Walmart’s Supply Chain Security

Program
• About Supply Chain Security
• About the Audit
• FAQ’s and Contacts
September 2016
About Supply Chain Security

Global Security Operations – Supply Chain Security

What is Supply Chain Security?

Supply Chain Security is the accumulation of

controls throughout the supply chain process
that enhance the security of the supply chain
during the transportation of finished
merchandise. Allowing protection against threats
such as smuggling, terrorism, fraud and theft.

3 Global Security Operations – Supply Chain Security

What - When - How?
Supply Chain Security audits take place where the finished goods are
sealed into the carton that is sealed into the trailer or container and will
ship across a country border.
• The Security audit should begin early in the buy plan process, Audits can take 45
– 60 days AFTER the audit is paid for and scheduled.
• It all begins with facility Disclosure
• Facility disclosure is followed by requesting the audit – as soon as you know you
will be producing work for Walmart ensure your facilities have been disclosed and
the audit requested.
• Then pay for and schedule the audit date

Waiting to request the audit when it is needed is too late.

• Risk of inactivation
• No new PO’s can be placed with inactive facilities
• Potential disruption to business

4 Global Security Operations – Supply Chain Security

What facilities need to be disclosed?
Factory Disclosure is performed on Retail Link in Factory Audit System.

• All facilities producing direct import goods.

• All facilities where a Walmart private label branded items
are produced, regardless of Importer of Record.
• A new facility used to source goods for Walmart
• If there is a natural disaster or fire and the facility reopens,
it must be re-disclosed and a new audit performed
• Factory has moved to a new address
• 3PL’s – Third Party Logistic firms
• Consolidated Freight Shippers – CFS’s
• Warehouses
• Sometimes 2 locations of the same production location
may need to disclose and be audited. Example production
facility and warehouse storage.

*Manual Factory Disclosure is available only for suppliers without access to Retail Link.

5 Global Security Operations – Supply Chain Security

Supply Chain Security Audit Process

START HERE Factory SCS

Supplier Audit is Audit fee is 3rd Party Closing
ID is
discloses requested collected audit firm Meeting with
created
facility in to 3rd and audit is audits the the facility
by
Retail Party scheduled facility management
Walmart
Link audit firm

Assessment
Supplier and results are
Follow up communicated to Security Findings
Facility audit is a
audits Suppliers, are shared
responsible for pass or a
based on Walmart’s with
CAPS & fail
risk Merchant and Walmart
Remediation
Sourcing Teams

• Disclosure takes about 15 minutes

• Factory Attachment typically takes 24 - 48 hours
• Audit frequency depends on risk matrix
• Security Audits will be assessed by Walmart as pass or fail

6 Global Security Operations – Supply Chain Security

 Supplier Responsibilities

• The suppliers own the management of and relationship with facilities they
choose to work with.

• The suppliers and facilities own ensuring they can meet the Supply Chain
Security Standards and will be assessed by security audits.

• The suppliers and facilities own ensuring payment for the security audits is
rendered timely. Failure to remit payment timely can cause undue delays
to the specified audit time range and possible business disruption.

• Suppliers and facilities own the responsibility of ensuring the remediation

and any CAPA’s – Corrective Action Plans are completed timely and
correctly.

7 Global Security Operations – Supply Chain Security

About the Security Audits

Global Security Operations – Supply Chain Security

 Security Audits
There are two methods for Walmart Security Audits

1. The WMT SCS Audits

• Supplier requests the audit in Retail Link / Factory Audit System.
• Audit is performed by an approved Walmart audit firm.
• Audit firm contacts Supplier for payment and scheduling.
• Audit results are shared with the Supplier, the expectation is the Supplier
shares with the Facility.

2. The SCAN Audit

• Walmart requests the audit, informs the Supplier, the Supplier informs the
Facility.
• Audit is performed by an approved SCAN audit firm.
• SCAN approved audit firms contacts the Facility for payment and
scheduling.
• The facility is provided a log-in code to access the audit results, the
expectation is the Facility will communicate to Suppliers the results.

9 Global Security Operations – Supply Chain Security

Security Audits

Security Audits Globally All Have 8 basic categories for assessment:

• Personnel Security

• Threat Awareness
• Physical Access Control
• Physical Security
• Container / Trailer Security
• Procedural Security
• Information Security
• Contractor Security / Business Partner Requirements

10 Global Security Operations – Supply Chain Security

 Walmart Stores, Inc. Global Supply Chain Security Critical Areas
The facility’s perimeter is secured with a fence
or wall or patrolled by security guards/facility
management or supervisors, to deter
unauthorized access

The Facility has a written Employee Security policy that

includes procedures for hiring, employment applications,
The facility uses security
C
Auditor Code of
methods to prevent tampering
employee documentation and screening of new employees Conduct

C
with goods during final packaging
Act with Integrity.

Applicants photo ID card is reviewed in Conduct opening meetings to explain

application process Personnel Office
audit purpose.
Prior to loading trailer/container
integrity and security are verified by
7 pt inspection Explain audit process.
Server Room
C

C Show respect for the individual.

Facility has a written policy that designates which

Do not give the results of the audit.

Locker
employees are permitted access to information systems

s
Never ask for or accept a gift.

Report to your supervisor any gift offering

Main Office and provide details.
Final Packing and Loading area C

The facility security policies are M Conduct closing meeting.

C
reviewed every 12 months and The facility has a written
updated when necessary policy indicating that M
Report conflict of interest.
employees are not
The facility has a process to ensure that only The facility places an ISO 17712 High
permitted to bring personal
authorized management and the shipping Security Seal on a container or trailer
items into final packing and
immediately after loading is complete
Facility has a written access control
program that establishes responsibility to
shipping areas supervisor has access to high security seals
39'-9" Steps for a Successful
maintain control of all locks, keys, and Audit
C

access cards The facility has a written procedure to ensure that data used
Be on time.

C
to create cargo documents and manifests are accurate,
legible, complete, and protected against tampering or loss
Be prepared.
Lobby

17'-3"
Receiving
C

Minimize disruption.
The facility has a process to
screen arriving packages and Conduct an opening meeting.
The facility uses surveillance to monitor mail prior to distribution
activities in sensitive areas of the facility,
such as receiving, shipping, final packing,
Review facility documents.
main offices, lobby, and the computer Shipping
server/systems room Write down findings.
Office
Conduct Closing meeting.
The facility has a written policy that requires a The shipping supervisor
control log is maintained for any pick-up delievery or an authorized
truck arrival and departure to include the driver’s employee verifies that the Instruct Facility to accept findings.
Facility has a written procedure regarding
name, driver’s license number, truck license number, transportation document
security vetting of service contractors who
C

reason for visit, and the control log is kept for 30 are complete and
require routine access to the facility accurate
days
Security Booth
C
Gate security guard or
facility manager performs
a container or trailer
inbound inspection

The gate security guard or designated facility

manager performs a truck outbound inspections
and the results are recorded in an outbound vehicle
During times of darkness the facility’s perimeter log
fence/wall is well illuminated

11 Global Security Operations – Supply Chain Security

Security Audits Score & WMT SCS CAP

Supply Chain Security Audit Renewals WMT SCS Corrective Action Plan (CAP)
A security audit is renewed based on the Plan (CAP)
country’s Risk Rating where the facility is
located

Country Audit Renewal

Risk Level Period Audited facility is in a country rated high risk for
supply chain security.

12 Any Critical Standard question is

High Risk
Months found not performed at the facility

12 or 24 Factory has 60 days to make

Medium Risk
Months (*) security improvement.

24 Email scscap@wal-mart.com with

Low Risk
Months completed SCS CAP’s.

12
SCAN – Supplier Compliance Audit Network

Member Audit Company Member

Shared Program Shared Audit Firms Shareable Results

Vision/Concept Engineer/Build Execute/Support

• ONE audit for ALL
• Standardized criteria that meets
Global Security Program standards
• Adheres to both C-TPAT and AEO
requirements
• Potential to become the recognized
security audit platform
• Potential to become the platform for
more types of audit requirements
• Standardized fees
• Standardized auditor training
• Standardized audit result
assessments
• Standardized Validation process
• Global capacity
• Corrective Action Plans
• SCAN manages the program
• Centralized data base
• Flexibility by member companies to
assess results in accordance with
company standards
• Drives industry Best Practices
• Confidentiality maintained

13 Global Security Operations – Supply Chain Security

SCAN Audit Score & CAPA
Audit Renewal Cadence
• A security audit is renewed based on the Member company’s protocol –
see page #12).
Corrective Action Plan Accomplished (CAPA)
• A CAPA is required when any Critical or Must questions on the audit are
missed.
• All CAPA’s must be completed by the facility before the audit is considered
complete.
• If a CAPA is required the facility will be sent an email with the CAPA request
within 10 days of the on-site audit. This will include the questions, the facility
response and SCAN feedback.
• Facilities are expected to return to the Assessment Portal and respond to the
corrective actions by the due date.
• Facilities will receive an email notification confirming CAPA completion.

14
FAQ’s and Contacts

Global Security Operations – Supply Chain Security

 FAQ’s

• Who/ what is the Importer of Record (IOR)? If you (the supplier) are responsible for
customs clearance, your company is the Importer of Record (i.e. USA Supplier). If Wal-
Mart Stores, Inc. is responsible for customs clearance, Wal-Mart will be in the Importer
of Record. If you are unsure, please contact your buyer/ sourcing manager for
verification.

• I have multiple Supplier/ Vendor IDs. Do I need to disclose my factories in each

profile? Yes, it is required to disclose all factories that will be producing items under the
corresponding Supplier ID.

• How do Suppliers know when the audit is for SCAN, and how can they track the
audit process? Regional teams will engage the business and suppliers when the audit
is requested for SCAN. The Global Office will update Retail Link as information
becomes available, and Regional teams will keep the business updated on status as
reporting comes available.

• How do Suppliers know when their facility is contacted by a SCAN audit firm?
Walmart GSO Regional teams notify the supplier that a SCAN audit has been
requested for their facility and advised the supplier to engage their facility.

16 Global Security Operations – Supply Chain Security

 Who Are My Contacts?

Key Contacts:
Retail Link Help Desk: 479.273.8888

Region Contact Address

_ China and North Asia wgsscs1@wal-mart.com

_ The Americas (includes Canada) wgsscs2@wal-mart.com

_ Indian Subcontinent, Southeast Asia,

wgsscs3@wal-mart.com
Australia, New Zealand, Philippines

_ Europe, Africa, Middle East wgsscs4@wal-mart.com

_ Global Security Operations – Global Office GlobalSU34@wal-mart.com

17 Global Security Operations – Supply Chain Security