SCS Awareness Training供应链安全意识培训

SupplyChainSecurityGeneralAwarenessTraining供应链安全意识培训CONFIDENTIALBackground背景AsaresultoftheeventsofSeptember11th,2001theUnitedStatesundertookanumberofinitiativestoimprovebordersecurity.911事件之后，美国开始一系列旨在提高边境安全的自愿计划。OneofthesewastoestablishtheCustoms-TradePartnershipAgainstTerrorism(C-TPAT),ajointgovernment/businessinitiativetoimprovesupplychainsecurity.其中之一就是成立了海关-商贸反恐联盟，即政府与相关业界合作确保供应链的安全。Throughthisvoluntaryinitiative,U.S.CustomsandBorderProtection(CBP)hasaskedbusinessestoensuretheintegrityoftheirsecuritypracticesandtocommunicatethesepracticestotheirpartnerswithinthesupplychain.通过这些自愿行为，美国国土安全部边境保护局要求商家确保供应链的整体安全，并在供应链内与合作伙伴沟通这些自愿计划。Background背景BasedonC-TPAT,variousothercountriesaredefiningsimilarsupplychainsecurityinitiatives.TheEuropeanUnionhasestablishedAEO

(AuthorizedEconomicOperators),andSingapore,STP

(SingaporeSecureTradePartnership),bothofwhichFlextronicsisactivelyengaged.Additionally,theWorldCustomsOrganization(WCO)hasproposedastandardframeworkfromwhichcountriesshoulddefineasupplychainsecurityprogram.基于此，许多其他国家也定义了类似的供应链自愿性安全举措。欧盟已经设立了AEO（经认证的经营者），新加坡设立了STP（新加坡安全贸易伙伴），两地都是伟创力主要的经营地。此外，各国都可以根据世界海关组织提议制作的标准构架定义供应链安全纲要。FlexiscontractuallyrequiredbyvariousCustomerstomaintaincertificationinSupplyChainSecurityprogramsthroughouttheworld.诸多客户要求伟创力在全世界范围内维持供应链安全项目Bottomline:Flexwillcontinuetomaintainandinvestinarobustsupplychainsecurityprogram,worldwide概要：伟创力在全球范围内对健全的供应链安全项目进行持续的维护与投资Background背景C-TPATCustoms-TradePartnershipAgainstTerrorism(US)PIPPartnersinProtection(Canada)AEOAuthorizedEconomicOperators(EU,Korea,Japan)STPSecureTradePartnership(Singapore)NEECNuevaEsquemadeEmpresasCertificadas(Mexico)FlexC-TPATandSTPSitesFlextronicsUSA(Importer)(AllU.S.Sites)

FlextronicsGuadalajaraNorth(ForeignManufacturer)FlextronicsGuadalajaraSouth(ForeignManufacturer)

FlextronicsAguascalientes(ForeignManufacturer)FlextronicsTijuana(ForeignManufacturer)

FlextronicsNogales

(ForeignManufacturer)

FlextronicsJuarez(ForeignManufacturer)

Flextronics,Changi,(FlextronicsTechnology(S)PteLtd)FlexNEECandAEOSites

FlextronicsRamosArizpe FlextronicsGuadalajaraNorthFlextronicsGuadalajaraSouthFlextronicsAguascalientesFlextronicsTijuana

FlextronicsNogales

FlextronicsJuarez

FlextronicsAlthofen,AustriaFlextronicsInternationalGermany,PaderbornFlextronicsInternationalHungaryFlextronicsInternationalPoland,TczewFlextronicsLogisticsB.V.,VenrayNetherlandsFlextronicsLogisticsPoland,LodzIrishExpressCargoLtdforLimerick&Cork,IrelandBenefitsofSCS供应链安全管理的好处Itgeneratesgoodwillwithcustomersand/ormeetscustomerrequirements:anumberofcustomershaverequestedFlextronicstojointheprogram,whileothershaverequiredit.改善客户关系，满足客户要求：许多客户要求伟创力加入该项目，其他的部分客户之前已有此要求。Customer

Requirement客户要求PreventTerrorism防止恐怖主义CustomInspections海关监管Cargo/Inventory货物/库存ImporterswhoparticipatewillhavefewerCustomsinspections,avoidingimportdelays.参与的进口商会得到更少的海关监管，避免进口延迟。SupplyChainsecuritypreventsthespreadofterrorismandensuresFlextronics’supplychainisnotusedforillicitorillegalpurposes.供应链安全项目能够防止恐怖主义扩散，并确保伟创力的供应链的合法性用途。

Numerouscompanieshavereportedthattheirincreasedattentiontosupplychainsecurityhasresultedinadecreaseincargo/inventoryloss.据报道，许多公司都更加关注供应链安全项目，并且因此大大减少了在货运/仓储环节上的损失。

ForthepurposeofSupplyChainSecurity,Flextronicsfocusesonsecurityinthefollowingkeyareas:为确保供应链安全，伟创力十分关注下列各关键领域的安全问题：Regularassessmentswillbecompletedonalloftheseareastoensuretheyaremeetingtherequirements.Theseassessmentscouldbeconductedinternallyorbya3rdpartyprovider.为确保这些领域始终符合要求，我们将定期对其进行评估。评估可以是内部的，也可以是由第三方供应商提供的。FlextronicsOwned&OperatedSites伟创力所属及运营场所Flextronics’TransportationSuppliers伟创力物流供应商MaterialsSuppliers,Third-partyManufacturers,Warehouses,andtheirSubcontractors物料供应商，第三方制造商，仓库及其承包商FlextronicsSCSProgram供应链安全程序FlextronicsSCSProgram供应链安全程序FocusAreas6.InformationTechnologySecurity信息技术安全2.ContainerSecurity&Inspection集装箱安全&检测7.SecurityAwarenessTraining安全意识培训4.ProceduralSecurity程序安全5.PhysicalSecurity硬件/实体安全8.BusinessPartners

商业伙伴9.PersonnelSecurity人员安全3.Access&EgressControls

访问/门禁控制1.InternationalSupplyChainRiskAssessment风险评估1.InternationalSupplyChainRiskAssessment风险评估Acomprehensiveassessmentoftheinternationalsupplychainconductedbytheimporterorforeignmanufacturerandbaseduponthesupplychainsecuritymeasuresidentifiedinthistraining.Appropriatesecuritymeasuresmustbeimplementedandmaintainedthroughouttheimporterormanufacturer’ssupplychain,basedonrisk.1.InternationalSupplyChainRiskAssessment风险评估MappingCargoFlow&IdentifyingBusinessPartnersConductingaThreatAssessmentfocusingon:Terrorism,Smuggling,OrganizedCrime,&Contraband,suchthatriskforaregioncanbeidentifiedasHigh,Medium,LowConductingaVulnerabilityAssessmentatthecompanyinaccordancewithSCSCriteriaPreparinganActionPlanbasedonthe“Gaps”DocumentingHowRiskAssessmentsareConducted—theProceduresASCSRiskAssessmentincludesthefollowing:2.ContainerSecurity&Inspection集装箱安全&监测Writtenproceduresmustbeinplacetoensurethesecurityofemptyandfullcontainers.

制定程序以确保空置和装满的集装箱安全Containersmustbeinspectedpriortostuffingtoensurenounmanifestedmaterialisincludedandtoensuretheoverallsecurityofthecontainer.

装箱前对集装箱进行检查，以确保集装箱的整体安全及没有装载不明货物。Containersmustbesealedwithhighsecuritysealstopreventtheunauthorizedintroductionofmaterial.Sealsmustbeassignedrandomnumericorder.

集装箱必需用高保封条密封，防止装入未经许可的货物。封条必须有随机的序列号。Fullandemptycontainersmustbestoredtopreventunauthorizedaccessormanipulation.

集装箱必需指定存放，以防未经授权擅自使用。SevenPointsInspection7点检查法ImmediatelypriortostuffingacontainerandafterunloadingforshipmentsimportedtotheU.S.,Singapore&EUpersonnelshouldcompletea7pointsinspectionofthecontainer.

货柜箱装货前或卸货后应由专人立即对货柜箱进行7点检查Frontwall前墙Leftside左侧墙Rightside右侧墙Floor地板Interiorceiling上部/顶层Inside/outsidedoors箱门Outsideincludingroofandundercarriage底部/底盘1234567SevenPointsInspection–FrontWall检查前墙Realblockconcealed!发现隔间1,290lbs.Marijuana!大麻SevenPointsInspection-Right/LeftSides检查左右侧墙55lbs.ofcocaine/Onebeam!箱梁内部藏有毒品可卡因SevenPointsInspection–Floor检查地板1,300lbsofcocaine!地板内隔层,发现毒品可卡因SevenPointsInspection–Ceiling/Roof检查上部/顶层1,200lbsofcocaine!顶层发现间隔藏有毒品可卡因SevenPointsInspection–Outside/InsideDoors检查箱门Lookforsolidplateonusualcavities!门板是否有隔层.5Containers/837lbs.ofcocaine!隔层内发现毒品可卡因SevenPointsInspection–Undercarriage检查底部/底盘Bewareofsolidplate/C-beamsnotvisible!箱底固板.C型粱有无异样.432lbs.ofcocaine!发现毒品可卡因.3.Access&EgressControls访问/门禁控制Employeeidentification雇员识别Anidentificationprocessmustexistforemployeesandcontractorsforexamplethroughbadgesand/oraccesscards.制定认证程序，例如雇员及合约商需要厂牌或通行证等权限证明。Visitors访客Allvisitorsandvendorsmustbepositivelyidentifiedwithphotoidentification.所有访客和供应商都需通过照片明确识别Visitorsmustdisplayatemporaryidentificationbadgeandbeescortedwhenonthepremises.访客进入经营场所需出示临时身份识别卡，且有人员陪同ControlArea限制区域Employeeshouldonlybegivenaccesstosecureareasneededfortheperformanceoftheirduties.只有确定有工作需要的人才能被允许进入安全管控区域Deliveries(includingmail)交货（包括邮件）Arrivingpackagesincludingmailshouldbeperiodicallyscreenedbeforebeingdisseminated.到达的包裹及邮件在散发出去前必须定期进行检查Eachsitemusthavewrittenproceduresforaccesstothefacilityforemployees,contractors,vendorsandvisitors.每个运营场所必须有书面程序以明确雇员、合约商、供应商及访客使用设施的权限。4.ProceduralSecurity程序安全Proceduresshouldbeinplacetoensureonlymanifestedmaterialisleavingandenteringthefacility.制定程序以确保任何材料未经审核不得进出Foroutboundshipmentsexactquantity,exactproduct,marksandweightsshouldbechecked.检查所有出境货运的数量、产品、标志和重量Forinboundshipmentscorrectweights,labels,marksandpiececountsshouldbeverifiedagainstthemanifest,invoiceorpackinglist.根据载货单，发票或装箱单核查入境货品的准确重量、商标、标志及数量Shippingdocumentationmustbelegible,complete,accurateandprotectedagainstexchange,lossortheintroductionoferroneousinformation.船务文件必须清晰、完整、准确，并且确保不会被更改、遗失或出现错误的信息。Proceduresmustexistfordetectingandreportingshortagesandoverages.制定程序以发现和报告货物短少或过量Theremustbetrackingproceduresforthemovementofincomingandoutgoinggoods.制定程序以跟踪所有进货及出货5.PhysicalSecurity硬件/实体安全Controlsmustbeinplacetopreventunauthorizedaccesstothepremises.Thesecontrolsneedtoberegularlymonitoredandmaintainedtoensuresecurity.Controlsincludebutarenotlimitedto:实施有效控制，未经授权，任何人不得擅入厂区。这些控制措施必须定时监控维护，以确保厂区安全。管理范围包括（但不只限于次）：Exteriorandinteriorfencing内外围墙Gates&GateHouses大门Segregationofprivatevehicleparkingfromproducthandlingandstorageareas私人停车点（制造及贮藏货物的厂区外）Securebuildingconstruction安全的建筑结构Lock&keycontrolprocedures钥匙管理程序Adequatelighting充足的照明Alarmsystems&closedcircuittelevision警报系统&闭路电视SecurityPersonnel保安人员6.InformationTechnologySecurity信息技术安全Employeesmustremember员工需谨记：EachusermusthaveauniqueUserID.UserIDsshouldnotbeshared.每个用户都有唯一的用户名，不可共享PasswordsmustfollowtheconventiondefinedintheITSecurityPasswordPolicy.密码的设定须遵循信息技术安全密码管理条例Passwordsshouldbeprotectedtopreventunauthorizeduse.保护密码，避免未经授权的使用Passwordsshouldbechangedevery90days.每90天更新一次密码AnyincidentthatmightbeathreattotheprotectionofFlextronicsinformationsystemsshouldbereportedtothelocalITHelpdeskandtheFlextronicsInformationSecurityTeam.任何可能破坏伟创力信息系统的事件都需向当地IT部门或伟创力信息安全组汇报AllemployeesmustfollowFlextronicsInformationSecuritypolicies.Thesepoliciescanbefoundat:雇员必须遵循伟创力信息技术安全政策，这些政策可以从一下链接中查到：

https://XXX7.SecurityAwarenessTraining安全意识培训Securitypersonnelshouldestablishathreatawarenessprogramtofosterawarenessofthethreatposedbyterroristsateverypointinsupplychain.安全人员应当建立恐怖威胁意识程序，以培养发现恐怖分子在供应链每个点上形成的威胁的意识Employeesreceiving&openingmailorintheshipping/receivingareasshouldreceiveadditionaltraining.收取、开启邮件的员工或在船务部、收货区域工作的员工应接受额外的培训Specifictrainingshouldbeofferedtoassistemployeesinthefollowingareas应当给予员工下述特殊的培训：Maintainingcargointegrity维护货物完整Recognizinginternalconspiracies认识内部阴谋Protectingaccesscontrols保护访问控制ITspecific“codeofconduct”trainingIT特定的道德行为规范培训EstablishandimplementasupplychainsecuritytrainingprogramthatimplementsC-TPATTrainingBestPractices.建立和实施供应链安全培训程序是实施C-TPAT培训的最佳实践8.BusinessPartners商业伙伴Mustworkwithitsbusinesspartnerstoensurethatpertinentsecuritymeasuresareinplaceandadheredtothroughoutthesupplychain.与商业伙伴一起制定贯穿整个供应链的相关安全措施Musthaveverifiablewrittenprocessesfortheselectionofbusinesspartners,includingmanufacturers,productsuppliers,&vendors.制定商业伙伴筛选流程，包含：制造商、产品供应商和其它供应商IfcertifiedasC-TPAToranotherSCSprogram,itmustprovideproof(withSVIno)如果商业伙伴已获得C-TPAT或其它供应链安全项目认证，须提供证明（如：SVI号码）IfcompanydoesnotqualifyforSCSprogram,itmustdemonstratethatitcomplieswithSCSprinciplesthrougheither…如果商业伙伴不具备供应链安全项目资质，则必须通过如下方式，证明其符合供应链安全规则LetterfromSeniorOfficerofcompany公司高层的信Writtenstatementfrombusinesspartner,or书面声明，或Completedimportersecurityquestionnaire进口商安全问卷9.PersonnelSecurity

人员安全Processesmustbeinplacetoscreenprospectiveemployees&periodicallycheckcurrentemployees.制定流程，审核将入职员工和定期检查现有员工Applicationinfomustbeverifiedpriortoemployment.雇佣前核实申请信息Aspercountryregulations,backgroundchecks&investigationsshouldbeconductedforprospectiveemployees.依据国家法规，对将入职员工进行背景调查Companiesmusthaveprocedurestoremoveidentification,facilityaccess,&systemaccessfromterminatedemployees.对于离职员工，公司须具有移除ID、厂区权限和系统权限的流程EveryEmployee’sResponsibility每个员工的职责NotifyyourlocalSupplyChainSecurityCoordinator(SSC)andorsecuritypersonnelimmediatelyofbreachesorsuspectedsecuritybreaches.当发现任何违反安全条例的行为或可疑行为，立即向当地供应链安全协调员及保安人员报告Don’tletpersonsenterfacilitiesorrestrictedareaswithoutappropriateaccess.拒绝所有没有通行证的人员进入厂区或限制区域Escortvisitorsthroughoutthefacility.陪同访客参观厂区Challengeindividualswithoutbadgesandnotifylocalsecuritypersonnelimmediately.询问没有证件的人员，并立即通知当地保安人员BeonthelookoutforpossibleconspiraciesordocumentationfraudandreporttoyourlocalSSCorsecuritypersonnelimmediately.如发现可疑文件请立即向当地供应链安全协调员及保安人员报告，以下情况亦需通报：Suspiciouschangestomanifestsorreceivingdocuments载货单或收货文件中出现可疑的变化Employeesorcontractorsbringinglargepackagesorbaggageintothefacility雇员或合约商携带大件行李或包裹进入厂区Employeesorcontractorsusingothers’badgesorkeystoenterthefacility雇员或合约商使用他人厂牌或钥匙进入厂区DocumentationFraud可疑文件Lookformanipulationthatmayhaveoccurredafterthedocumentwasprinted,thisincludesmanualcutandpastelines,andmisalignmentwithrestofdocument.检查在打印后是否有改动，例如手工裁剪，粘贴，错误排列等Beawareoffontsthatdonotmatchtherestofthedocument.注意字体是否与文件其他部分相符

Handwrittenupdatesareacceptableiftheyhavebeeninitialed.Otherwise,handwrittenupdatesshouldbeconsideredsuspect.Payparticularattentiontoupdatestoproduct,weights,quantitiesandaddresses.首字母大写的手写体更新资料是可接受的，否则值得怀疑。特别需要注意的是货物、重量、数量及地址的更改。EscalatingSupplyChainSecurityAnomaliesASupplyChainSecurityissuesandrisksshouldbeescalatedthroughtheescalation/communicationprocess.

供应链安全问题和风险应通过上报、沟通流程逐级上报SeeFMSdocumentGT