GSV

Facility Name: PT.
DCP Travelling Products Customer Name: SanMar
Facility Address: Jl. Raya Jepara Kudus Km. 21 No.88 RT.001 RW.003, Industry/Key Main Product Bags
Sengonbungel, Mayon, Jawa Tengah
Facility Telephon62-81233556285 Facility Fax: 62-291-7512531
Facility Contact Mr. Fan Xi Qing as General Manager Auditor(s): Aditya Krishna
Facility Email: [email protected] Verification Date: April 30, 2019
Number序列号 Section Security Requirements安全需求 Exceptions and Finding Details异常和查找细节 Criteria标准 Root Cause根本原因 Proposed Corrective Action纠正措施 Preventive Action预防措施 Target Completion Date完成时间 Responsible Person Status
1 Records & Documentation Foreign manufacturers shall have a documented The facility has no policy in place to ensure that security Must Do 1.建立反恐程序文件并记录存档Establish security Fitria
记录和文档 and verifiable process for determining risk procedures are documented.没有适当的政策来确保安全必须做的 procedure file and record
throughout their supply chains based on their 工厂的管理机制不完善，监
程序被记录在案。 2.组织管理人员学习安全政策定期评估程序
business model. 外国制造商应根据其商业模式督不到位，相关管理人员意 Organize the management to study the regular
，在其整个供应链中建立一个确定风险的文件 No documented policy that requires all security procedure 识不够 factory management security policy evaluation procedure
化和可验证的过程。 should be documented.没有文件政策来要求所有安全程 policy not completely , 3.行政部每个月不定期对安全程序文档进行检查和
序的文档化策略记录在案。 Supervision is not in place, 监督。The administration department shall check and
Lack of awareness among supervise the safety procedure document irregularly
relevant management every month
personnel
2 Records & Documentation The facility has no documented procedure and/or Must Do 1.建立员工安全意识培训教材 Establish training Fitria
记录和文档 assessment reports to conduct periodic security checks to 必须做的 materials for employee security awareness
ensure that Personnel Security procedures are being
2.组织全体员工学习安全知识 Organize all
performed properly.工厂没有文件化的程序和/或评估报
工厂的管理机制不完善，监 employees to learn security knowledge
告来定期进行安全检查，以确保人员安全程序得到正确
督不到位，相关管理人员意 3.行政部内审员每个月对安全意识培训并做记录。
执行 Administration department should train and record
识不够 factory management safety consciousness every month
The facility did not conduct security assessment that include policy not completely ,
Supervision is not in place,
personnel security.工厂没有进行包括人员安全在内的安 Lack of awareness among
全评估。 relevant management
personnel
3 Records & Documentation The facility has no documented procedure and/or Must Do 1. 建立物理安全措施程序 Establish physical Fitria
记录和文档 assessment reports to conduct periodic security checks to 必须做的 security procedures
ensure that Physical Security procedures are being 2.组织管理人员学习物理安全措施程序 Organize
performed properly.工厂没有文件化的程序和/或评估报 the management to learn physical security
工厂的管理机制不完善，监 procedures
告来定期进行安全检查，以确保物理安全程序得到正确
督不到位，相关管理人员意 3.安排保安每天对围墙、门窗、照明灯及仓库检查
执行记录。 Arrange the security guard to check
识不够factory management
policy not completely , wall, door, window, lighting and warehouse
The facility did not conduct security assessment that include daily
physical security.工厂没有进行包括物理安全在内的安全 Lack of awareness among
评估 relevant management
personnel
4 Records & Documentation The facility has no documented procedure and/or Must Do 1.建立信息和技术安全Establish information and Fitria
记录和文档 assessment reports to conduct periodic security checks to 必须做的 technology security
ensure that Information Access Controls procedures are
2.组织网络管理员学习信息和技术安全Organize
being performed properly.工厂没有文件化的程序和/或评 network administrators to learn information and
估报告来进行定期安全检查，以确保正确执行信息访问工厂的管理机制不完善，监 technical security
控制程序。督不到位，相关管理人员意 3..网络管理员每个月定时对信息安全保护做记
识不够factory management 录.The network administrator records the information
The facility did not conduct security assessment that include policy not completely , security protection regularly every month.
information access controls.工厂没有进行包括信息访问控 Supervision is not in place, 4.内审员每个月不定时对网络信息访客进行监督检
制在内的安全评估。 Lack of awareness among
relevant management 查。Internal auditors supervise and inspect network
personnel information visitors from time to time every month
5 Records & Documentation The facility has no documented procedure and/or Must Do 1.建立装运作业控制程序Establish the shipping Fitria
记录和文档 assessment reports to conduct periodic security checks to 必须做的 operation control procedures
ensure that Shipment Information Controls procedures are
2.组织管理人员学习装运作业控制程序Organize the
being performed properly.工厂没有文件化的程序和/或评
工厂的管理机制不完善，监 managementto learn the shipping operation
估报告来定期进行安全检查，以确保正确执行装运信息 procedure
督不到位，相关管理人员意
控制程序。
shipment information controls.该工厂没有进行包括装运 Lack of awareness among
信息控制在内的安全评估。 relevant management
personnel
6 Records & Documentation The facility has no documented procedure and/or Must Do 1.建立仓库管理程序Establish warehouse Fitria
记录和文档 assessment reports to conduct periodic security checks to 必须做的 management procedures
ensure that Storage & Distribution procedures are being
2.组织仓库管理人员学习仓库管理程序Organize
performed properly.工厂没有文件化的程序和/或评估报
工厂的管理机制不完善，监 warehouse keeper to learn warehouse management
告来定期进行安全检查，以确保正确执行存储和分发程 procedures
序。
storage & distribution.工厂没有进行包括存储和分发在内 Lack of awareness among
的安全评估。 relevant management
personnel
7 Records & Documentation The facility has no documented procedure and/or Must Do 工厂为新建工厂，对于有关 1. 建立承包商控制程序 Establish contractor Fitria
记录和文档 assessment reports to conduct periodic security checks to 必须做的 control procedures
ensure that Contractor Controls procedures are being 性的文件化及程序流程还未 2.组织采购学习承包商控制程序。Organize buyer
performed properly.工厂没有文件化的程序和/或评估报建立 The documentation and to study contractor control procedures
procedures have not been
告来定期进行安全检查，以确保承包商的控制程序得到 established for the new factory
正确执行。
The facility did not conduct security assessment that include

contractors controls.工厂没有进行包括承包商控制在内的
安全评估。
8 Records & Documentation The facility has no documented procedure and/or Must Do 工厂为新建工厂，对于有关 1.制定运输安全管制程序 Make transportation safety Fitria
记录和文档 assessment reports to conduct periodic security checks to 必须做的
ensure that Export Logistics procedures are being 性的文件化及程序流程还未 control procedures
performed properly.工厂没有文件化的程序和/或评估报建立 The documentation and 2.组织管理人员学习制定运输安全管制程序
procedures have not been Organize managers to learn transportation safety
告来定期进行安全检查，以确保出口物流程序得到正确 established for the new factory control procedures
执行。
The facility did not conduct security assessment that include

export logistics.工厂没有进行包括出口物流在内的安全评
估。
9 Records & Documentation Foreign manufacturers shall have a documented The facility did not appointed person that responsible for Must Do 工厂为新建工厂，对于有关 1.指定负责安全审核和评估人员Designate personnel Fitria
记录和文档 and verifiable process for determining risk security audit.工厂没有指定负责安全审计的人员必须做的
throughout their supply chains based on their 性的文件化及程序流程还未 responsible for safety audit and evaluation
business model.外国制造商应根据其商业模式， The facility did not appoint person in charge that 建立 The documentation and 2.对安全审核和评估人员进行培训Train safety
procedures have not been auditor and evaluator
在其整个供应链中建立一个确定风险的文件化 responsible for security audit or evaluation.工厂没有指定 established for the new factory
和可验证的过程。负责安全审核或评估的人员。
10 Records & Documentation At a minimum, on a yearly basis, or as The facility has not conducted a site security assessment.该 Must Do 1.建立现场安全评估。Establish site safety Fitria
记录和文档 circumstances dictate such as during periods of 必须做的 assessment
heightened alert, security breach or incident, 设施尚未进行现场安全评估。
foreign manufacturers must conduct a 2.组织管理人员学习C-TPAT安全控制程序Organize
comprehensive assessment of their international The facility did not conduct security assessment.该工厂没工厂的管理机制不完善，监 managers to learn the C-TPAT security control
supply chains based upon the following C-TPAT procedures
有进行安全评估督不到位，相关管理人员意
security criteria.外国制造商必须根据C-TPAT的安识不够 factory management
全标准，对其国际供应链进行全面评估，至少 policy not completely ,
每年一次，或视情况而定，例如在高度警戒、 Supervision is not in place,
Lack of awareness among
安全漏洞或事件期间。 relevant management
personnel
11 Records & Documentation Measures must be in place to ensure the integrity The facility has no documented security improvement Must Do 1.建立货物运输（服务商）选择和评估程Establish Fitria
记录和文档 and security of processes relevant to the action plan summarizing identified vulnerabilities and their 必须做的 shipping forward selection and evaluation process
transportation, handling, and storage of cargo in relevant corrective actions该工厂没有文件化的安全改进工厂的管理机制不完善，监 2.组织船务学习货物运输（服务商）选择和评估程
the supply chain.必须采取措施，确保供应链中行动计划，该计划总结已识别的漏洞及其相关纠正措施督不到位，相关管理人员意 Organize shipping operator to learn about shipping
与货物运输、处理和存储相关的流程的完整性 forward selection and evaluation
No documented security improvement plan that 识不够factory management
和安全性。 policy not completely ,
summarizes or identifies vulnerabilities and responsive
corrective actions was established.没有编制文件化的安全 Lack of awareness among
改进计划来总结或识别漏洞并采取相应的纠正措施。 relevant management
personnel
12 Records & Documentation A security assessment of the facility site should be Must Do 1.对设施现场进行安全评估 Evaluate site safety Fitria
记录和文档 conducted to identify weaknesses at least every 12 months 必须做的 facilities
and weaknesses identified, recorded in a log, and corrected
2.组织保安学习设施管理程序Organize security
in a timely manner.工厂的安全评估应至少每12个月进行
工厂的管理机制不完善，监 guard to learn facility management procedures
一次，以确定薄弱环节，并将其记录在日志中，并及时
纠正。
识不够 factory management
The facility did not conduct security assessment of the policy not completely ,
facility site to identify weaknesses.设施没有对设施现场进 Lack of awareness among
行安全评估以确定弱点。 relevant management
personnel
13 Personnel Security A process must be in place to screen prospective Security guidelines for hiring are not evaluated periodically Must Do 1.安全准则增加筛选员工每六个月评估一次Safety Fitria
(Personnel Screening)人员 employees and to periodically check current to ensure their effectiveness. 必须做的工厂的管理机制不完善，监 guidelines increase employees evaluation every six
保安(人员筛选) employees 必须有一个过程来筛选未来的员工督不到位，相关管理人员意 months
Security guidelines was not evaluated every six (6) months.
，并定期检查当前的员工识不够 factory management 2.组织管理人员对面试和筛选程序进行培训
雇佣安全准则不定期进行评估，以确保其有效性。 Organize management training on interview and
policy not completely ,
安全指南没有每六(6)个月评估一次。 Supervision is not in place, selecting empolyee procedures
Lack of awareness among
relevant management
personnel
14 Personnel Security Employees must be made aware of the New employee orientation does not include recognizing Should Do 应 1.组织新员工学习员工安全政策程序Organize new Fitria
(Education/Training/Aware procedures the company has in place to address a internal conspiracies. employees to learn employee safety policies and
situation and how to report it / Additional training 该做的
ness)人员安全(教育/培训 procedures
should be provided to employees in the shipping Training did not include recognizing internal conspiracy. 新
/意识) and receiving areas, as well as those receiving and 2.建立微信群学习并宣导。Set up WeChat group to
opening mail / Specific training should be offered 员工入职培训不包括承认内部阴谋。 learn and advocate
to assist employees in maintaining cargo integrity, 培训不包括承认内部阴谋。
recognizing internal conspiracies, and protecting 工厂的管理机制不完善，监
access controls.员工必须意识到程序公司来解决督不到位，相关管理人员意
情况以及如何报告/应提供额外的培训员工在运识不够 factory management
policy not completely ,
输和接收地区,以及接收和打开邮件/应该提供 Supervision is not in place,
具体培训帮助员工保持货物的完整性,识别内部 Lack of awareness among
阴谋,和保护访问控制。 relevant management
personnel
15 Personnel Security Written procedures must stipulate how seals are New employee orientation does not include maintaining Should Do 应 1.工厂为新建工厂，对于相 1.建立确保交易货物信息完整性程序Establish Fitria
(Education/Training/Aware controlled and affixed to loaded containers, cargo integrity. information integrity procedures for trading goods
including recognizing and reporting compromised 该做的关制度还未及时健全 The
ness)人员安全(教育/培训 new factory has not timely 2.组织管理人员学习确保交易货物信息完整性程序
seals and/or containers to local Customs Training did not include maintaining cargo integrity.新员工
/意识) authorities / Employees must be made aware of improved the relevant system Organize managers to learn procedures to ensure
the procedures the company has in place to 培训不包括维护货物的完整性。 information integrity of traded goods
address a situation and how to report it / 培训不包括维护货物的完整性。应提供协助雇员维持货
Additional training should be provided to 物完整、识破内部阴谋，以及保护通道管制/特别训练，
employees in the shipping and receiving areas, as
well as those receiving and opening mail / Specific 以协助雇员维持货物完整、识破内部阴谋及保护通道管
training should be offered to assist employees in 制。
maintaining cargo integrity, recognizing internal
conspiracies, and protecting access controls /
Specific training should be offered to assist
employees in maintaining cargo integrity,
recognizing internal conspiracies, and protecting
access controls.书面程序必须规定封柜是如何控
制和贴在加载容器,包括认识和报告妥协封柜和
/或容器向当地海关部门/员工必须意识到程序
公司来解决情况以及如何报告/应提供额外的培
训员工在运输和接收地区,以及那些接收和打开
邮件/特定的培训应该帮助员工维护货物的完整
性，识别内部阴谋，和保护访问控制/特定的培
训应该帮助员工维护货物的完整性，识别内部
阴谋，和保护访问控制。
16 Personnel Security Written procedures must stipulate how seals are New employee orientation does not include reporting Informative 教 1. 建立设施管理程序 Establish facility Fitria
(Education/Training/Aware controlled and affixed to loaded containers, compromised security infrastructure (broken locks, management procedures
including recognizing and reporting compromised windows, computer viruses, etc.) 育性的 2. 组织学习设施管理程序 Organize learning
ness)人员安全(教育/培训
seals and/or containers to local Customs facility management procedures
/意识) authorities / IT security policies, procedures and Training did not include reporting compromised security 3.安排保安每天对设施的检查及监督维护Arrange
standards must be in place and provided to infrastructure.新员工入职培训不包括报告安全基础设施 daily inspection and maintenance by security
employees in the form of training / Employees guard.
must be made aware of the procedures the 受损(锁坏了、窗户坏了、电脑病毒等)。
company has in place to address a situation and 培训不包括报告受损的安全基础设施。
how to report it / Additional training should be
provided to employees in the shipping and
receiving areas, as well as those receiving and
opening mail Specific training should be offered to
assist employees in maintaining cargo integrity,
recognizing internal conspiracies, and protecting
access controls / Specific training should be
offered to assist employees in maintaining cargo
integrity, recognizing internal conspiracies, and
protecting access controls / Specific training
should be offered to assist employees in
maintaining cargo integrity, recognizing internal
conspiracies, and protecting access controls .书面
程序必须规定如何控制和在已装载的集装箱上
加盖印章，包括识别和向当地海关当局/ IT安全
政策报告受损的印章和/或集装箱，规程和标准
必须到位的形式提供给员工培训/员工必须意识
到程序公司来解决情况以及如何报告/应提供额
外的培训员工在运输和接收地区,以及接收和打
开邮件应该提供具体培训帮助员工保持货物的
完整性,识别内部阴谋,应提供保护通道控制/特
定培训，以协助雇员维持货物的完整性，识别
内部阴谋;及提供保护通道控制/特定培训，以
协助雇员维持货物的完整性，识别内部阴谋，
17 Personnel Security 及保护通道控制。
Employees must be made aware of the New employee orientation does not include recognizing and Should Do 应 Fitria
(Education/Training/Aware procedures the company has in place to address a detecting dangerous substances and devices.
该做的
ness)人员安全(教育/培训 situation and how to report it / Additional training
should be provided to employees in the shipping Training did not include recognizing and detecting
/意识) and receiving areas, as well as those receiving and dangerous substances and devices.新员工入职培训不包括
opening mail / Specific training should be offered
to assist employees in maintaining cargo integrity, 识别和检测危险物质和设备。
recognizing internal conspiracies, and protecting 培训不包括识别和检测危险物质和装置。
access controls..员工必须意识到程序公司来解
决情况以及如何报告/应提供额外的培训员工在
运输和接收地区,以及接收和打开邮件/应该提
供具体培训帮助员工保持货物的完整性,识别内
部阴谋,和保护访问控制. .
18 Personnel Security A threat awareness program should be established The facility does not have a security awareness program Should Do 应 1.工厂为新建工厂，对于相 1.组织管理人员学习恐怖主义走私和盗窃威胁意识
(Education/Training/Aware and maintained by security personnel to recognize covering awareness of current terrorist threat(s), smuggling
and foster awareness of the threat posed by trends, and seizures in place to ensure employees 该做的关制度还未及时健全The 程序 Organization managers to learn terrorist
ness)人员安全(教育/培训 factory is a newly built factory, smuggling and theft threat awareness procedures
/意识) terrorists at each point in the supply chain安全人 understand the threat posed by terrorist at each point of and relevant systems have not 2.内审员每月不定时的对安全意识进行培训以及宣
the supply chain.
员应建立和维持一个威胁意识项目，以认识和 been timely improved
导Internal auditors carry out training and promotion
提高对供应链各环节恐怖分子构成的威胁的认 Training did not include written security awareness program of safety awareness from time to time every month
识 covering awareness of current terrorist threat(s), smuggling
trends, and seizures in place to ensure employees
understand the threat posed by terrorist at each point of
the supply chain.该设施没有安全意识计划，不包括对当
前恐怖主义威胁、走私趋势和缉获情况的了解，以确保
员工了解供应链每个环节的恐怖主义构成的威胁。
培训不包括书面安全意识计划，内容包括对当前恐怖主
义威胁、走私趋势和缉获情况的了解，以确保员工了解
供应链每个环节的恐怖主义构成的威胁。
19 Personnel Security A threat awareness program should be established The facility does not have a process in place requiring all Should Do 应 1.组织所有员工学习认识和提高对供应链各环节恐 Fitria
(Education/Training/Aware and maintained by security personnel to recognize personnel to participate in the security awareness program.
and foster awareness of the threat posed by 该做的怖分子构成的威胁的认识。Organize all employees
ness)人员安全(教育/培训该设施没有要求所有人员参与安全意识计划的程序。 to learn and raise awareness of the threat posed by
/意识) terrorists at each point in the supply chain.安全人 terrorists in all parts of the supply chain
员应建立和维持一个威胁意识项目，以认识和
提高对供应链各环节恐怖分子构成的威胁的认
识。
20 Personnel Security Security program and threat awareness training Must Do Fitria
(Education/Training/Aware participation are not documented and recorded in the 必须做的
ness)人员安全(教育/培训 employee and security guard personnel record.安全程序和
/意识) 威胁意识培训的参与不记录在员工和保安人员的记录中
。
21 Personnel Security A threat awareness program should be established Periodic updated training covering security awareness is not Should Do 应 1.组织管理人员学习供应链危机意识程序Organize Fitria
(Education/Training/Aware and maintained by security personnel to recognize required. 工厂的管理机制不完善，监 managers to learn the supply chain crisis awareness
and foster awareness of the threat posed by 该做的
ness)人员安全(教育/培训督不到位，相关管理人员意 process
/意识) terrorists at each point in the supply chain.安全人 Training was not required at least twelve months.不需要定
员应建立和维持一个威胁意识项目，以认识和期更新安全意识方面的培训。 policy not completely ,
提高对供应链各环节恐怖分子构成的威胁的认不需要至少12个月的培训。 Supervision is not in place,
识。 Lack of awareness among
relevant management
personnel
22 Personnel Security These programs should offer incentives for active The facility does not give incentive to personnel to report Should Do 应 1.工厂为新建工厂，对于相 1.建立奖励程序Establish a reward program Fitria
(Education/Training/Aware employee participation.这些计划应该为员工的 irregularities, suspicious activity and/or security violations.
该做的关制度还未及时健全 The 2.组织管理人员学习建立程序Organize managers to
ness)人员安全(教育/培训积极参与提供激励。 newly built factory, and learn to establish procedures
Personnel did not encourage to report irregularities with
/意识) relevant systems have not
incentives.该工厂不鼓励工作人员报告违规行为、可疑活 been timely improved
动和/或违反安全的行为。
工作人员不鼓励用奖励办法举报违规行为。
23 Physical Security (Plant The facility does not have Access Control Program that Must D0 必 1.工厂为新建工厂，对于相 1建立钥匙控制的管理程序Establish management Fitria
Security)物理保安(工厂保 includes an inventory process to account for all keys/access procedures for key control
cards. 须做的关制度还未及时健全 The
安) newly built factory, and 2.组织宿管学习钥匙控制的管理程序Organize the
The facility did not have inventory process for all keys. relevant systems have not dormitory administrator to learn the management
been timely improved procedure of key control
该工厂没有访问控制程序，其中包括一个库存过程，以
3.对全厂钥匙进行盘点登记钥匙明细表Check and
说明所有的钥匙/访问卡。 register the key list of the whole factory
工厂没有对所有钥匙进行盘点。 4.宿管人员对全厂钥匙收发、更换做登记记录
Dormitory administrator keeps records of key sending,
receiving and changing
24 物理保安(工厂保安) Alarm systems and video surveillance cameras The facility does not have an intrusion detection or an alarm Should Do 应在工厂建立安装CCTV 时未考 1.对敏感区域加装警报系统及监控Install alarm Lim Thw Nan
should be utilized to monitor premises and system. system and monitoring in sensitive areas
prevent unauthorized access to cargo 该做的虑到相关储存容量The
relevant storage capacity is not 2.对敏感区域建立严格的准入制度。Establish strict
handling/storage areas.应使用警报系统和录象机 The facility did not have an intrusion alarm. 该工厂没有 taken into considerstion when access rules for sensitive areas.
来监测房舍，防止未经许可进入货物装卸/储存入侵检测或报警系统。 setting up and installing CCTV 2.组织货物装卸、储存区负责人学习装卸区安全控
区。该工厂没有入侵警报。 in the factory
制程序Organize the person in charge of loading,
unloading and storage area to learn the safety control
procedures
3.网络管理员每月对红外报警系统进行检查并监管
。The network administrator checks and supervises
the infrared alarm system every month
25 Physical Security Cargo handling and storage facilities in The facility has adjoining/overhanging structures or foliage
Must D0 必在工厂建立安装CCTV 时未考 1.对部分区域加装闭路电视。Install CCTV in some Lim Thw Nan
(Perimeter Security)物理保 international locations must have physical barriers which would potentially facilitate illicit entry over the
须做的虑到相关储存容量The areas
and deterrents that guard against unauthorized fenced areas into the facility.
安(周界保安) relevant storage capacity is not 2.安排保安对全厂进行巡查Arrange security guard to
access.在国际地点的货物装卸和储存设施必须 taken into considerstion when inspect the whole factory
All parameter did not provide with barb wire and some area
有物理屏障和威慑物，防止未经授权的进入。 setting up and installing CCTV 3.组织保安学习物理安全措施程序Organize security
did not provide with CCTV.该工厂有毗邻/悬壁的结构或植 in the factory guard to learn physical security procedure
物，这些结构或植物可能便利非法进入围区进入该工厂
4.保安队长保每天对巡逻登记进行监督检查。The
。 security chief ensures monitoring of patrol
所有参数均未提供倒钩线/行李索，部分区域未提供闭路 registrations daily
电视。
26 Physical Security (Security A threat awareness program should be established The security guards do not receive specific security training Should Do 应 1.组织保安学习恐怖主义走私和盗窃威胁意识程序 Fitria
Force)物理保安(保安部队) and maintained by security personnel to recognize in threat awareness 该做的。Organize security guards to learn terrorist
and foster awareness of the threat posed by
terrorists at each point in the supply chain / Training did not include current terrorism threat awareness. smuggling and theft threat awareness procedures
Specific training should be offered to assist 保安人员没有接受有关威胁意识的特别保安训练 2.保安队长不定时对保安人员进行培训及训练。
employees in maintaining cargo integrity, The security chief trains security guard from time to
recognizing internal conspiracies, and protecting 培训不包括当前的恐怖主义威胁意识。 time
access controls 安全人员应建立和维持一个威胁
意识项目，以认识和提高对供应链各环节恐怖
分子构成的威胁的认识/应提供具体培训，以协
助员工维护货物完整性、认识到内部阴谋和保
护出入控制
27 Physical Security (Security A threat awareness program should be established The security guards do not receive specific security training Should Do 应 1.工厂为新建工厂，对于相 1.组织保安学习供应链危机意识程序Organize Fitria
Force)物理保安(保安部队) and maintained by security personnel to recognize in recognizing internal conspiracy. 该做的关制度还未及时健全 The security guard to learn supply chain crisis awareness
and foster awareness of the threat posed by procedures
terrorists at each point in the supply chain / newly built factory, and
Training did not include internal conspiracy. 保安人员没 relevant systems have not
Specific training should be offered to assist
employees in maintaining cargo integrity, 有接受识别内部阴谋的具体保安培训。 been timely improved
recognizing internal conspiracies, and protecting 培训不包括内部阴谋。
access controls.安全人员应建立和维持一个威胁
意识项目，以认识和提高对供应链各环节恐怖
分子构成的威胁的认识/应提供具体培训，以协
助员工维护货物完整性、认识到内部阴谋和保
护出入控制。
28 Physical Security (Security Customs and/or other appropriate law The facility does not have proper communication Must D0 必 1.工厂为新建工厂，对于相 1.与当地执法机构建立适当的沟通机制并取得当地 Fitria
Force)物理保安(保安部队) enforcement agencies must be notified if illegal or mechanism to local law enforcement authorities.
须做的关制度还未及时健全 The 执法部门的联系。Establish appropriate
suspicious activities are detected, as appropriate.
The facility did not have direct communication to local law newly built factory, and communication mechanism with local law
如发现非法或可疑活动，必须通知海关和/或其 relevant systems have not enforcement agencies and get in touch with local law
他适当的执法机构。 enforcement.该设施没有与当地执法机构建立适当的沟通 been timely improved enforcement authorities
机制。 2.组织管理人员学习可疑情况（人物）报告程序
该设施没有与当地执法部门直接联系。 Organize managers to learn suspicious situation
(person) reporting procedures
29 Physical Security (Access Alarm systems and video surveillance cameras Recordings (e.g., tapes or electronic files) are not kept for a Should Do 应 Andrianto
Controls)物理安全(访问控 should be utilized to monitor premises and minimum of 30 days or according to client specific
该做的
prevent unauthorized access to cargo handling requirement, whichever is longer.
制) 1.安排增加监控硬盘容量，并调整监控保留30天。
and storage areas.应使用警报系统和录像监视摄 Arrange to increase the capacity of monitoring hard
影机来监测房舍，防止未经许可进入货物装卸 CCTV only could record 25 days.录音(如磁带或电子文件) disk, and adjust the monitoring retention for 30 days
和储存区。不应保存至少30天或根据客户的具体要求，以较长者为 2.每半月网管必须检查监控是否保留30
准。天。Network administrators must check whether the
视频录像只能记录25天。 monitoring is retained for 30 days every half month
3.内审员对网管检查结果进行监管。Internal
auditors supervise the network management
inspection results
30 Physical Security (Access CCTVs are not monitored constantly on all shifts.录像并不 Should Do 应在工厂建立安装CCTV 时未考 1.安排网管对监控进行检查Arrange network Andrianto
Controls)物理安全(访问控是在所有班次都持续监控。该做的虑到相关储存容量The management to check the monitoring
制) relevant storage capacity is not 2.网络管理员每月对CCTV视频监控系统检查表
taken into consideration when Network administrator checks CCTV video monitoring
setting up and installing CCTV system every month
in the factory
31 Physical Security (Access Alarm systems and video surveillance cameras The facility does not use Closed Circuit Television (CCTV) or Should Do 应在工厂建立安装CCTV 时未考 1.对货物装卸和储存区域加装警报系统及监控Install Andrianto
Controls)物理安全(访问控 should be utilized to monitor premises and another surveillance method to monitor activity in all
该做的虑到相关储存容量The alarm system and monitor in cargo handling and
prevent unauthorized access to cargo handling sensitive areas within the facility. storage area
制) relevant storage capacity is not
and storage areas.应使用警报系统和录像监视摄 taken into consideration when 2.对敏感区域建立严格的准入制度。Establish strict
CCTV did not include main office and computer server
影机来监测房舍，防止未经许可进入货物装卸 setting up and installing CCTV access rules for sensitive areas
room.该设施不使用闭路电视(CCTV)或其他监视方法来监 in the factory
和储存区。 2.组织货物装卸、储存区负责人学习装卸区安全控
视设施内所有敏感区域的活动。
制程序Organize the person in charge of loading,
CCTV不包括主办公室和计算机服务器室。 unloading and storage area to learn the safety control
procedures
3.网络管理员每月对红外报警系统进行检查并监管
。The network administrator checks and supervises
the infrared alarm system every month
32 Physical Security (Visitor Container integrity must be maintained to protect There is no positive identification process for recording all Must Do必须做 1.工厂为新建工厂，对于相 1.建立员工身份证鉴别管理制度、外来施工人员管 Siti Komariyah
Controls)物理保安(访客控 against the introduction of unauthorized vendors and repair personnel and facility does not have a
material/person(s) / Access controls must include written procedure to challenge, identify, and remove 的关制度还未及时健全 The 理制度Establish management system for identification
制) the positive identification of all employees, unauthorized/unidentified persons. newly built factory, and of employees' id CARDS and management system for
visitors, and vendors at all entry points / Visitors relevant systems have not external construction workers
must present photo ID for documentation No positive identification process for recording all vendors been timely improved 2.组织管理人员学习员工身份证鉴别管理制度、外
purposes upon arrival / All visitors should be and repair personnel and facility have a written procedure 来施工人员管理制度Organize the management
escorted and visibly display temporary ID / For to challenge, identify, and remove personnel to learn the management system of staff
deliveries, proper vendor ID and/or photo ID must unauthorized/unidentified persons. 没有对所有供应 identity card identification and the management
be presented documentation purposes upon system of external construction workers
商进行记录的积极识别程序，维修人员和设施也没有书
arrival by all vendors.集装箱完整性必须维护,以 3.行政经理每天对进出人员访客登记进行监督检查
面程序来质疑、识别和清除未经授权/身份不明的人员。
防止未经授权的材料/人的介绍(s) /访问控制必。he administrative manager supervises and inspects
所有供应商和维修人员及设施都没有书面程序来质疑、
须包括所有员工的积极的识别、访客和供应商 the registration of visitors
识别和清除未经授权/身份不明的人员。
入口点/访客必须出示照片的身份证为文档目的
到达/所有游客都应该护送和明显显示临时ID /
交付,适当的供应商ID和/或照片的身份证必须由
所有供应商提交文档的目的到达。
33 Physical Security Measures must be in place to ensure the integrity For conveyance entries/exits, records are not maintained for Must Do必须做 1.工厂为新建工厂，对于相 1.对运输工具入口/出口的舱单进行记录及保留 Dwi Meilana
(Entering/Exiting and security of processes relevant to the manifest check. Record and maintain the receipt at the entry/exit of
transportation, handling, and storage of cargo in 的关制度还未及时健全 The
Deliveries)物理保安(进出 newly built factory, and the means of transport
派递) the supply chain.必须采取措施，确保供应链中 Log did not include manifest check.运输工具入口/出口的 relevant systems have not 2.组织船务学习运输安全管制程序.Organize the
与货物运输、处理和存储相关的流程的完整性舱单检查不保留记录。 been timely improved shipping operator to learn the transportation safety
和安全性。日志没有包含清单检查。 control procedures
34 Physical Security Measures must be in place to ensure the integrity For conveyance entries/exits, logs are not maintained with Must Do必须做 1.工厂为新建工厂，对于相 1.对运输工具入口/出口的舱单保存集装箱号.Keep Dwi Meilana
(Entering/Exiting and security of processes relevant to the container number. the container number on the receipt at the entry/exit
transportation, handling, and storage of cargo in 的关制度还未及时健全 The
Deliveries)物理保安(进出 newly built factory, and of the means of transport
派递) the supply chain.必须采取措施，确保供应链中 Log did not include container check.对于运输入口/出口， relevant systems have not 2.组织船务学习封条的安全管理及使用规定
与货物运输、处理和存储相关的流程的完整性日志没有保存集装箱号。 been timely improved Organize shipping operator to learn the safe
和安全性。日志不包括容器检查。 management and usage of seals
35 Physical Security Measures must be in place to ensure the integrity For conveyance entries/exits, logs are not maintained with Must Do必须做 1.工厂为新建工厂，对于相 1.对运输工具入口/出口的密封号做好完整性和安全 Dwi Meilana
(Entering/Exiting and security of processes relevant to the seal number.
transportation, handling, and storage of cargo in 的关制度还未及时健全 The 性。Ensure the integrity and safety of the seal
Deliveries)物理保安(进出 newly built factory, and number at the entrance/exit of the vehicle
派递) the supply chain.必须采取适当的措施，以确保 Log did not include seal number.对于运输入口/出口，日 relevant systems have not 2.组织出货人员对封条使用和遗失控制处理程序
供应链中与货物运输、处理和存储相关的流程志没有密封号。 been timely improved Organize shipping operator to control the use and loss
的完整性和安全性。日志中没有包括密封号。 of seals3.船务天对货车10点检查表登记进行监督检
查Supervise and inspect the inspection list of goods
vehicles on shipping day
36 Physical Security Container integrity must be maintained to protect Seal numbers are not recorded on outgoing shipment. Must Do必须做 1.工厂为新建工厂，对于相 1.对集装箱记录做好印鉴好以及封箱号码。Record Dwi Meilana
(Entering/Exiting against the introduction of unauthorized container number and seal number
material/person(s) / Written procedures must 的关制度还未及时健全 The
Deliveries)物理保安(进出 Seal numbers are not recorded.发货时没记录印鉴号。 newly built factory, and 2.组织管理人员学习船务封条管理及封条破损处理
stipulate how seals are controlled and affixed to
派递) loaded containers, including recognizing and 封箱号码没有记录。 relevant systems have not 程序Organize management personnel to learn
reporting compromised seals and/or containers to been timely improved shipping seal management and seal damage handling
local Customs authorities / Measures must be in procedures
place to ensure the integrity and security of 3.船务天对货车10点检查表登记进行监督检查
processes relevant to the transportation, handling, Supervise and inspect the inspection list of goods
and storage of cargo in the supply chain.容器/集 vehicles on shipping day
装箱完整性必须维护,以防止未经授权的材料/
人的介绍(s) /书面程序必须规定封箱是如何控制
和贴在加载容器,包括认识和报告妥协封箱和/
或集装箱当地海关/措施必须到位,确保流程的
完整性和安全相关的运输、处理和存储的货物
在供应链。
37 Physical Security Procedures must be in place for reporting and There is no documented procedure for handling broken seal Must Do必须做工厂为新建工厂，对于有关 1.建立封条管理及封条破损处理程序Establish seal Dwi Meilana
(Entering/Exiting neutralizing unauthorized entry into containers or case. management and seal breakage procedures
container storage areas / Customs and/or other 的性的文件化及程序流程还未
Deliveries)物理保安(进出 2.组织船务学习封条管理及封条破损处理程序
appropriate law enforcement agencies must be The facility did not have documented procedure to handle 建立
派递) notified if illegal or suspicious activities are the broken seal. The factory is a new factory, Organize the shipping operator to study and seal
detected, as appropriate / Customs and/or other and the documentation and management and damage handling procedures
没有处理破损封条的文件化程序，工厂没有文件化的程
appropriate law enforcement agencies must be procedures for the related 3.船务每天对封条使用记录进行监督检查。The
notified if illegal or suspicious activities are 序来处理破损的封条 activities have not been shipping operator supervises and inspects seals daily
detected, as appropriate程序必须在报告和中和 established
未经授权进入容器或容器存储区域/海关和/或
其他适当的执法机关必须通知如果检测到非法
或可疑活动,适当的/海关和/或其他适当的执法
机关必须通知如果检测到非法或可疑活动,是合
适的
38 Physical Security Customs and/or other appropriate law Broken seals are not reported to management. Must Do必须做工厂为新建工厂，对于有关 1.建立封条管理及封条破损处理程序Establish seal Dwi Meilana
(Entering/Exiting enforcement agencies must be notified if illegal or management and seal breakage procedures
suspicious activities are detected, as appropriate The facility did not have documented procedure to handle 的性的文件化及程序流程还未
如发现非法或可疑活动，必须通知海关和/或其 the broken seal.损坏的封条没有报告给管理层。建立
派递) The factory is a new factory, Organize shipping operator to study seal management
他适当的执法机构工厂没有文件化的程序来处理破损的密封。 and the documentation and and damage handling procedures
procedures for the related 3.船务每天对封条使用记录进行监督检查。The
activities have not been shipping operator supervises and inspects seals daily
established
39 Physical Security Written procedures must stipulate how seals are When broken seals or cargo hold locks are discovered, there Must Do必须做工厂为新建工厂，对于有关 1.建立封条管理及封条破损处理程序Establish seal Dwi Meilana
(Entering/Exiting controlled and affixed to loaded containers, is no examination of the container's/trailer's contents. management and seal breakage procedures
including recognizing and reporting compromised 的性的文件化及程序流程还未
seals and/or containers to local Customs No documented procedure and actual reported broken seal 建立
派递) authorities / All shortages, overages, and other case(if any), when broken seals (including cargo hold locks) The factory is a new factory, Organize shipping operator to study seal management
significant discrepancies or anomalies must be are discovered, is there an examination of the and the documentation and and damage handling procedures
resolved and/or investigated appropriately书面程 container's/trailer's contents (applicable to trucks and procedures for the related 3.船务每天对封条使用记录进行监督检查。The
closed vans).当发现损坏的封条或货舱锁时，没有检查集 activities have not been shipping operator supervises and inspects seals daily
序必须规定如何控制和在已装载的集装箱上加 established
盖印章，包括识别受损的印章和/或集装箱并向装箱/拖车的内容物。
当地海关当局报告/所有短缺、超限和其他重大没有文件化的程序和实际报告的密封破损情况(如果有的
差异或异常情况必须得到解决和/或进行适当调话)，当发现密封破损(包括货舱锁)时，是否检查集装箱/
查拖车的内容(适用于卡车和封闭式货车)。
40 Physical Security Written procedures must stipulate how seals are Procedure is not established and/or documented requiring Must Do必须做 1.工厂为新建工厂，对于相 1.建立封条管理及封条破损处理程序Establish seal Dwi Meilana
(Entering/Exiting controlled and affixed to loaded containers, that damaged seals are immediately replaced on outgoing management and seal breakage procedures
including recognizing and reporting compromised 的关制度还未及时健全 The
Deliveries)物理保安(进出 containers/trailers (including trucks and closed vans).没有 newly built factory, and 2.组织船务学习封条管理及封条破损处理程序
seals and/or containers to local Customs
派递) 建立程序和/或文件要求立即更换出口集装箱/拖车(包括 relevant systems have not Organize shipping operator to study seal management
authorities.书面程序必须规定如何控制和在装 been timely improved and damage handling procedures
卡车和封闭式货车)上损坏的密封件。
载的集装箱上加盖印章，包括识别和向当地海 3.船务每天对封条使用记录进行监督检查。The
关报告受损的印章和/或集装箱。 shipping operator supervises and inspects seals daily
41 Physical Security Written procedures must stipulate how seals are Procedure is not established and/or documented requiring Must Do必须做 1.工厂为新建工厂，对于相 1.建立封条管理及封条破损处理程序Establish seal Dwi Meilana
(Entering/Exiting controlled and affixed to loaded containers, that new seal numbers are recorded in case of replacement management and seal breakage procedures
including recognizing and reporting compromised for outgoing containers/trailers (including trucks and closed 的关制度还未及时健全 The
Deliveries)物理保安(进出 newly built factory, and 2.组织船务学习封条管理及封条破损处理程序
seals and/or containers to local Customs vans).没有建立程序和/或文件要求在更换出口集装箱/拖
派递) relevant systems have not Organize shipping operator to study seal management
authorities.书面程序必须规定如何控制和在装车(包括卡车和封闭式货车)时记录新的密封号码。 been timely improved and damage handling procedures
载的集装箱上加盖印章，包括识别和向当地海 3.船务每天对封条使用记录进行监督检查。The
关报告受损的印章和/或集装箱。 shipping operator supervises and inspects seals daily
42 Physical Security Written procedures must stipulate how seals are There is no documented procedure to verify seal number Must Do必须做 1.工厂为新建工厂，对于相 1. 建立预约集装箱及货物追踪程序 Establish Dwi Meilana
(Entering/Exiting controlled and affixed to loaded containers, against facility documentation when the container/trailer is container booking and cargo tracking
的关制度还未及时健全 The
Deliveries)物理保安(进出 including recognizing and reporting compromised turned over to the next supply chain link (including trucks
newly built factory, and
procedures
seals and/or containers to local Customs and closed vans). 2.组织管理人员学习建立预约集装箱及货物追踪程
派递) relevant systems have not 序 Organize managers to learn how to set up
authorities 书面程序必须规定如何控制和在装 been timely improved
No documented procedure to verify seal number against container booking and cargo tracking
载的集装箱上加盖印章，包括识别和向当地海 facility documentation when the container/trailer is turned procedures
关报告受损的印章和/或集装箱 over to the next supply chain link (applicable to trucks and
closed vans).当集装箱/拖车被移交到下一个供应链环节
(包括卡车和封闭式货车)时，没有文件化的程序根据设
施文件验证密封号。
当集装箱/拖车被移交到下一个供应链环节(适用于卡车
和封闭式货车)时，没有文件化的程序根据设施文件验证
密封号。
43 Physical Security Written procedures must stipulate how seals are There is no documented procedure to verify whether the Must Do必须做 1.工厂为新建工厂，对于相 1. 建立预约集装箱及货物追踪程序 Establish Dwi Meilana
(Entering/Exiting controlled and affixed to loaded containers, seal is intact when the container/trailer is turned over the container booking and cargo tracking
including recognizing and reporting compromised next supply chain link (including trucks and closed vans). 的关制度还未及时健全 The procedures
Deliveries)物理保安(进出 newly built factory, and
seals and/or containers to local Customs 2.组织管理人员学习建立预约集装箱及货物追踪程
派递) No documented procedure to verify whether the seal is relevant systems have not 序 Organize managers to learn how to set up
authorities书面程序必须规定如何控制和在装载 been timely improved
intact when the container/trailer is turned over the next container booking and cargo tracking
的集装箱上加盖印章，包括识别和向当地海关 procedures
supply chain link (applicable to trucks and closed vans).当集
报告受损的印章和/或集装箱
装箱/拖车被移交到下一个供应链环节(包括卡车和封闭
式货车)时，没有文件化的程序来验证密封是否完好。
当集装箱/拖车被下一个供应链环节(适用于卡车和封闭
式货车)翻转时，没有文件化的程序来验证密封是否完好
。
44 Information Access Procedures must be in place to ensure that all The facility does not have documented procedures for Must Do必须做相关计算机使用工作人员安 1.建立电脑使用要求、电脑系統故障应急报警的程 Dwi Meilana
Controls (Information information used in clearing merchandise/cargo is identifying which employees are allowed access to 序 Establish procedures for computer usage
legible, complete, accurate, and protected against electronic information systems. 的全意识不够且it人员未及时培 requirements and computer system fault
Access Controls)信息访问
the exchange, loss or introduction of erroneous 训The safety awareness of emergency alarm
控制(信息访问控制) information. Documentation control must include No documented procedures for identifying which relevant computer users is not 2.组织管理人员学习电脑使用要求、电脑系統故障
safeguarding computer access and information必 employees are allowed access to: Electronic information enough and it staff is not 应急报警的程序Organize management personnel
systems was established.工厂没有文件化的程序来确定哪 trained in time to learn computer usage requirements,
须有适当的程序，以确保所有用于清算商品/货 computer system fault emergency alarm
物的信息清晰、完整、准确，并防止交换、丢些员工可以使用电子信息系统。 procedures
失或引入错误信息。文件控制必须包括保护计没有文件化的程序来确定哪些雇员可以进入:建立了电子 3. 网络管理员每月对电脑信息安全记录并管理
算机访问和信息信息系统。 Network administrator records and manages
monthly computer information security
45 Information Access Procedures must be in place to ensure that all The facility does not have documented procedures for Must Do必须做相关计算机使用工作人员安 1.建立计算机安全管理制Establish computer security Dwi Meilana
Controls (Information information used in clearing merchandise/cargo is identifying which employees are allowed access to facility management system
legible, complete, accurate, and protected against documents 的全意识不够且it人员未及时培
Access Controls)信息访问 2.组织管理人员学习计算机安全管理制Organize
the exchange, loss or introduction of erroneous 训The safety awareness of
控制(信息访问控制) information. Documentation control must include No documented procedures was established for identifying relevant computer users is not managers to learn computer security management
which employees are allowed access to: facility documents. enough and it staff is not system
safeguarding computer access and information必
工厂没有文件化的程序来确定哪些员工可以访 trained in time 3.网络管理员每月对电脑进行检查和维护。The
须有适当的程序，以确保所有用于清算商品/货 network administrator checks and maintains the
物的信息清晰、完整、准确，并防止交换、丢问工厂文件 computer monthly
失或引入错误信息。文件控制必须包括保护计没有建立文件化的程序来确定哪些员工可以访问:设施文
算机访问和信息件。
46 Information Access Procedures must be in place to ensure that all The facility does not have documented procedures for Must Do必须做工厂为新建工厂，对于有关 1.制定文件安保程序Develop document security Dwi Meilana
Controls (Information information used in clearing merchandise/cargo is identifying which employees are allowed access to shipping procedures
legible, complete, accurate, and protected against forms 的性的文件化及程序流程还未
Access Controls)信息访问 2.组织管理人员学习文件安保程序Organize
the exchange, loss or introduction of erroneous 建立The factory is a new
控制(信息访问控制) information. Documentation control must include No documented procedures was established for identifying factory, and the management to learn document security procedures
safeguarding computer access and information which employees are allowed access to: Shipping forms. documentation and
必须有适当的程序，以确保所有用于清算工厂没有文件化的程序来确定哪些员工可以访 procedures for the related
activities have not been
商品/货物的信息清晰、完整、准确，并防止交问装运表单 established
换、丢失或引入错误信息。文件控制必须包括没有建立文件化的程序来确定哪些员工可以访问:装运表
保护计算机访问和信息单。
47 Information Access Procedures must be in place to ensure that all The facility does not have documented procedures for Must Do必须做工厂为新建工厂，对于有关 1. 制定收货及出货保安程序 Develop receiving Dwi Meilana
Controls (Information information used in clearing merchandise/cargo is identifying which employees are allowed access to shipping and shipment security procedures
legible, complete, accurate, and protected against data 的性的文件化及程序流程还未 2.组织保安及管理人员学习收货及出货保安程序
the exchange, loss or introduction of erroneous 建立The factory is a new Organize the security guard to learn the
控制(信息访问控制) information. Documentation control must include No documented procedures for identifying which factory, and the receiving and shipping security procedures
safeguarding computer access and information employees are allowed access to: Shipping data. documentation and 3.网络管理员每个月对货运全程监控记录表 The
必须有适当的程序，以确保所有用于工厂没有文件化的程序来确定哪些员工可以访 procedures for the related network administrator monitors the whole
activities have not been freight process every month
清算商品/货物的信息清晰、完整、准确，并防问运输数据 established
止交换、丢失或引入错误信息。文件控制必须没有文件化的程序来确定哪些员工被允许访问:运输数据
包括保护计算机访问和信息。
48 Information Access Procedures must be in place to ensure that all The facility does not have documented procedures for Must Do必须做工厂为新建工厂，对于有关 1.制定货物过剩/短缺管理程序Develop procedures Dwi Meilana
Controls (Information information used in clearing merchandise/cargo is identifying which employees are allowed access to for excess/shortage management of goods.
legible, complete, accurate, and protected against shipping/cargo movement data 的性的文件化及程序流程还未
Access Controls)信息访问 2.组织管理人员学习货物过剩/短缺管理程序
控制(信息访问控制) information. Documentation control must include No documented procedures for identifying which factory, and the Organize managers to learn excess/shortage
safeguarding computer access and information employees are allowed access to: Shipping/cargo documentation and management procedures
必须有适当的程序，以确保所有用于清算商 movement.工厂没有文件化的程序来确定哪些员工可以 procedures for the related 3.安全管理员每个月对异常事件调查汇报表Security
activities have not been administrator monthly report of abnormal events
品/货物的信息清晰、完整、准确，并防止交换访问运输/货物移动数据 established investigation
、丢失或引入错误信息。文件控制必须包括保没有文件化的程序来确定哪些员工被允许进入:运输/货
护计算机访问和信息物移动。
49 Information Access Procedures must be in place to ensure that all The facility does not have documented procedures for Must Do必须做工厂为新建工厂，对于有关 Dwi Meilana
Controls (Information information used in clearing merchandise/cargo is identifying which employees are allowed access to high
legible, complete, accurate, and protected against security seals 的性的文件化及程序流程还未
控制(信息访问控制) information. Documentation control must include No documented procedures for identifying which factory, and the
safeguarding computer access and information必 employees are allowed access to: High security seals.工厂 documentation and
procedures for the related
须有适当的程序，以确保所有用于清算商品/货没有文件化的程序来确定哪些员工可以使用高安全封条 activities have not been
物的信息清晰、完整、准确，并防止交换、丢没有文件化的程序来确定哪些员工可以进入:高度安全印 established
失或引入错误信息。文件控制必须包括保护计章。
算机访问和信息
50 Information Access A system must be in place to identify the abuse of The facility does not have documented procedures to adjust Must Do必须做工厂为新建工厂，对于有关 1.制定电脑安全管理及使用规定Set up computer Andrianto
Controls (Information IT including improper access, tampering or the or rescind access to electronic information systems safety management and usage regulations
的性的文件化及程序流程还未
Access Controls)信息访问 altering of business data. All system violators must 2. 组织管理人员学习电脑安全管理及使用规定
be subject to appropriate disciplinary actions for No documented procedures to adjust or rescind such 建立The factory is a new Organize management personnel to study
控制(信息访问控制) factory, and the computer security management and usage
abuse. 必须建立一个系统来识别对IT的滥用， access.工厂没有文件化的程序来调整或取消对电子信息
documentation and regulations
包括不适当的访问、篡改或更改业务数据。所系统的访问 procedures for the related 3.网络管理会每月/季度不定期抽查各部门的电脑
有系统违反者必须受到适当的纪律处分。没有文件化的程序来调整或撤销这种访问。 activities have not been Network management will randomly check the
established computers of each department every
month/quarter
51 Information Access Procedures must be in place to ensure that all There is no system in place to suspend a login user ID after Must Do必须做工厂为新建工厂，对于有关 1.制定电脑安全管理及使用规定Set up computer Andrianto
Controls (Information information used in clearing merchandise/cargo is three failed access attempts safety management and usage regulations
legible, complete, accurate, and protected against 的性的文件化及程序流程还未 2. 组织管理人员学习电脑安全管理及使用规定
the exchange, loss or introduction of erroneous Login user ID was not suspended after three failed access 建立The factory is a new Organize management personnel to study
控制(信息访问控制) information. Documentation control must include factory, and the computer security management and usage
attempts.在三次访问尝试失败后，没有系统可以挂起登
safeguarding computer access and information必 documentation and regulations
录用户ID procedures for the related 3.网络管理会每月/季度不定期抽查各部门的电脑
须有适当的程序，以确保所有用于清算商品/货登录用户ID在三次访问失败后没有挂起。 activities have not been Network management will randomly check the
物的信息清晰、完整、准确，并防止交换、丢 established computers of each department every
失或引入错误信息。文件控制必须包括保护计 month/quarter
算机访问和信息
52 Information Access Procedures must be in place to ensure that all There is no system in place to review periodically and Must Do必须做工厂为新建工厂，对于有关 1.制定电脑安全管理及使用规定Set up computer Andrianto
Controls (Information information used in clearing merchandise/cargo is maintain daily security logs for invalid password attempts safety management and usage regulations
legible, complete, accurate, and protected against and file access 的性的文件化及程序流程还未 2. 组织管理人员学习电脑安全管理及使用规定
the exchange, loss or introduction of erroneous 建立The factory is a new Organize management personnel to study
控制(信息访问控制) information. Documentation control must include System administrator did not receives and reviews report of factory, and the computer security management and usage
safeguarding computer access and information / A invalid password attempts and file access.对于无效的密码 documentation and regulations
system must be in place to identify the abuse of IT, procedures for the related 3.网络管理员每月对电脑密码更改记录 Network
including improper access, tampering or the 尝试和文件访问，不存在定期检查和维护日常安全日志 activities have not been administrator records monthly changes of
altering of business data必须有适当的程序，以的系统 established computer passwords
确保所有用于清算商品/货物的信息清晰、完整系统管理员没有收到并检查无效密码尝试和文件访问的
、准确，并防止交换、丢失或引入错误信息。报告。
文件控制必须包括保护计算机访问和信息/必须
建立一个系统来识别滥用信息，包括不适当的
访问、篡改或更改业务数据
53 Information Access A system must be in place to identify the abuse of There are no documented procedures in place for Must Do必须做工厂为新建工厂，对于有关 1.制定电脑安全管理及使用规定Set up computer Andrianto
Controls (Information IT including improper access, tampering or the investigating violation and disciplining as appropriate IT safety management and usage regulations
altering of business data. All system violators must system violators 的性的文件化及程序流程还未
Access Controls)信息访问 2.组织管理人员学习电脑安全管理及使用规定
be subject to appropriate disciplinary actions for 建立The factory is a new
控制(信息访问控制) No documented procedures for investigating violation and factory, and the Organize management personnel to study computer
abuse. 必须建立一个系统来识别对IT的滥用， security management and usage regulations
disciplining IT system violators, as appropriate.没有记录在 documentation and
包括不适当的访问、篡改或更改业务数据。所 procedures for the related 3.网络管理员每月对电脑密码更改记录
有系统违反者必须受到适当的纪律处分。案的程序来调查违反和惩罚适当的IT系统违反者 activities have not been 16/5000
没有文件化的程序，以调查违反和纪律的IT系统违反者 established
，酌情。 Network administrator records monthly changes of
computer passwords
54 Information Access Procedures must be in place to ensure that all Computer backup information are not stored in a fire Must Do必须做 Lim Thw Nan
Controls (Information information used in clearing merchandise/cargo is resistant safe or at an off site facility
的
Access Controls)信息访问 legible, complete, accurate, and protected against
the exchange, loss or introduction of erroneous Back-up data is not stored in a fire resistant safe or at an off-
控制(信息访问控制) site facility.
information. 必须有适当的程序，以确保所有用
于清算商品/货物的信息清晰、完整、准确，并计算机备份信息不存储在防火保险箱或非现场设施中
防止交换、丢失或引入错误信息。备用数据不存储在防火保险箱或非现场设施中。
55 Information Access Documentation control must include safeguarding Desktops do not lock automatically after a designated Must Do必须做相关计算机使用工作人员安 1.对IT人员及计算机使用人员培训信息安全重要性 Andrianto
Controls (Information computer access and information.文件控制必须 period of inactivity Importance of training information security for IT
的全意识不够且it人员未及时培
Access Controls)信息访问包括保护计算机访问和信息。 personnel and computer users
One computer in production office does not automatically 训The safety awareness of
控制(信息访问控制) relevant computer users is not 2.由IT人员对所有计算机进行检查并登记，确保每
close and lock after a designated period of inactivity.在指定
enough and it staff is not 台计算机在不在活动期间自动锁定，恢复活动界面
的不活动期间后，桌面不会自动锁定 trained in time 时需要输入密码进入All computers are checked and
生产办公室的一台计算机在指定的不活动期间不会自动 registered by IT staff to ensure that each computer is
关闭和锁定。 locked automatically during the period when IT is not
active, and password is required to enter when
resuming the active interface
56 Information Access Procedures must be in place to ensure that all Password changes are not required by policy, or enforced in Must Do必须做 1.培训相关负责人员相关信息安全程序文件 Andrianto
Controls (Information information used in clearing merchandise/cargo is a systematic manner. Training related responsible personnel related
legible, complete, accurate, and protected against 的
Access Controls)信息访问 information security procedures 2.对信息访问设
the exchange, loss or introduction of erroneous Password changes every three (3) months.策略不要求更改
控制(信息访问控制) information. Documentation control must include 定三个月密码更改提示并及时更改密码并作统一的
safeguarding computer access and information / 密码，也不以系统的方式强制执行。
登记To the information access to set up three months
Automated systems must use individually assigned 密码每三个月更换一次。 password change prompt and timely change password
accounts that require a periodic change of and unified registration
password必须有适当的程序，以确保所有用于
清算商品/货物的信息清晰、完整、准确，并防
止交换、丢失或引入错误信息。文件控制必须
包括保护计算机访问和信息/自动化系统必须使
用需要定期更改密码的个人指定帐户
57 Storage & Distribution The facility does not have fencing or other barrier materials Must Do必须做工厂为新建工厂，对于有关 1.培训相关负责人员掌握工作流程及注意事项Train Lim Thw Nan
(Storage)仓储配送(仓储) to enclose cargo handling and storage areas to prevent relevant responsible personnel to master the working
unauthorized access. 的性的文件化及程序流程还未
建立The factory is a new process and matters needing attention 2.制定并张贴
The facility did not uses fencing or other barrier materials to factory, and the 相关授权人员信息 Develop and post relevant
enclose cargo handling and storage areas to prevent documentation and authorized personnel information 3.检查授
unauthorized access.该设施没有围篱或其他屏障材料来 procedures for the related
activities have not been 权人员进出货物装卸及储存区是否与登记信息一致
围封货物装卸和储存区域，以防止未经授权的进入。 established Check that authorized personnel entering and leaving
该设施没有使用围栏或其他屏障材料将货物装卸和储存 cargo handling and storage areas are consistent with
区域围起来，以防止未经授权的进入。 registration information 4.安装围
栏设施Installation of fencing
58 Storage & Distribution Procedures should also be established to track the There are no documented procedures for tracking goods for Should Do 应工厂建立初期，还未及时建 1.制定货物跟踪装运程序文件 Develop tracking Dwi Meilana
(Storage)仓储配送(仓储) timely movement of incoming and outgoing shipment
该做的立相关程序文件At the shipping procedures 2.培训相关人员
goods.还应建立程序，以跟踪货物的及时进出 beginning of the establishment 根据程序文件对装运货物进行跟踪Train relevant
。 The facility did not establish tracking goods for shipment.没 of the factory, relevant personnel to follow up the shipment according to the
有文件化的程序来跟踪货物的装运 procedures have not been procedure document
该设施没有建立跟踪货物的装运。 established in time
59 Storage & Distribution A high security seal which meets or exceeds the The facility does not have a documented procedure which Must Do必须做工厂为新建工厂，对相关要 1.制定货物工厂货物出口程序文件 Develop export Dwi Meilana
(Storage)仓储配送(仓储) current PAS ISO 17712 standard must be affixed to requires that high security seals meeting or exceeding PAS
的求未及时了解The factory is a procedure document of goods factory 2.培训
all loaded containers bound for the US所有运往美 ISO 17712 standard must be affixed to all loaded newly built factory, and the
containers/trailers bound for the US 负责人熟悉货物出口要求 Train
国的已装载货柜均须贴上符合或超过现行PAS relevant specific factory system responsible person to be familiar with export
ISO 17712标准的高度安全印章 No documented procedure to affix a high security seal is implemented in a timely
manner requirements 3.熟悉并应用ISO/PAS 17712高安全封
which meets or exceeds ISO/PAS 17712 on each container /
条及高度安全印章Be familiar with ISO/PAS 17712
trailers bound for the US.工厂没有文件化的程序，要求所 high security seals and high security seals
有运往美国的已装载货柜/拖架必须贴上符合或超过PAS
ISO 17712标准的高安全封条
在运往美国的每一个货柜/拖架上，没有任何成文程序可
贴上符合或超过ISO/PAS 17712的高度安全印章。
60 Storage & Distribution Written procedures must stipulate how seals are There are no documented procedures for affixing, replacing, Must Do必须做工厂为新建工厂，对相关具 1.制定有关集装箱、拖车等相关程序文件 2.培 Dwi Meilana
(Storage)仓储配送(仓储) controlled and affixed to loaded containers, recording and tracking the seals placed on containers,
including recognizing and reporting compromised trailers, trucks, and/or railcars 的体工厂制度为及时实施展开训相关负责人做好相关记录，并在更新标签及文件
seals and/or containers to local Customs The factory is a newly built 时必须及时更换悬挂或张贴
No documented procedures for affixing, replacing, factory, and the relevant
authorities书面程序必须规定如何控制和在装载 specific factory system is
recording, and tracking the seals placed on containers,
的集装箱上加盖印章，包括识别和向当地海关 implemented in a timely
trailers, trucks, and/or railcars.没有关于在集装箱、拖车、 manner
报告受损的印章和/或集装箱
卡车和/或有轨电车上粘贴、更换、记录和跟踪密封件的
文件化程序
没有关于在集装箱、拖车、卡车和/或有轨电车上粘贴、
更换、记录和跟踪密封件的文件化程序。
61 Storage & Distribution Only designated employees should distribute Unused seals are not securely kept and/or access is not Should Do 应工厂为新建工厂，对相关具 1.制定相关规章制度及用印登记制度 Formulate Dwi Meilana
(Storage)仓储配送(仓储) container seals for integrity purposes为保持完整 restricted to authorized employee(s) only. 该做的体工厂制度为及时实施展开 relevant rules and regulations and registration system
性，只有指定的员工才应分发容器封条 The factory is a newly built 2.购买密封柜并安排授权管理印章人员对用印
The facility did not provide locked cabinet for seal.未使用的 factory, and the relevant 人员进行审核并登记Purchase sealed cabinet and
印章没有妥善保管，且/或访问权限不限于授权员工。 specific factory system is arrange authorized seal management personnel to
工厂没有提供带锁的密封柜。 implemented in a timely check and register the seal personnel
manner
62 Storage & Distribution Written procedures must stipulate how seals are Outgoing cargo verified against transportation/shipping
Must Do必须做工厂为新建工厂对相关负责 1.培训相关岗位工作人员对货物出口时做好检查记 Dwi Meilana
(Storage)仓储配送(仓储) controlled and affixed to loaded containers, document before departure and/or facility does not keep
including recognizing and reporting compromised records of: Container/cargo conveyance number. 的人员培训不到位The training 录，Train related staff to make inspection records
seals and/or containers to local Customs of relevant responsible when goods are exported 2.制定
personnel for the new factory
authorities 书面程序必须规定如何控制和在装 Export log book did not include container number.离境前根 is not in place 针对货物出口时的检查程序Develop inspection
载的集装箱上加盖印章，包括识别和向当地海据运输/装运文件核实的出口货物和/或设施不保存以下 procedures for goods when they are exported
关报告受损的印章和/或集装箱记录:集装箱/货物运输号码。
出口日志中没有包含集装箱号。
63 Storage & Distribution The foreign manufacturer must affix a high The facility is not using ISO/PAS 17712 compliant seals Must Do必须做工厂工作人员在使用密封时 1.培训工厂相关人员正确使用密封并及时检查及拍 Dwi Meilana
(Storage)仓储配送(仓储) security seal to all loaded trailers and containers
bound for the U.S. All seals must meet or exceed The facility could not show ISO/PAS 17712 for seal 的忽略了密封容器ISO/PAS 照（是否有ISO/PAS 17712）Train factory personnel
the current PAS ISO 17712 standards for high 17712Factory personnel to properly use seals and check and take photos in
container.工厂没有使用符合ISO/PAS 17712标准的密封 ignored the sealed container time (whether there is ISO/PAS 17712)
security seals.外国制造商必须在运往美国的所工厂无法显示密封容器的ISO/PAS 17712。 ISO/PAS 17712 when using
有装载拖车和集装箱上加盖高安全印章。所有 seals
印章必须符合或超过目前PAS ISO 17712的高安
全印章标准
64 Storage & Distribution Procedures must be in place for reporting and The loading and departure of containers/trailers is not Must Do必须做在工厂建立安装CCTV 时未考 1.加装大容量cctv储存设备，并在货物出货处安装 Lim Thw Nan
(Storage)仓储配送(仓储) neutralizing unauthorized entry into containers or captured on CCTV and/or does not provide adequate views
of loading activities and inside container and/or the 的虑到相关储存容量The 录像设备 Install large capacity CCTV storage
container storage areas必须有程序报告和制止未 relevant storage capacity is not equipment, and install video equipment at the
recording is kept for 30 to 45 days (applicable to trucks and
经许可进入集装箱或集装箱储存区 closed vans). taken into account when shipment area 2.确保录像储存时
setting up and installing CCTV
in the factory 间在40-60天之间Ensure storage time between 40
CCTV's only could record 25 days.货柜/拖架的装卸及离港 and 60 days
过程并没有在闭路电视上录得，而/或没有提供足够的货
柜及拖架内装卸活动的图像，及/或记录保存30至45天
(适用于货车及封闭货车)。
CCTV只记录了25天。
65 Storage & Distribution Documented procedures are not in place to verify the Must Do必须做工厂为新建工厂，对于有关 1.健全7点检查法相关程序文件 Improve the Wahyu Ardi
(Storage)仓储配送(仓储) integrity of the container structure through 7-point
container inspection. 的性的文件化及程序流程还未 procedures of the 7 - point inspection law 2.培
建立The factory is a new 训相关负责人员针对如何验证集装箱结构完整性及
No documented procedures in place to verify the integrity factory, and the 7点检查法检查要素 Training relevant responsible
of the container structure through 7-point container documentation and personnel on how to verify the structural integrity of
inspection which includes checking of Front, Left side, Right procedures for the related containers and inspection elements of the 7-point
side, Floor, Ceiling/ Roof, Inside/Outside Doors and activities have not been
established inspection method 3.对于7点检查法所
Undercarriage).没有文件化的程序通过7点集装箱检查来
检查内容完整性进行验证The integrity of the
验证集装箱结构的完整性。 contents examined by the 7-point inspection method
没有文件化的程序，以验证集装箱结构的完整性，通过 was verified
7点集装箱检查，其中包括检查前面，左边，右边，地
板，天花板/屋顶，内外门和起落架)。
66 Contractor Controls Foreign manufacturers must have written and When selecting the contractors used by the facility, the Must Do必须做工厂为新建工厂，对于有关 1.培训相关负责人并迅速完成程序文件制定 Train Siti Komariyah
(Contractor Controls)承办 verifiable processes for the selection of business facility does not consider the contractor's security controls
的性的文件化及程序流程还未 the responsible person and complete the procedure
partners including, carriers, other manufacturers,
商管制(承办商管制) product suppliers and vendors (parts and raw In selecting the contractors used by the facility, the facility 建立The factory is a new document quickly 2.根据相对应的程序文件对承
material suppliers, etc).外国制造商必须有书面的 did not consider the contractor's: Security controls.在选择 factory, and the 包商检查并制定安全控制程序Check and develop
documentation and safety control procedure for contractor according to
和可验证的流程来选择商业伙伴，包括运营商工厂使用的承包商时，工厂不考虑承包商的安全控制 procedures for the related corresponding procedure document
、其他制造商、产品供应商和供应商(零部件和在选择该设施使用的承包商时，该设施没有考虑承包商 activities have not been
原材料供应商等)。的:安全控制。 established
67 Contractor Controls Foreign manufacturers must have written and When selecting the contractors used by the facility, the Must Do必须做工厂为新建工厂，对于有关 1.对工厂所有承包商进行全面分析，从承包商历史 Siti Komariyah
(Contractor Controls)承办 verifiable processes for the selection of business facility does not consider the contractor's financial stability
的性的文件化及程序流程还未、人员流动、历来是否发生事故、财务稳定性，等
商管制(承办商管制) product suppliers and vendors (parts and raw In selecting the contractors used by the facility, the facility 建立The factory is a new 详细统计并汇总成表
material suppliers, etc).外国制造商必须有书面的 did not consider the contractor's: Financial stability.在选择 factory, and the Conduct a comprehensive analysis of all contractors in
documentation and the plant, from the contractor's history, personnel
和可验证的流程来选择商业伙伴，包括运营商设备使用的承包商时，设备不考虑承包商的财务稳定性 procedures for the related turnover, history of accidents, financial stability, etc 0.
、其他制造商、产品供应商和供应商(零部件和在选择该设施使用的承包商时，该设施没有考虑到承包 activities have not been 对承包商根据调查汇总表进行分析选择，并于符合
原材料供应商等)。商的财务稳定性。 established
要求的承包商之间签定安全标准承诺书Analyze and
select the contractor according to the survey
summary, and sign the safety standard commitment
between the contractors who meet the requirements
68 Contractor Controls Foreign manufacturers must have written and When selecting the contractors used by the facility, the Must Do必须做工厂为新建工厂，对于有关 1.对工厂所有承包商进行全面分析，从承包商历史 Siti Komariyah
(Contractor Controls)承办 verifiable processes for the selection of business facility does not consider the contractor's corporate history
的性的文件化及程序流程还未、人员流动、历来是否发生事故、财务稳定性，等
商管制(承办商管制) product suppliers and vendors (parts and raw In selecting the contractors used by the facility, the facility 建立The factory is a new 详细统计并汇总成表
material suppliers, etc).外国制造商必须有书面的 did not consider the contractor's: corporate history.在选择 factory, and the Conduct a comprehensive analysis of all contractors in
documentation and the plant, from the contractor's history, personnel
和可验证的流程来选择商业伙伴，包括运营商工厂使用的承包商时，工厂没有考虑承包商的企业历史 procedures for the related turnover, history of accidents, financial stability, etc 0.
、其他制造商、产品供应商和供应商(零部件和在选择工厂使用的承包商时，工厂没有考虑承包商的:公 activities have not been 对承包商根据调查汇总表进行分析选择，并于符合
原材料供应商等)。司历史。 established
要求的承包商之间签定安全标准承诺书Analyze and
select the contractor according to the survey
summary, and sign the safety standard commitment
between the contractors who meet the requirements
69 Contractor Controls Foreign manufacturers must have written and When selecting the contractors used by the facility, the Must Do必须做工厂为新建工厂，对于有关 1.制定承包商用工要求并对承包商用工人员进行检 Siti Komariyah
(Contractor Controls)承办 verifiable processes for the selection of business facility does not consider the contractor's hiring practices
的性的文件化及程序流程还未查Set up the contractor's employment requirements
商管制(承办商管制) product suppliers and vendors (parts and raw In selecting the contractors used by the facility, the facility 建立The factory is a new and inspect the contractor's employees
material suppliers, etc).外国制造商必须有书面的 did not consider the contractor's: Hiring practice.在选择工 factory, and the
documentation and
和可验证的流程来选择商业伙伴，包括运营商厂使用的承包商时，工厂不考虑承包商的雇用做法 procedures for the related
、其他制造商、产品供应商和供应商(零部件和在选择该设施所使用的承包商时，该设施没有考虑承包 activities have not been
原材料供应商等)。商的雇用惯例。 established
70 Contractor Controls At point of stuffing, procedures must be in place to The facility does not have written security standards and Must Do必须做工厂为新建工厂，对于有关 1.制定对承包商的安全政策及程序文件并签订合同 Siti Komariyah
(Contractor Controls)承办 properly seal and maintain the integrity of documented procedures for its contractors
的性的文件化及程序流程还未 Develop safety policies and procedures for
shipping containers / Written procedures must
商管制(承办商管制) stipulate how seals are controlled and affixed to The facility did not have written security standards and 建立The factory is a new contractors and sign contracts 2.对
loaded containers, including recognizing and documented procedures for selection of its contractors factory, and the 承包商相关设施进行风险评估 Carry out risk
reporting compromised seals and/or containers to (contracts, manuals, etc.).工厂没有为其承包商制定书面的 documentation and assessment for contractor related facilities 2.
local Customs authorities / Measures must be in procedures for the related
place to ensure the integrity and security of 安全标准和文件化的程序 activities have not been 要求承包商定期对自身设施进行自我评估并在工厂
processes relevant to the transportation, handling, 该设施没有书面的安全标准和文件化的程序来选择其承 established 存底Require contractors to conduct periodic self-
and storage of cargo in the supply chain点的填料, 包商(合同、手册等)。 assessment of their facilities and maintain inventory at
the plant
程序必须妥善密封和保持集装箱的完整性/书面
程序必须规定封柜是如何控制和贴在加载容器,
包括认识和报告妥协封柜和/或容器当地海关/
措施必须到位,确保流程的完整性和安全相关的
运输、处理和存储的货物在供应链
71 Contractor Controls Foreign manufacturers must ensure that business The facility does not require its contractors to conduct self- Should Do 应工厂为新建工厂，对于有关 1.制定对承包商的安全政策及程序文件并签订合同 Fitria
(Contractor Controls)承办 partners develop security processes and assessment of their security policies and procedures and to
procedures consistent with the C-TPAT security share the results of those assessments with the facility 该做的性的文件化及程序流程还未 Develop safety policies and procedures for
商管制(承办商管制) criteria to enhance the integrity of the shipment at 建立 contractors and sign contracts 2.对
point of origin, assembly or manufacturing. The facility did not conduct self-assessment to contractors. 26/5000 承包商相关设施进行风险评估 Carry out risk
Periodic reviews 工厂没有要求其承包商对其安全政策和程序进行自我评 assessment for contractor related facilities 3.
of business partners’ processes and facilities The factory is a new factory,
should be conducted based on risk, and should 估，并与设施分享这些评估的结果 and the documentation and 要求承包商定期对自身设施进行自我评估并在工厂
maintain the security standards required by the 该设施没有对承包商进行自我评估。 procedures for the related 存底Require contractors to conduct periodic self-
foreign manufacturer.外国制造商必须确保业务 activities have not been assessment of their facilities and maintain inventory at
established the plant
合作伙伴开发符合C-TPAT安全标准的安全流程
和程序，以增强原产地、组装或制造点的发货
完整性。定期评审
业务伙伴的流程和设施应基于风险进行，并应
保持外国制造商要求的安全标准。
72 Export Logistics (Export Foreign manufacturers must have written and When selecting carriers, the facility does not consider the Must Do必须做工厂为新建工厂，对于有关 1.培训相关负责人并迅速完成程序文件制定 Dwi Meilana
Logistics)出口物流(出口物 verifiable processes for the selection of business carriers' security controls在选择运营商时，工厂没有考虑
partners including, carriers, other manufacturers, 的性的文件化及程序流程还未 2.根据相对应的程序文件对运行商检查并制定安全
流) product suppliers and vendors (parts and raw 运营商的安全控制建立控制程序
material suppliers, etc).外国制造商必须有书面的
和可验证的流程来选择商业伙伴，包括运营商
、其他制造商、产品供应商和供应商(零部件和
原材料供应商等)。
73 Export Logistics (Export Foreign manufacturers must have written and When selecting carriers, the facility does not consider the Must Do必须做工厂为新建工厂，对于有关 1.对工厂所有承运商进行全面分析，从承运商历史 Dwi Meilana
Logistics)出口物流(出口物 verifiable processes for the selection of business carriers' financial stability在选择承运商时，融资安排没有
partners including, carriers, other manufacturers, 的性的文件化及程序流程还未、人员流动、历来是否发生事故、财务稳定性，等
流) product suppliers and vendors (parts and raw 考虑承运商的财务稳定性建立The factory is a new 详细统计并汇总成表
material suppliers, etc).外国制造商必须有书面的 factory, and the onduct a comprehensive analysis of all the carriers in
documentation and the factory, and make detailed statistics and tables
和可验证的流程来选择商业伙伴，包括运营商 procedures for the related from the carrier history, personnel turnover, historical
、其他制造商、产品供应商和供应商(零部件和 activities have not been accidents and financial stability, etc 2.对承运商根据
原材料供应商等)。 established
调查汇总表进行分析选择，并于符合要求的承运商
之间签定安全标准承诺书Analyze and select the
carriers according to the survey summary form, and
sign the letter of commitment of safety standards
among the carriers meeting the requirements
74 Export Logistics (Export Foreign manufacturers must have written and When selecting carriers, the facility does not consider the Must Do必须做工厂为新建工厂，对于有关 1.对工厂所有承运商进行全面分析，从承运商历史 Dwi Meilana
Logistics)出口物流(出口物 verifiable processes for the selection of business carriers' corporate history在选择承运商时，工厂没有考虑
partners including, carriers, other manufacturers, 的性的文件化及程序流程还未、人员流动、历来是否发生事故、财务稳定性，等
流) product suppliers and vendors (parts and raw 承运商的企业历史建立The factory is a new 详细统计并汇总成表
material suppliers, etc).外国制造商必须有书面的 factory, and the onduct a comprehensive analysis of all the carriers in
documentation and the factory, and make detailed statistics and tables
和可验证的流程来选择商业伙伴，包括运营商 procedures for the related from the carrier history, personnel turnover, historical
、其他制造商、产品供应商和供应商(零部件和 activities have not been accidents and financial stability, etc 2.对承运商根据
原材料供应商等)。 established
调查汇总表进行分析选择，并于符合要求的承运商
之间签定安全标准承诺书Analyze and select the
carriers according to the survey summary form, and
sign the letter of commitment of safety standards
among the carriers meeting the requirements
75 Export Logistics (Export For those business partners eligible for C-TPAT The facility does not require eligible and/or ineligible Must Do必须做工厂为新建工厂，对于有关 1.对相关承运商告知安全标准文件详细信息 2. Dwi Meilana
Logistics)出口物流(出口物 certification (carriers, importers, ports, terminals, carriers to demonstrate security compliance standards. 的性的文件化及程序流程还未登记并制定货代或承运商培训细则 3.通
brokers, consolidators, etc.) the foreign
流) manufacturer must have documentation (e.g., C- The facility could not show C-TPAT certificate for forwarders. 建立过考核及办理C-TPAP相关证书并留底
TPAT certificate, SVI number, etc.) indicating 设施不要求符合条件和/或不符合条件的承运人证明符合
whether these business partners are or are not C-
安全标准。
TPAT certified.对于那些有资格获得C-TPAT认证的
工厂无法为货代出示C-TPAT证书。
业务伙伴(承运人、进口商、港口、码头、经纪
商、集运商等)，外国制造商必须有文件(如C-
TPAT证书、SVI编号等)，表明这些业务伙伴是否
获得了C-TPAT认证。
76 Export Logistics (Export For those business partners eligible for C-TPAT The facility does not have written or electronic confirmation Must Do必须做工厂为新建工厂，对于有关 1.向各合作伙伴发送C-TPAT安全标准程序文件 Send Dwi Meilana
Logistics)出口物流(出口物 certification (carriers, importers, ports, terminals, of its partners' compliance with C-TPAT or C-TPAT-equivalent the c-tpat security standard procedure document to
brokers, consolidators, etc.) the foreign security criteria (e.g., contract language, a letter of 的性的文件化及程序流程还未
流) manufacturer must have documentation (e.g., C- commitment signed at the management level or above, 建立The factory is a new each partner 2.在合作伙伴接收到文件时与其签订
TPAT certificate, SVI number, etc.) indicating signed acknowledgement of receiving the facility's C-TPAT factory, and the 相关合同及安全标准承诺书Upon receipt of the
whether these business partners are or are not C- participation announcement). documentation and documents, the partner shall sign the relevant
TPAT certified.对于那些有资格获得C-TPAT认证的 procedures for the related contract and safety standard commitment letter
No written or electronic confirmation of its partners' activities have not been
业务伙伴(承运人、进口商、港口、码头、经纪 established
compliance with C-TPAT security criteria.工厂没有书面或电
商、集运商等)，外国制造商必须有文件(如C-
子方式确认其合作伙伴是否遵守C-TPAT或C-TPAT等效的
TPAT证书、SVI编号等)，表明这些业务伙伴是否
安全标准(例如，合同语言、在管理层或以上签署的承保
获得了C-TPAT认证。
书、收到工厂的C-TPAT参与声明的签字确认)。
没有书面或电子方式确认其合作伙伴是否符合C-TPAT安
全标准。
77 Export Logistics (Export For those business partners eligible for C-TPAT Facility does not conduct periodic unannounced security Must Do必须做 1.制定工厂安全检查内部程序 Develop internal Dwi Meilana
Logistics)出口物流(出口物 certification (carriers, importers, ports, terminals, check to ensure that transport company is in compliance
的 procedures for plant safety inspection 2.培训
brokers, consolidators, etc.) the foreign with the contract.
流) manufacturer must have documentation (e.g., C- 相关负责人对运输公司进行定期检查并汇总检查报
TPAT certificate, SVI number, etc.) indicating The facility did not conducts a periodic unannounced 告Train the responsible person to carry out regular
whether these business partners are or are not C- security check to ensure that transport company is in inspection on the transportation company and
TPAT certified对于那些有资格获得C-TPAT认证的 compliance with the contract.工厂没有定期进行未经通知 summarize the inspection report
业务伙伴(承运人、进口商、港口、码头、经纪的安全检查，以确保运输公司遵守合同。
商、集运商等)，外国制造商必须有文件(如C- 该设施没有进行定期的未经宣布的安全检查，以确保运
TPAT证书、SVI编号等)，表明这些业务伙伴是否输公司遵守合同。
获得了C-TPAT认证。.
78 Transparency In Supply There is no documented system in place to ensure that Informative 教工厂为新建工厂，对于有关 1.制定公司管理部门状元制度 To formulate the Siti Komariyah
Chain (Transparency In management is informed of and investigates all anomalies
found in shipments including human trafficking. 育性的性的文件化及程序流程还未 system of no.1 in company management department
Supply Chain)供应链透明 2.制定货物装运流程及检查机制Develop
建立The factory is a new
度(供应链透明度) No documented system in place to ensure that factory, and the the cargo shipping process and inspection mechanism
management is informed of and investigates all anomalies documentation and
found in shipments including human trafficking.没有文件化 procedures for the related
的制度来确保管理部门了解和调查包括人口贩运在内的 established
货运中发现的所有异常情况。
没有文件化的系统，以确保管理部门了解和调查在装运
中发现的所有异常情况，包括人口贩运。
79 Transparency In Supply There is no documented cargo verification procedure in Informative 教工厂为新建工厂，对于有关 1.建立货物核查程序文件 Establish documentation Siti Komariyah
Chain (Transparency In place to prevent unmanifested cargo and/or illegal aliens
from being loaded. 育性的性的文件化及程序流程还未 of cargo verification procedures 2.培训
Supply Chain)供应链透明
建立The factory is a new 相关负责人对货物根据程序文件详细检查Train the
度(供应链透明度) No documented cargo verification procedure in place to factory, and the responsible person to inspect the goods according to
prevent unmanifested cargo and/or illegal aliens from being documentation and the procedure document
loaded.没有文件化的货物核查程序，以防止未列明的货 procedures for the related
物和/或非法外国人被装载。 established
没有文件化的货物核查程序，以防止未列明的货物和/或
非法外国人被装载。
80 Transparency In Supply The facility does not conduct on-site inspections of the Informative 教 1.制定承包商安全生产标准程序Develop contractor's Siti Komariyah
Chain (Transparency In contractors' implementation of the their security standard procedures for production safety
standards/procedures that includes compliance with human 育性的
Supply Chain)供应链透明 2.定期对承包商实地进行检查Regular site inspection
trafficking and slavery, forced labor and child labor policies.
度(供应链透明度) of contractors
The facility did not conduct on-site inspections of the
contractors' implementation of the their security
standards/procedures including compliance with human
trafficking and slavery policies.工厂没有对承包商执行其安
全标准/程序(包括遵守人口贩运和奴役、强迫劳动和童
工政策)的情况进行现场检查。
工厂没有对承包商执行其安全标准/程序，包括遵守人口
贩运和奴隶制政策的情况进行现场视察。
81 Transparency In Supply The facility does not require its contractors to conduct self- Informative 教工厂为新建工厂，相关制度 1.加强对于承包商相关反恐政策自我评估并备案留 Siti Komariyah
Chain (Transparency In assessment of their security policies and procedures
including status of their compliance with human trafficking 育性的及政策还未全面建立The 底定期检查Strengthen the self-assessment and filing
Supply Chain)供应链透明 factory is newly built, and of contractors' anti-terrorism policies and conduct
and slavery policies and share the results of those
度(供应链透明度) assessments with the facility. relevant systems and policies regular inspections
have not been fully established
No self assessment was conducted by the contractors
included status of their compliance with human trafficking.
工厂不要求其承包商对其安全政策和程序进行自我评估
，包括其遵守人口贩运和奴隶制政策的情况，并与该设
施分享这些评估的结果。
承包商没有进行包括其遵守人口贩运情况在内的自我评
估。
84 Transparency In Supply There is no written security awareness program covering Informative 教 1.反恐负责人对于恐怖主义 1.建立健全的安全意识培训刚要 Establish sound Siti Komariyah
Chain (Transparency In awareness of current terrorist threat(s), human trafficking,
smuggling trends, and seizures in place to ensure 育性的安全意识及防范认识不够The safety awareness training 2.培训及考核关于
Supply Chain)供应链透明 person in charge of counter-
employees understand the threat posed by terrorist at each 恐怖主义安全意识及人口贩运安全认识
度(供应链透明度) point of the supply chain. terrorism is not familiar with Training and assessment of terrorism security
the security awareness and awareness and human trafficking security awareness
Security awareness was not covered awareness of current prevention of terrorism
terrorist threat(s), human trafficking.没有书面的安全意识
计划，涵盖对当前恐怖主义威胁、人口贩运、走私趋势
和缉获情况的认识，以确保雇员了解供应链每一个环节
的恐怖主义构成的威胁。
安全意识不包括对当前恐怖主义威胁、人口贩运的认识
。
85 Transparency In Supply There is no documented system in place to ensure that to Informative 教 1.工厂为新建工厂，对于相 1.严格按照供应商与合作伙伴安全要求与管理实施 Siti Komariyah
Chain (Transparency In ensure that facility is not sourcing goods, wares, articles, Strictly follow the safety requirements and
and merchandise mined, produced, or manufactured wholly 育性的关制度还未及时健全The
Supply Chain)供应链透明 factory is a newly built factory, management of suppliers and partners
or in part in any foreign country by convict labor or/and
度(供应链透明度) forced labor or/and and relevant systems have not 2.建立符合反恐程序相关书面制度 Establish
indentured labor under penal sanctions and child labor. been timely improved a written system that complies with anti-terrorism
procedures 3.对相关人员进行相关反恐程序
No documented system in place to ensure sourcing goods in 相关制度培训Training relevant personnel on anti-
part of any foreign country by convict labor, forced labor, terrorism procedures and systems
indentured labor under penal sanction and child labor.没有
文件证明的制度，以确保设施不采购由罪犯劳工或/和强
迫劳工或/和在任何外国全部或部分开采、生产或制造的
货物、货物、物品和商品
受刑罚制裁的契约劳工和童工。
未建立书面制度，以确保罪犯劳工、强迫劳工、受刑罚
制裁的契约劳工和童工在外国部分地区采购货物。
86 Risk Assessment (Risk program to analyze and identify critical areas of its supply Informative 教 1.反恐负责人对反恐条款理 1.再次对所有供应商进行风险评估， Risk Fitria
Assessment)风险评估(风 chain that is the most likely targets for infiltration.
育性的解不到位 assessment for all suppliers again, 2.对所有
险评估) The head of counter-terrorism 供应商签定反恐协议书。 Sign anti-
The facility did not establish risk assessment.计划分析和确 does not understand the anti-
定其供应链的关键领域，这是最有可能渗透的目标。 terrorism provisions well terrorism agreements with all suppliers 3.对采购人员
该基金没有建立风险评估。进行培训，确保现有所有供应商都建立书面制度。
Train purchasing staff to ensure that all existing
未建立书面制度，以确保罪犯劳工、强迫劳工、受刑罚 suppliers have a written system in place
制裁的契约劳工和童工在外国部分地区采购货物。
87 Risk Assessment (Risk The facility does not have a comprehensive risk assessment Informative 教 1.工厂为新建工厂，在反恐 1、识别并制定公司自身设施的风险评估 Identify Fitria
Assessment)风险评估(风 covering their own facility. and develop risk assessments for the company's own
育性的资料中风险评估还不够完善
险评估) The factory is newly built and facilities 2.组织相关负责自
The facility did not establish risk assessment.该工厂没有覆 the risk assessment in the anti- 身设施风险评估进行培训Organize training on risk
盖其自身设施的全面风险评估。 terrorism data is not perfect assessment of own facilities
该基金没有建立风险评估。 2.反恐负责人对风
险评估条款认知不到位
88 Risk Assessment (Risk The facility does not have a comprehensive risk assessment Informative 教 1.工厂为新建工厂，在反恐 1、识别并制定生产、包装及填料的风险评估 Fitria
Assessment)风险评估(风 covering point of packing and stuffing. Identify and develop risk assessment for production,
险评估) The factory is newly built and packaging and packing 2.组织
The facility did not establish risk assessment.工厂没有全面 the risk assessment in the anti- 相关负责人员对生产、包装及填料风险评估进行培
的风险评估，包括包装和填料。 terrorism data is not perfect
训Organize relevant personnel to train production,
该基金没有建立风险评估。 2.反恐负责人对风 packaging and packing risk assessment
89 Risk Assessment (Risk The facility does not have comprehensive risk assessment Informative 教 1.工厂为新建工厂，在反恐 1、识别并制定承包商的运输环节的风险评估 Fitria
Assessment)风险评估(风 covering contractors. Identify and develop contractor's transportation risk
险评估) The factory is newly built and assessment 2.组织相关负责
The facility did not establish risk assessment.该工厂没有对 the risk assessment in the anti- 人员对承包商的运输环节进行培训Organize relevant
承包商进行全面的风险评估。 terrorism data is not perfect responsible personnel to train the contractor's
该基金没有建立风险评估。 2.反恐负责人对风 transportation link
90 Risk Assessment (Risk The facility does not have a comprehensive risk assessment Informative 教 1.工厂为新建工厂，在反恐 1、识别并制定出口物流及供应商的运输环节的风 Fitria
Assessment)风险评估(风 covering export logistics and at each transportation link
within the chain. 育性的资料中风险评估还不够完善险评估 Identify and develop risk assessment for
险评估) The factory is newly built and export logistics and supplier transportation
the risk assessment in the anti- 2.组织相关负责人员对出口物流供应
The facility did not establish risk assessment.工厂没有包括 terrorism data is not perfect
出口物流和供应链内每个运输环节的全面风险评估。商的运输环节进行培训Organize relevant responsible
2.反恐负责人对风 personnel to train the transportation links of export
该基金没有建立风险评估。险评估条款认知不到位 logistics suppliers

GSV

Uploaded by

Copyright:

Available Formats

GSV

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GSV

Uploaded by

Copyright:

Available Formats

Facility Name: PT.

DCP Travelling Products Customer Name: SanMar

Facility Email: [email protected] Verification Date: April 30, 2019

The facility did not conduct security assessment that include

The facility did not conduct security assessment that include

You might also like