C-TPAT
Security Audit
* Example Report *
North America
+1-813-252-4770
Latin America
+52-1-333-2010712
Europe & Middle-East
+49-8122-552 9590
Asia & Asia Pacific
+886-2-2832-2990
Email
info@proqc.com
www.proqc.com
�C-TPAT AUDIT CHECKLIST
Rev.
GUIDELINES
PURPOSE:
Assessment scores are rarely understood outside of the quality organization or the auditing company. This assessment is based
upon defined criteria for each element assessed. Scoring is based upon the suppliers ability to meet all of the requirements of CTPAT. The intent of this assessment is to provide the client with information about the supplier's readiness for an official on-site
review.
SCORING:
Scores are to be assigned based upon what is done for the Pro QC client regardless of what is done for other clients. Example: if
Control Plans are developed for other clients but not for Pro QC client, the score must be one 'NC' - Major Non-Conformance.
Complies with the Requirements = C
Improvement Needed = I
Non-Conformance Found = NC
N/A = Does Not Apply to this supplier
GUIDELINE FOR SCORING CONFORMANCE:
Each question has a list of criteria to be used to assess conformance to the requirement of C-TPAT.
Complies with Requirements =
- Has objective evidence to support the question, and
- Has a written procedure (when required).
Improvement Needed =
- Has objective evidence, but procedure needs improvement.
- Has objective evidence, but no written procedure.
- Has written procedure, but is lacking some objective evidence to support the question.
Non-Conformance =
- No objective evidence to support the question (regardless of the procedure).
- Lacking some objective evidence and no written procedure.
RESULTS/RECOMMENDATIONS: (Automatically Calculated)
The score is based upon the percent of questions that conform to the requirements, percent that Needs Improvement, and the
percent that have a major Non-Conformance. Each client should review how the supplier was evaluated for each question and
base their sourcing decisions upon factors which are important to their organization and product(s).
AUDIT REPORT:
The auditor is to complete all sections of the audit report:
- Scope of the audit
- Recommendations
- Strength of suppliers security system (C-TPAT)
- Opportunities for improvement (weaknesses in the supplier's security system)
RESULTS REVIEW WITH SUPPLIER:
The auditor should review the audit results with the supplier, but cannot give the supplier a copy of the audit. The audit is the
property of the client.
CORRECTIVE ACTIONS:
It is recommended that the client request a corrective action (improvement plan) based upon the results of the audit. The
improvement plan should include the following:
- Detailed description of action plan.
- Name of person responsible for the improvement activity.
- Date when the improvement will be completed.
�C-TPAT AUDIT CHECKLIST
Rev.
SUMMARY
Supplier Name
Audit Date
Report No.
XXXXXXXXXXXXX
SUPPLIER'S INFORMATION
NAME :
CLIENT'S INFORMATION
NAME :
XXXXXXXXXXXXX
ADDRESS : XXXXXXXXXXXXX
XXXXXXXXXXXXX
CITY : XXXXXXXXXXXXX
COUNTRY : XXXXXXXXXXXXX
PHONE : XXXXXXXXXXXXX
FAX : XXXXXXXXXXXXX
XXXXXXXXX
ADDRESS : XXXXXXXXX
XXXXXXXXX
CITY : XXXXXXXXX
COUNTRY : XXXXXXXXX
PHONE : XXXXXXXXX
FAX : XXXXXXXXX
SUPPLIER'S PERSONNEL PARTICIPATING
Mr./Mrs.
Mr./Mrs.
Mr./Mrs.
Mr./Mrs.
Mr./Mrs.
Mr./Mrs.
Mr./Mrs.
XXXXXXXXXXXXX
XXXXXXXXXXXXX
XXXXXXXXXXXXX
XXXXXXXXXXXXX
XXXXXXXXXXXXX
XXXXXXXXXXXXX
XXXXXXXXXXXXX
Title:
Title:
Title:
Title:
Title:
Title:
Title:
XXXXXX
XXXXXX
XXXXXX
XXXXXX
XXXXXX
XXXXXX
XXXXXX
Email:
Email:
Email:
Email:
Email:
Email:
Email:
XXXXXXXX
XXXXXXXX
XXXXXXXX
XXXXXXXX
XXXXXXXX
XXXXXXXX
XXXXXXXX
Email:
Email:
Email:
XXXXXXX
XXXXXXX
XXXXXXX
PRO QC PERSONNEL
XXXXXXXXXX
XXXXXXXXXX
XXXXXXXXXX
Mr./Mrs.
Mr./Mrs.
Mr./Mrs.
Title:
Title:
Title:
XXXXXXX
XXXXXXX
XXXXXXX
Scope :
AUDIT RESULTS
Category
No. Ques.
Complies with Requirements ( C )
57
85.1%
Improvement Needed ( I )
9.0%
Non-Conformance (NC)
6.0%
Not Applicable (N/A)
6
67
RECOMMENDATIONS
Systems are effective, you could start or continue business with this supplier.
System is acceptable with minor nonconformities.You could use this
supplier and keep pushing them to improve it.
System has some major issue. You could temporarily use this supplier and
request immediate corrective action in case of long term business.
There are serious major issues in this supplier that could impact in your business.
The best solution will be to source for another supplier.
�C-TPAT AUDIT CHECKLIST
AUDIT REPORT
Supplier Name
XXXXXXXXXXXXX
Audit Date
Report No.
Scope of Audit:
To evaluate the factory's compliance to C-TPAT requirements and readiness for an on-site evaluation by official registrars.
Summary:
We recommend factory SSSSS to apply for C-TPAT recognition to obtain benefits of this by facilitating the circulation
of products in the USA market, while at the same time assisting its client to solve on-time delivery in the market.
Strengths:
The company SSSSS is protected by barriers on all sides, north, south, east, and west. The whole barriers
have enough lighting and a camera control system. The factory has two main entrance doors for people and material,
and all have security guards responsible for entrance control. Procedures are in place to control the entrance of
people and material. There is also a room to view the images from a camera 24/24 hours with about fifteen days of image
memory.
Opportunities for Improvement:
1. An ID (identification number) is not required to be presented as a condition to facility access.
2. Maintain records of solutions of the issue of non-identified people found within the company.
3. There must be barriers between parking for private cars and parking for container loading.
�C-TPAT AUDIT CHECKLIST
Rev.
AUDIT CHECKLIST
Audit Date
Supplier Name
XXXXXXXXXXXXX
Report No.
C = Complies with the Requirements, I = Improvement Needed, NC = Non-Conformance, N/A = Not Applicable
QUESTIONNAIRE
FINDINGS
SCORE
GENERAL INFORMATION
What is the total land area included in the factory campus?
The company has 30997 m2.
What is the occupation of total building floor area included in the
factory campus (Take photo of building. At external view)?
The total square meter for the building is 14577
m2.
How many people are working in this facility on 1st shift?
1600 persons for 1st shift
How many people are working in this facility on 2nd shift?
500 persons for 2nd shift
How many people are working in this facility on 3rd shift?
None, there is no 3rd shift
How many security guards are present during 1st shift, and what
is their working time?
23 security guards in total. 6-7 for 1st shift, 7h-15h
How many security guards are present during 2nd shift, and what 6-7 guards for 2nd shift, 15h-23h
is their working time?
How many security guards during 3rd shift, and their working
time?
6-7 for 3rd shift, 23h-7h
At what time are gates secure in the evening?
10:00 PM
10
At what time are gates open in the morning?
7:00 AM
BUSINESS PARTNER REQUIREMENTS
Is the supplier an approved member of its countrys Cargo
Security Program?
Not yet part of the C-TPAT member
Is the supplier a C-TPAT member? If yes, please list SVI number
No.
Are carriers monitored to ensure they are C-TPAT certified?
The company will have a program to become a
member of C-TPAT
NC
The company SSSSS is monitoring its supplier for
C-TPAT issues
NC
2
3
Are sub-contracted carriers monitored to ensure they are
C-TPAT certified?
CONTAINER / TRAILER SECURITY
Are procedures in place to verify the physical integrity of the
container/trailer structure prior to stuffing to include: reliability of
the locking mechanisms of the doors, container front wall left side,
right side, floor, ceiling/roof, inside/outside doors,
outside/undercarriage? (Following the 7 point or 10 point plan)
Yes, the factory has developed a procedure for
control of physical integrity of the container/trailer
MF-WI-001/B.1 validated in 2010-03-01. The
procedure respects ISO/PAS17712 as it has been
required in element 5.1.1, SEE PHOTO 1
Are containers stored in a secure area to prevent unauthorized
access and/or manipulation?
Yes, it is prohibited for an unauthorized person to
go inside the storage room. Everyone must have
an access card. However, we can see that there
are company staff private cars located around 5 m
from there, SEE PHOTO 2
NC
NC
�C-TPAT AUDIT CHECKLIST
Rev.
AUDIT CHECKLIST
Audit Date
Supplier Name
XXXXXXXXXXXXX
Report No.
C = Complies with the Requirements, I = Improvement Needed, NC = Non-Conformance, N/A = Not Applicable
QUESTIONNAIRE
3
FINDINGS
SCORE
At point of loading, are procedures in place to properly seal and
maintain the integrity of the shipping containers/trailers?
Yes, procedures are available in respect to
ISO/PAS17712. The company uses locks/seals,
SEE PHOTO 4
Are high security seals affixed to all U.S. bound loaded
containers/trailers?
Yes, procedures are available in respect to
ISO/PAS17712. The company uses locks/seals,
SEE PHOTO 4
Are the seals numbered?
Yes, procedures are available in respect to
ISO/PAS17712. The company uses locks/seals,
SEE PHOTO 4
Yes, procedures are available in respect to
ISO/PAS17712. The company use locks/seals,
SEE PHOTO 4
Do seals meet or exceed current PAS ISO 17712 standards for
high security seals?
Are written procedures in place that stipulate how seals are to be Yes, procedures are in place. The person
controlled and affixed to loaded containers/trailers?
responsible for verification is Mr. Qi Chun You. The
company uses a temporary worker from an
external service for putting boxes in the container.
And Mr. Qi Chun You will inspect the sealing
process. Records are available, SEE PHOTO 4
Are seals stored in a secured locked location?
Yes.
C
Are seals limited to authorized employees?
Yes.
C
10
11
12
Are procedures in place to recognize and report compromised
seals to appropriate management personnel and authorities?
Yes.
Are only designated employees allowed to access seals and
distribute container seals for integrity purposes?
Yes.
How many employees have access to seals?
The company uses a temporary worker from an
external service for putting boxes in the container.
And Mr. Qi Chun You will inspect the sealing
process. Records are available, SEE PHOTO 4
PHYSICAL ACCESS CONTROL
Are access controls in place to prevent unauthorized entry to
facilities, maintain control of employees and visitors and protect
company assets?
Yes, the factory has developed a procedure AD008, Rev. A, valid since 2007-6-1. It has defined
the process to control entrances.
Do access controls provide positive identification of all employees, Each employee at Solex has a working card with a
visitors and vendors at all points of entry?
number on it, SEE PHOTO 6. Visitors and vendors
must be registered before entry.
Are visitors required to register and present photo identification for During the registration process, any document, ID
documentation purposes upon arrival?
card/passport or photo is required at the entrance.
The visitor is required to record information in the
paper prepared for that.
�C-TPAT AUDIT CHECKLIST
Rev.
AUDIT CHECKLIST
Audit Date
Supplier Name
XXXXXXXXXXXXX
Report No.
C = Complies with the Requirements, I = Improvement Needed, NC = Non-Conformance, N/A = Not Applicable
QUESTIONNAIRE
4
10
11
12
FINDINGS
SCORE
Visitors are escorted when they get inside the gate
and a temporary identification card is given to them
and is required to be visibly displayed at all times.
Are employees only given access to those secure areas needed
for the performance of their duties?
Yes, employees are given access only to the areas
where they perform their jobs.
Are all employees required to wear or have on their person an
identification badge or card?
Yes, each employee (worker) is required to wear
an identification card.
How many employee entrances/exits?
There are 2 entrances/exits, North and East. SEE
PHOTO 7. The procedure defines from where the
employees, VIP, and sub-contractors must enter
the factory. The procedure also defines the type of
inspection of identification registration that must be
conducted for each of them.
Are visitors escorted at all times and are they required to visibly
display the temporary identification?
Are employees limited access to only certain areas necessary for Yes, employees are given access only to the areas
their work?
where they perform their job.
Is proper vendor ID and/or photo identification presented for
documentation for delivery personnel?
Yes, it is presented.
Are vendor personnel required to register upon each entrance and Vendors are not required to record their ID
exit of the facility?
information upon each entrance and exit.
Are procedures in place to identify, challenge and address
unauthorized/unidentified persons?
The company has not documented procedures for
entrance of a non-identified person.
PERSONNEL SECURITY
Pre-employment verification are processes in place to screen
prospective employees?
Yes, the company investigates the background
record of each candidate.
Are criminal background checks conducted?
Yes, the company investigates the background and
record of each candidate. Records are visible.
Does company management or security personnel adequately
Yes, it is written in the procedure AD-008. The
control the issuance and removal of employee, visitor and vendor security guard must take back the identification
identification badges?
when anyone leaves.
Are criminal background checks on employees permissible by
law?
Yes, criminal background checks on employees
are permissible by law.
Are periodic checks and reinvestigations conducted based on
cause and/or the sensitivity of the employees position?
Yes, the company does periodic checks and
reinvestigations when there is a cause.
Are procedures in place to remove identification, facility and
system access for terminated employees?
Yes, procedures are documented.
�C-TPAT AUDIT CHECKLIST
Rev.
AUDIT CHECKLIST
Audit Date
Supplier Name
XXXXXXXXXXXXX
Report No.
C = Complies with the Requirements, I = Improvement Needed, NC = Non-Conformance, N/A = Not Applicable
QUESTIONNAIRE
F
PROCEDURAL SECURITY
Are procedures in place to ensure that all information used in the
clearing of merchandise/cargo is legible, complete, accurate, and
protected against the exchange, loss or introduction of erroneous
information?
FINDINGS
Yes, the company will exchange information with
the forward, which includes all information
regarding container inspection, including the
forward name, drivers' identification, product list,
quantities, total weightetc.
Is cargo accurately described, and the weights, labels, marks and Yes, all information regarding containers inspected
piece count indicated and verified?
will be recorded, including the forward name and
drivers identification, products list, quantities, total
weight,etc.
Is cargo verified against purchase or delivery orders?
SCORE
Yes.
C
Are drivers delivering or receiving cargo positively identified
before cargo is received or released?
Yes, and records are available.
Are all shortages, overages, and other significant discrepancies
or anomalies resolved and/or investigated appropriately?
Shortages, overages, etc. are not allowed in the
process of container loading.
N/A
PHYSICAL SECURITY
Is there a roving security schedule and procedure?
Yes, the security team, more than 20 peoples,
have a routine security program around the
company.
Does a physical barrier such as a fence or equivalent protect the
company premise?
Yes, see PHOTO 9, 10, 11 with light system and
cameras.
If yes, identify type of barrier and height:
Yes, see PHOTO 9, 10, 11 with light system and
cameras.
Are all buildings constructed of materials that resist unlawful entry Yes.
and protect against outside intrusion?
Is the integrity of the building inspected on a regular basis?
Yes.
C
Do all buildings have locking devices for:
- exterior doors
- interior doors
- windows
- gates
The doors have locking devices, but are not
monitored for routine maintenance.
Does management or security personnel control the issuance of
all locks and keys?
Yes, issuance of keys is controlled, and there is a
record of key possession.
�C-TPAT AUDIT CHECKLIST
Rev.
AUDIT CHECKLIST
Audit Date
Supplier Name
XXXXXXXXXXXXX
Report No.
C = Complies with the Requirements, I = Improvement Needed, NC = Non-Conformance, N/A = Not Applicable
QUESTIONNAIRE
8
10
Is each issued key holder recorded in a key log?
FINDINGS
Yes, issuance of keys is controlled, and there is a
record of key possession.
Is there a separate parking area for private vehicles, separate
Yes, there is an area for private vehicles,
from the shipping loading dock and cargo areas?
separated from the shipping area, but there are no
- Do barriers or other means separate parking area from shipping barriers, SEE PHOTO 3
dock areas?
If yes, identify barrier:
SCORE
C
It is not a barrier, but a depth.
C
11
How many shipping/receiving docks are in use?
1 door for the shipping/receiving
C
12
Are employees allowed to use dock doors for entrance/exit?
Yes.
C
13
Is there a written procedure for shipment drop-off and pick-up?
Yes, the procedure is AD-008.
C
14
15
16
17
Does each facility or operation have a designated individual or
group responsible for security?
Yes, the whole security is managed by a security
team (provided by a police department of the local
police station).
Is adequate lighting provided inside and outside of the facility
including the following areas:
- entrance & exit
- loading dock and storage areas
- fence line
- parking area
Are alarm systems and video surveillance cameras utilized to
monitor premises and prevent unauthorized access to critical
areas?
- Is alarm system activated when the facility is not occupied?
- Is the alarm system monitored?
Yes, each area for packing and barriers is lighted,
SEE PHOTO 9, 10, 11,
Are all exterior doors and windows alarmed?
Yes, there are camera and video surveillance
system in place, SEE PHOTO 11, 12 for cameras,
and video surveillance system in PHOTO 13
Yes, SEE PHOTO 14.
C
18
How many days are recorded images stored?
15 days
C
19
Is lighting adequate to ensure quality recorded images during
evening hours?
Yes, there is lighting to record images during
evening hours, see lighting system in the wall.
Refer to PHOTO 9, 10
�C-TPAT AUDIT CHECKLIST
Rev.
AUDIT CHECKLIST
Audit Date
Supplier Name
XXXXXXXXXXXXX
Report No.
C = Complies with the Requirements, I = Improvement Needed, NC = Non-Conformance, N/A = Not Applicable
QUESTIONNAIRE
20
Does perimeter fencing or other barrier protect all company
facilities?
FINDINGS
SCORE
Yes, all of the company is protected with barriers.
Refer to PHOTO 9, 10
C
21
22
Is fencing regularly inspected for integrity and damage?
Are perimeter gates which vehicles and personnel enter/exit
staffed and/or monitored?
Yes, the security guards team has a routine control
program to follow, and each inspected point will be
automatically recorded with a magnetic device.
SEE PHOTO 15
Yes, it is also inspected by security guards, and
records are available.
C
23
Is international, high value, and hazardous cargo kept in a
separate fenced area from other cargo?
No such arrangement, all are kept at the same
place.
C
24
Are truck drivers allowed on the dock area?
Yes.
C
25
Is the loading of goods supervised by a supervisor or guard?
Yes.
C
INFORMATION TECHNOLOGY SECURITY
Do automated systems use individually assigned accounts that
require a periodic change of password?
The factory does not use an information technology
security to secure products. The system is manual.
How often are passwords changed?
Not Applicable
N/A
N/A
3
Are IT security policies, procedures and standards established
and in place?
Not Applicable
N/A
Are employees trained regarding the IT policies, procedures and
standards?
Not Applicable
Is a system in place to identify abuse of IT systems including
improper access, tampering or the altering of business data?
Please explain.
Not Applicable
SECURITY TRAINING AND THREAT AWARENESS
Do you provide a security awareness program to employees that
addresses supply chain security including: maintaining cargo
integrity, recognizing internal conspiracies and addressing
unauthorized access?
N/A
N/A
Yes, the factory has developed a procedure for CTPAT, SGDOC-WI-015.
C
�C-TPAT AUDIT CHECKLIST
Rev.
AUDIT CHECKLIST
Audit Date
Supplier Name
XXXXXXXXXXXXX
Report No.
C = Complies with the Requirements, I = Improvement Needed, NC = Non-Conformance, N/A = Not Applicable
QUESTIONNAIRE
FINDINGS
How often are employees trained?
2 times / year
Indicate last training date for all employees
The last training about C-TPAT was conducted on
2010.8.10
Are employees encouraged to report security violations to
management?
Yes.
Is there a confidential means that employees can report
violations?
Yes.
SCORE
C
C
�C-TPAT AUDIT CHECKLIST
Rev.
FACTORY PHOTOS
Supplier Name
Audit Date
Report No.
XXXXXXXXXXXXX
1. Procedure for inspection of container
2. Container loading doors (external view)
3. A view of container loading, with private car located
around 5 m from there, without any barrier
3. View of container in loading price (internal view)
4. Lock/Seals No. L 486147
5. Lock/Seals L486147 locked in the container
�C-TPAT AUDIT CHECKLIST
Rev.
FACTORY PHOTOS
Supplier Name
Audit Date
Report No.
XXXXXXXXXXXXX
6. Working ID Card for each employee
7. Record of entrance at the gate for visitors
8. Principal Gate
9. Barriers at north section
10. Barriers at east section, over 4 meters high
11. Camera at the corner of 2 wall/barriers
�C-TPAT AUDIT CHECKLIST
Rev.
FACTORY PHOTOS
Supplier Name
Audit Date
Report No.
XXXXXXXXXXXXX
12. Cameras at interval
13. Video surveillance system at the principal gate
14. Hand control alarm system link to the police station
15. Inspection record points (there are 20 critical record
points to visit each day during routine inspection)
16. Security inspection magnetic point
17. Record of security routine inspection
