Skip to content

Supply Chain Risk Management Standard: A Compilation of Best Practices

ATTENTION: This page is intended to be viewed online and may not be printed or copied.

Annex D


D. Examples of Generic Elements for Supply-Chain Security Agreements

These recommendations are generic and may not fully satisfy specific national or international supply chain requirements or recommended measures. The organization should consult legal counsel to ensure that proper contractual terms and conditions are in place requiring your suppliers and logistics partners to comply with proper supply chain security procedures. The organization should take into consideration the following elements when entering into supply chain security agreements which should be tailored to the organization’s needs and jurisdictions of operation.

D.1 Elements to Consider for Supplier Agreements:

  • For services provided or purchased goods shipped directly to Buyer, Seller agrees to:

    1. Comply with the following supply chain security requirements from the Point of Origin (the site where goods are assembled, manufactured, packaged, and shipped).

    2. Include this provision with applicable Subcontractors, defined as sub-tier manufacturers or suppliers from which the shipment of goods is shipped directly from said manufacturers or suppliers’ facilities to Buyer and those suppliers engaged in packaging or transport of Buyer shipments (including but not limited to freight forwarders, third party logistic companies, and packagers).

    3. Be responsible to Buyer for any breach of such requirement by its subcontractor.

  • Supplier will maintain adequate security controls and procedures.

    1. Seller subcontractor selection process: Seller should have documented processes for the selection of its Subcontractors. The process should ensure that such Subcontractors maintain adequate security controls and procedures and that appropriate governance system for security control assurance are maintained.

    2. Physical security: Facilities should be protected against unauthorized access including but not limited to cargo handling and storage facilities which should have physical security deterrents.

      • All entry and exit points for vehicles and personnel should be controlled.

      • Secure all external and internal windows, gates, and doors through which unauthorized personnel could access the facility or cargo storage areas with locking devices.

      • Provide adequate lighting inside and outside facilities to prevent unauthorized access.

    3. Access controls: Prevent unauthorized entry into facilities using access controls which may include but are not limited to badge readers, locks, key cards, or security personnel.

      • Positively identify all persons at all points of entry to facilities.Maintain appropriate access controls for the issuance and return of identification and access badges.

      • Upon arrival, photo identification should be required for all visitors.

      • Authorized persons working on behalf of the organization should escort visitors at all times.

    4. Personnel security and verification: Screen prospective persons working on behalf of the organization consistent with local regulations. Verify employment application information prior to employment.

    5. Ocean Container and Truck Trailer Security: Maintain container and trailer security to protect against the introduction of unauthorized material and/or persons into shipments. In the event containers are stuffed, inspections should be made of all ocean containers or truck trailers prior to stuffing, including but not limited to the inspection of the reliability of the locking mechanisms of all doors.

      • Ocean container and truck trailer seals: Properly seal and secure shipping containers and trailers at the point of stuffing. Affix a high security seal to all access doors on truck trailers and ocean containers. Such seals should meet or exceed the current PAS ISO 17712 standard for high security seals.

      • Ocean container and truck trailer storage: Empty or stuffed ocean containers and truck trailers should be stored in a secure area to prevent unauthorized access and/or manipulation.

      • Security training to be provided to the drivers on recognizing and mitigating risks. The training should include prevention, awareness, and response to promote safe and secure actions.

      • Security measures should be commensurate with the value of goods and level of risk. Enhanced security measures include but are not limited to vehicle alarm and immobilization devices, secured truck cabin, vehicle tracking, concealed load tracking, GPS technology, and overt or covert escort with real time communication to local law enforcement agencies.

      • Retain a customs representative to witness all customs inspections on international container shipments. After the container has cleared customs, it should be secured with a seal and a padlock.

    6. Information technology security: maintain IT security measures to ensure all automated systems are protected from unauthorized access.

      • Use individually assigned accounts that require a periodic change of password for all automated systems.

      • Maintain a system to identify the abuse of IT resources including but not limited to improper access, tampering or altering of business data and will discipline violators.

    7. Procedural security: maintain, document, implement, and communicate the following security procedures to ensure the security measures in this clause are followed and should include:

      • Procedures for the issuance, removal, and changing of access devices.

      • Procedures to identify and challenge unauthorized or unidentified persons

      • Procedures to remove identification, facility, and system access for terminated individuals.

      • Procedures for IT security and standards.

      • Procedures for control of personal containers.

      • Procedures to verify application information for potential persons working on behalf of the organization.

      • Procedures for persons working on behalf of the organization to report security incidents and/or suspicious behavior.

      • Procedures for the inspection of ocean containers or truck trailers prior to stuffing.

      • Procedures to control, manage, and record the issuance and use of high security bolt seals for ocean containers and truck trailers. Such procedures should stipulate how seals are to be controlled and affixed to loaded containers and should include procedures for recognizing and reporting compromised seals or containers to Customs or the appropriate authority and Buyer.

      • Procedures for logging incidents and storing incident reports.

  • Upon request, complete a Supply Chain Security Self-Assessment Questionnaire.

  • Seller and its subcontractors should be subject to periodic site visits by Buyer during normal hours of operation to confirm compliance with the terms contained within this clause.

  • Maintain procedures for persons working on behalf of the organization to report security incidents and/or suspicious behavior. Immediately notify Buyer of any actual or suspected breach of security involving Buyer’s assets (e.g., cargo) or material to supporting Buyer’s services.

Next: Annex E

Table of Contents


  • Scope
  • Normative References
  • Terms and Definitions
Characteristics of Supply Chain Risk Management
  • General
  • Leadership and Team Composition
  • SCRM Business Case
  • Change Management in SCRM
Risk Principles and Process
  • General
  • Risk Communication and Consultation
  • Establishing the Context
  • Risk Assessment Process
Risk Treatment
  • General
  • Protecting and Securing the Supply Chain
  • Responding to Events
  • Maintaining Resilience of Business Operations Post Incident

Performance Evaluation and Continual Monitoring

  • General
  • Testing and Adjusting the Plan
  • Tracking Change
  • Monitoring and Reviewing the Risk Management Program

Annex C: Sample Risks by Category and Type

Annex D: Generic Elements for Supply-Chain Security Agreements

Annex E: Sample Supply-Chain Security Self-Awareness Questionnaire for Suppliers or Other Supply-Chain Partners

Annex F: Elements of Supply-Chain Security Contract Language for External and Third-Party Logistics Service Providers

Annex G: Sample Crisis-Management Program Element Review

Annex H: Sample Site Crisis Plan

Annex I: Supplementary Forms

Annex J: Sample Regulatory Impact Assessment

Annex K: The supply Chain Risk Leadership Council's (SCRLC) Maturity Model

Annex L: Bibliography