Eight key areas

Course: Authorized Economic Operator

Unit 4: Good practices for security
 Contents

1. Security in the SAFE Framework ............................. 2

1.1. Trade partners ..................................................................... 2
1.2. Container transport security ................................................ 3
1.3. Personnel security ............................................................... 4
1.4. Access controls .................................................................... 4
1.5. Security procedures corresponding to goods shipments ...... 5
1.6. Security training .................................................................. 6
1.7. Physical security in facilities ................................................ 7
1.8. Information technology security .......................................... 8
2. Additional documentation ....................................... 8

FINPYME and CII brands, names and logos are the intellectual property of CII.

©2017 Inter-American Investment Corporation, all rights reserved, for authorized use only.
1. Security in the SAFE Framework
The SAFE Framework indicates that, in order to safeguard the security of our business
and achieve secure participation in the supply chain, we must guarantee security in 8
areas.

Let’s take a more detailed look.

1.1. Trade partners

It is not enough for just our business to be secure. Our goods are related to other
companies either directly or indirectly. These companies are our trade partners.

To maintain the security and integrity of the supply chain, we must take into
consideration two critical points:

• On the one hand, we must perform an analysis of the trade partners that are
involved through any role in the supply chain. According to the link they
represent, they must carry out the pertinent review procedures. These reviews
may include audits, interviews, or any type of data verification.
• On the other hand, trade partners must comply with certain security standards.
These standards must be incorporated into the processes through which we
select our trade partners and decide to renew our trade relationships with them.
They must perform the necessary checks, which may include scheduled or
unscheduled visits to verify their degree of compliance.

As we can see, both our clients and our suppliers must meet a series of requirements
in order to be able to collaborate with our company. The ideal situation would be that

FINPYME and CII brands, names and logos are the intellectual property of CII.

©2017 Inter-American Investment Corporation, all rights reserved, for authorized use only.
everyone were certified as Authorized Economic Operators. This would directly
accredit them as secure trade partners. If this situation is not possible, before
beginning a collaboration, we must confirm that they are sufficiently secure as
collaborators.

In order to maintain a trade relationship over time, our partners must necessarily
maintain certain standards regarding their security, in alignment with the AEO
program requirements. If they are AEO certified, we must be informed of their
reevaluation results, whether said evaluation is performed internally or by Customs,
in order to validate and renew our trade relationship. If they do not have AEO
certification, then we must be the ones to confirm the security measures that they
claim to have. This confirmation is advisable even in the case that they are AEO
certified.

1.2. Container transport security

Now we take a look at the recommendations regarding container security, a very

important aspect for supply chain security.

The 7 critical points of containers must be carefully reviewed: the front wall, right
side, left side, floor, interior and exterior roof, inside the container and, lastly, the
doors and locks.

Additionally, we must use high security seals that comply with the corresponding ISO
standards. The control system to check and place containers must follow a set
procedure.

Another aspect to keep in mind the area where containers may be parked. This must
be a secure area that does not allow access to unauthorized persons. In this way we
will protect the containers and prevent them from being handled in a fraudulent
manner.

FINPYME and CII brands, names and logos are the intellectual property of CII.

©2017 Inter-American Investment Corporation, all rights reserved, for authorized use only.
1.3. Personnel security

To main company security, it is important that our employees be reliable, particularly

those people hold sensitive posts or with special responsibility.

In order to look after this aspect, the SAFE framework recommends that we check the
data that appears in CVs before proceeding to hiring. To the extent that each country
in the region’s national standards allow, we can verify employees criminal records and
perform annual checks, particularly in the more sensitive cases concerning security.

An Authorized Economic Operator must have personnel hiring policies (permanent

and temporary) and comply with all the formalities demanded by the same, keeping
in mind the risk analyses. They must also have a record with updated data for each
and every employee, in particular those in the most relevant posts.

We must predict what will occur when a work relationship comes to a close and
establish a documented procedure for such a situation. The employee will have to
return those items to the company that were lent out in order to fulfill his or her
function, such as keys, cards, work uniform and identification of any type. Likewise,
their access to computer applications will be rescinded.

1.4. Access controls

Of course, knowing who can and cannot enter our facilities is essential to preventing
unwanted incidents.

Access control to our facilities, for both employees and visitors, will be performed by
means of a simple procedure and/pr more sophisticated system according to the size

FINPYME and CII brands, names and logos are the intellectual property of CII.

©2017 Inter-American Investment Corporation, all rights reserved, for authorized use only.
and type of business. In any case, it must be rigorous enough to prevent entry by
unauthorized persons.

Employees must have an access system and appropriate identification to facilitate

entry into work areas.

It is best to have a documented entry procedure with access cards, keys and alarm
decoding codes for each of the employees that present such needs. The register must
also consider the return of said key, cards or codes if the employee’s connection to
the company were to end or their needs were modified. For example, if the employee
changes their work shift and therefore no longer needs an access key.

If we sub-contract a service and the supplier’s employees are going to perform their
work within our facilities, these employees must have identifying codes and special
access cards during their sub-contracting period. A work authorization and a non-
disclosure contract will also be signed.

Access controls must also be applied to vehicles. An authorized vehicles control may
be established to prevent the circulation of outside vehicles. This will prevent the
movement of unauthorized goods and the movement of personnel without entry
access.

1.5. Security procedures corresponding to goods shipments

The aim is to establish sufficient security measures to safeguard processes associated

with both cargo transport and cargo handling and storage.

Basically, we would develop three areas in security procedures: documentation,

loading knowledge and shipment and reception.

FINPYME and CII brands, names and logos are the intellectual property of CII.

©2017 Inter-American Investment Corporation, all rights reserved, for authorized use only.
 1. For documentation, we need procedures to guarantee that the information
required during goods clearance is comprehensive and exact enough to enable
customs management without error or variation. It is important to have some
type of protection system against potential loss of documentation or information
and, as well, to avoid unwanted changed to the same.
2. For ship information, it is important to have a verification system for
documentation received from the supplier such that data cannot be manipulated,
falsified or modified.
3. Lastly, concerning cargo shipment and receipt, it is necessary to check that
received goods match with that declared in the transport cargo. We must
compare the weights, packages, marks, seals and any other identifying data.

It is necessary to establish a control system that prevents the removal of goods

without the corresponding purchase order. Thus we will prevent unauthorized
deliveries.

Regarding drivers who access the company with their cargo vehicles, these must have
an identification document and access authorization.

1.6. Security training

It is important to offer training within the company and to report an suspicious

activity or threat indications and to share these reports with employees.

It is essential that the company provide training programs. These programs should
include not only knowledge of each employee’s professional activity, but also the
necessary action information in the case of a security alert or if there are indications
or suspicions of the procedures being violated.

FINPYME and CII brands, names and logos are the intellectual property of CII.

©2017 Inter-American Investment Corporation, all rights reserved, for authorized use only.
Training programs will be held to teach employees of the importance of security in
the supply chain.

Operators transporting goods, those either contracted directly or hired through third
parties, will be given knowledge of the implemented security measures and policies.

1.7. Physical security in facilities

How can we guarantee security in our facilities? The SAFE Framework advises us to
pay special attention to several critical points. They are:

• First, doors and windows must be identified and supplied with control systems.
• On the other hand, parking zones must clearly delimited the area for employees
and the area for visitors.
• The building’s structure must be arranged in such a way as to prevent intruder’s
access.
• Another key point is the control of keys, codes and access cards. It is important to
identify which company personnel has keys, codes and access cards and the
reason for this. Unnecessary permitted accesses must be avoided.
• Facility lighting is also a very important aspect. All critical areas, such as accesses,
storage, goods handling and cargo vehicles parking areas... must be permanently
well lit.
• Another issue to consider is the installation of alarms and, when appropriate,
surveillance cameras.
• Last, we must ensure that internal communication between employees is
expeditious and fast. Employees must be prepared to act immediately and in
coordination in the face of any type of incident.

FINPYME and CII brands, names and logos are the intellectual property of CII.

©2017 Inter-American Investment Corporation, all rights reserved, for authorized use only.
The size and type of company will always be taken into consideration when supplying
security measures.

1.8. Information technology security

We can offer several recommendation regarding this topic.

• We must establish an access control system to computer programs for each user.
In addition, access codes should be regularly changed.
• Information areas and the programs each employee has access to should be
limited.
• The very same system should detect improper code use or undue access to
unauthorized information and should safeguard the copies, recovery and records
of the system’s information.

In addition to the aforementioned, it is recommended to consider two aspects

regarding the IT system:

• On the one hand, it is a good idea to have procedures that guarantee

documentation integrity and that include the records of restricted accesses,
documentation classification and controls during storage.
• On the other hand, it recommended to have protective measures for those
computers containing information, with special attention being paid to the IT
server.

2. Additional documentation
In addition, if you wish to further develop your knowledge of this aspect, please
consult the Practical Guide for the Design and Implementation of the Authorized

FINPYME and CII brands, names and logos are the intellectual property of CII.

©2017 Inter-American Investment Corporation, all rights reserved, for authorized use only.
Economic Operator Program (AEO) in Latin America (IDB, 2011), pages 73-82, in
particular.

FINPYME and CII brands, names and logos are the intellectual property of CII.

©2017 Inter-American Investment Corporation, all rights reserved, for authorized use only.
 10

FINPYME and CII brands, names and logos are the intellectual property of CII.

©2017 Inter-American Investment Corporation, all rights reserved, for authorized use only.