日内瓦;全球超过 140 多家分支机构全球超过 125 名保安审核员拥有丰富的 C-TPAT 国际经验SGS 审核过程-编制时间表 在制定时间表前联系供应商 解释审核过程(包括邀请 1-2 名货运公司代表在结束审核前参加会议) 对工厂环境设施的问卷调查(需要完成并返还 SGS 以便为审核做准备) SGS 条款和条件,包括付款方式(需要在制定时间表前签订并返还给 SGS) SGS 办事处会联系供应商,制定审核的日期、开始时间、并告知审核员姓名 为降低费用,并更有效率地编排审核时间,若在
2、同一地区能同时安排 4 家工厂审核,即可开始编排。SGS 审核过程-首次会议 与保安/营运经理和其他相关人员举行首次会议 介绍所有与会者和他们的职能 讨论审核流程及时间 确定邀请 1-2 名货运公司代表在结束审核前参加会议 解释评分标准,强制性问题,改进措施 A 和措施 B 的时限 审核员需要复查些什么文件 保安流程的文件 人力资源程序和人员背景调查的流程 在工厂或营运单位内的保安设备及安排 保安培训记录 使用 Lowes 己发布的检查清单 审核是指导信息,不是对审第 2 页 共 6 页SGS 审核过程-展开审核-1 标准审核流程 四周的围栏和大门 大楼构造/通道 船坞/货柜储存区 外部照明
3、to ensure that all employees receive security training; and to ensure that all terminated employees are restricted from entering the facility.目的:确保所有员工在雇用前,在法律允许的范围内作了适当的筛选,确保所有员工得到安全培训;确保阻止所有离职员工进行工厂Requirements 要求1. Establish controls to prevent unauthorized vehicles from entering the premises.建立控
4、制预防未授权的车辆闯入2. Provide means of identification(badges, passes, labels, tags or photo identification)for all employees and authorized visitors.第 4 页 共 6 页提供方法识别所有员工和授权来访者(如证件,卡片,标签或照片)3. Provide means of identification(badges,passes,labels,tags or photo identification)for all visitors and contractors.
5、 提供方法识别所有来访者和供应商(如证件,卡片,标签或照片)4. Establish means to positively identify drivers through photo identification or other means.通过图片或其他方法识别司机5. Establish a process for handling terminated employees or contractor and preventing subsequent access to the premises.建立处理辞职工人员和终止的供应商的程序,预防后续的访问6. Establish pro
6、cedures to ensure unauthorized and unidentified persons are challenged and prevented access to the yard, shipping and receiving areas, and conveyances.建立程序确保预防未授权和未经确认的人员进入工厂,出货和收货区和运输工具7. Establish procedures to prevent personal vehicles from being parked in the truck pad, shipping, receiving and c
7、argo areas.建立程序预防私家车停放在货车,出货和收货区域Section III: Human Resource第三部分:人力资源Purpose: To ensure that all employees are properly screened before hiring to the fullest extent allowed by law; to ensure that all terminated employees are restricted from entering the facility.目的:确保所有员工在雇用前在法律允许范围内作适当的背景调查,确保所有辞退人
8、员被阻止进入工厂1. Conduct pre-employment background checks on all prospective employees to the fullest extent possible allowed by law in the country where employed. Include criminal checks wherever possible.所有员工在雇用前作法律许可范围内的背景调查,包括用无犯罪记录2. Conduct pre-employment background checks on all temporary or cntrac
9、t personnel to the fullest extent possible allowed by law in the country where employed. Include criminal checks wherever possible. 所有临时或合同员工在雇用前作法律许可范围内的背景调查,包括用无犯罪记录3. Conduct drug testing (as allowed by law in the country where employed) on all employees and temporary or contract workers.对所有临时或合同
10、工人进行药物检测(在法律允许的情况下)4. Conduct security training as part of a new employee orientation as well as on an annual basis for all existing employees.对新员工进行安全培训,并每年对所有员工培训一次5. Issue employee conduct guidelines or other documented code of conduct instructions to all employees.公布员工行为准则或其他书面的行为指导给所有员工6. Estab
11、lish a system which encourages and rewards employees for reporting anomalies and/or wrongdoings.建立制度鼓励和奖赏员工报告异常事件和(或)不良行为。7. Provide key personnel with training in document fraud and computer security. 对主要人员进行有关文件伪造和电脑安全方面的培训Section IV: Shipping and Receiving Procedures第四部分:出货和收货程序Purpose: To ensure
12、 that receiving and shipping practices prevent the theft of cargo or the introduction of unmanifested materials.目的:确保收货和出货操作安全,预防货物偷窃或未购货物进入工厂Requirements 要求1. Conduct pre-stuffing inspection on all empty containers to ensure integrity of container for shipping purposed and to detect concealed areas
13、 within container structure.第 5 页 共 6 页对所有空柜进行检查确保货柜的完整性和发现货柜的隐蔽区域。2. Establish a restricted-access area for shipping and receiving areas which allows only authorized employee access.建立对出货和收货区的限制访问,只允许授权人员访问3. Establish written security procedures for shipping and receiving operations which prevent
14、cargo loss and/or the introduction of unauthorized or unmanifested material.建立收货和出货安全运作程序,预防货物丢失或未授权或未申报的货物进入。4. Establish procedures which require that all unauthorized persons be removed from the shipping and receiving area. 建立程序要求所有未授权人员不得进入收货和出货区域5. Ensure that loading and unloading of trucks, t
15、railers and/or containers is supervised appropriately.确保装载和未装载的货车,货柜得到适当的管理6. Maintain records of incoming and outgoing goods.保持进出货物的记录7. Ensure conveyance integrity for containers/trailers/railcars in order to prevent the introduction of unauthorized persons or materials.确保货柜/拖车等运输工具的完整性,预防未授权人员或物料
16、的访问8. Utilize containers/trailers that are of solid wall construction and in good working order.货柜或拖车是实体结构并处理良好的工作状态9. Establish procedures to ensure that trailers/containers/railcars are properly sealed and or locked prior to leaving the facility.建立程序确保拖车/货柜在离开工厂前是适当密封或上锁的10. Establish procedures w
17、hich record and track use of seal numbers.建立程序确保记录和追溯封条的使用11. Establish procedures to ensure that manifests or bills of lading area complete, legible, accurate and meeting the requirements of advance notification(i.e.24 Hour rule.)建立程序确保装货清单是完整的,清晰的,准确的并能满足预定的要求12. Establish a procedure for detectin
18、g and reporting overages and shortages.建立程序发现和报告超多和短少13. Establish procedures which require proper marking, counting, weighing(if necessary)for reporting on the transport document or manifest.建立程序要求在运输单或装货单上报告适当的标识,数量,重量(如果必要)14. Retain control of all unused seals.保持对未使用的封条的控制15. Establish anti-pilf
19、erage measurements.建立反偷窃的方法16. Establish storage area for empty and full containers so as to restrict opportunity to introduce unmanifested or unauthorized materials or persons.设置空柜和满柜停放区域,以便限定未申报或未报权的货物或人员进入17. Establish a storage area for international, domestic, high-value and dangerous goods wit
20、hin a cages, fences or restricted areas.在有栅栏或受限的区域里设置国际,国内,高价值和危险货物储存区域Section V: Security Management System第五部分:安全管理制度Purpose: To ensure that individuals responsible for security have been identified, that security responsibilities have been clearly defined, that security policies and procedures ar
21、e documented, that liaison and communication protocols with law enforcement have been established, and that random unannounced security assessments are performed.目的:确保安全人员被识别,安全职责清楚的定义,安全方针和程序书面规定,建立于当地执法机构沟通第 6 页 共 6 页和通信协议,执行随机的未通知的安全评估Requirements 要求1. Designate manager or supervisor with securit
22、y responsibilities for the company. Reflect this in writing, such as job description or security procedure.书面指定公司的安全管理人员,如工作说明书或安全程序2. Assign or designate a security representative for each facility.指定一名安全代表3. Establish written security policies and procedures to include physical security, access co
23、ntrols, personnel security, education and awareness, manifest and conveyance security and the handling of incoming and outgoing goods to identify overages and shortages or the introduction of unmanifested or illegal goods.建立书面的安全方针和程序包括实体安全,访问控制,人员安全,知识教育,载货单和运输工具安全和处理进出货物,确定货物数量超多和短少或未申报的或违法货物4. Do
24、cument processes for reporting and/or investigating security-related incidents. Include any reporting to law enforcement, if warranted.报告和调查安全事故的书面程序,如果有证据,包括对法律实施的报告,5. Establish working relationship with local law enforcement agencies.建立与当地执法机构的工作联系6. Establish internal and external communication
25、systems to notify internal security personnel and law enforcement in the event of a security incident.建立发生安全事故时,通报内部保安人员和当地执法机构的内外沟通制度7. Conduct periodic internal reviews or audits of security operations. Document the results of these reviews.进行定期的内部安全评审,记录评审结果8. Based on internal reviews or audits,
26、 establish a security improvement plan, if warranted.在内部评审后,制定一个安全改善记录9. Provide any subcontract transportation or other service providers with documented minimum security requirements.提供对所有转包合同输送或其他服务供应者书面的最低安全要求Section VI: Data Security Management第六部分:数据安全管理Purpose: To ensure that processes are in
27、 place to ensure the integrity of information technology(computer systems and business data) and to prevent and/or address unauthorized access, tampering or altering of business data.目的:确保有适当的程序信息技术(电脑系统和商业数据)的完整性,预防未授权的访问,对商业数据的侵害Requirements 要求1. Establish controls to prevent unauthorized access to computer systems.建立控制预防对电脑系统未授权的访问2. Document information technology security policies and procedures, and provide those to employees in the form of training.文件信息技术安全方针和程序,并提供这方面的培训给员工3. Establish controls to identify and address the abuse of information technology.建立控制以识别对信息技术的滥用
