walmart’s supply chain security...any critical standard question is found not performed at the...
TRANSCRIPT
Walmart’s Supply Chain Security
Program
• About Supply Chain Security
• About the Audit
• FAQ’s and Contacts
September 2016
About Supply Chain Security
Global Security Operations – Supply Chain Security
3
What is Supply Chain Security?
Supply Chain Security is the accumulation of
controls throughout the supply chain process
that enhance the security of the supply chain
during the transportation of finished
merchandise. Allowing protection against threats
such as smuggling, terrorism, fraud and theft.
Global Security Operations – Supply Chain Security
4
What - When - How?
Global Security Operations – Supply Chain Security
• The Security audit should begin early in the buy plan process, Audits can take 45
– 60 days AFTER the audit is paid for and scheduled.
• It all begins with facility Disclosure
• Facility disclosure is followed by requesting the audit – as soon as you know you
will be producing work for Walmart ensure your facilities have been disclosed and
the audit requested.
• Then pay for and schedule the audit date
Waiting to request the audit when it is needed is too late.
• Risk of inactivation
• No new PO’s can be placed with inactive facilities
• Potential disruption to business
Supply Chain Security audits take place where the finished goods are
sealed into the carton that is sealed into the trailer or container and will
ship across a country border.
5
What facilities need to be disclosed?
• All facilities producing direct import goods.
• All facilities where a Walmart private label branded items are produced, regardless of Importer of Record.
• A new facility used to source goods for Walmart
• If there is a natural disaster or fire and the facility reopens, it must be re-disclosed and a new audit performed
• Factory has moved to a new address
• 3PL’s – Third Party Logistic firms
• Consolidated Freight Shippers – CFS’s
• Warehouses
• Sometimes 2 locations of the same production location may need to disclose and be audited. Example production facility and warehouse storage.
Global Security Operations – Supply Chain Security
Factory Disclosure is performed on Retail Link in Factory Audit System.
*Manual Factory Disclosure is available only for suppliers without access to Retail Link.
6 Global Security Operations – Supply Chain Security
START HERE
Supplier
discloses
facility in
Retail
Link
Factory
ID is
created
by
Walmart
SCS
Audit is
requested
to 3rd
Party
audit firm
Audit fee is
collected
and audit is
scheduled
3rd Party
audit firm
audits the
facility
Closing
Meeting with
the facility
management
Findings
are shared
with
Walmart
Security
audit is a
pass or a
fail
Assessment
results are
communicated to
Suppliers,
Walmart’s
Merchant and
Sourcing Teams
Supplier and
Facility
responsible for
CAPS &
Remediation
Follow up
audits
based on
risk
Supply Chain Security Audit Process
• Disclosure takes about 15 minutes
• Factory Attachment typically takes 24 - 48 hours
• Audit frequency depends on risk matrix
• Security Audits will be assessed by Walmart as pass or fail
7
Supplier Responsibilities
• The suppliers own the management of and relationship with facilities they
choose to work with.
• The suppliers and facilities own ensuring they can meet the Supply Chain
Security Standards and will be assessed by security audits.
• The suppliers and facilities own ensuring payment for the security audits is
rendered timely. Failure to remit payment timely can cause undue delays
to the specified audit time range and possible business disruption.
• Suppliers and facilities own the responsibility of ensuring the remediation
and any CAPA’s – Corrective Action Plans are completed timely and
correctly.
Global Security Operations – Supply Chain Security
About the Security Audits
Global Security Operations – Supply Chain Security
9
Security Audits
1. The WMT SCS Audits • Supplier requests the audit in Retail Link / Factory Audit System.
• Audit is performed by an approved Walmart audit firm.
• Audit firm contacts Supplier for payment and scheduling.
• Audit results are shared with the Supplier, the expectation is the Supplier
shares with the Facility.
2. The SCAN Audit • Walmart requests the audit, informs the Supplier, the Supplier informs the
Facility.
• Audit is performed by an approved SCAN audit firm.
• SCAN approved audit firms contacts the Facility for payment and
scheduling.
• The facility is provided a log-in code to access the audit results, the
expectation is the Facility will communicate to Suppliers the results.
Global Security Operations – Supply Chain Security
There are two methods for Walmart Security Audits
10
Security Audits
Global Security Operations – Supply Chain Security
Security Audits Globally All Have 8 basic categories for assessment:
• Personnel Security
• Threat Awareness
• Physical Access Control
• Physical Security
• Container / Trailer Security
• Procedural Security
• Information Security
• Contractor Security / Business Partner Requirements
11 Global Security Operations – Supply Chain Security
Personnel Office
The Facility has a written Employee Security policy that
includes procedures for hiring, employment applications,
employee documentation and screening of new employees
Applicants photo ID card is reviewed in
application process
C
C
The facility uses surveillance to monitor
activities in sensitive areas of the facility,
such as receiving, shipping, final packing,
main offices, lobby, and the computer
server/systems room
The facility has a written
policy indicating that
employees are not
permitted to bring personal
items into final packing and
shipping areas
Main Office
The facility security policies are
reviewed every 12 months and
updated when necessary
Final Packing and Loading area
C
Gate security guard or
facility manager performs
a container or trailer
inbound inspection
Prior to loading trailer/container
integrity and security are verified by
7 pt inspection
The facility has a process to
screen arriving packages and
mail prior to distribution
The facility uses security
methods to prevent tampering
with goods during final packaging
Facility has a written access control
program that establishes responsibility to
maintain control of all locks, keys, and
access cards
C
Facility has a written policy that designates which
employees are permitted access to information systems
Receiving
Server Room
Lobby
Facility has a written procedure regarding
security vetting of service contractors who
require routine access to the facility
The facility has a written procedure to ensure that data used
to create cargo documents and manifests are accurate,
legible, complete, and protected against tampering or loss
M
C
The facility places an ISO 17712 High
Security Seal on a container or trailer
immediately after loading is complete
M
C
The facility has a process to ensure that only
authorized management and the shipping
supervisor has access to high security seals
The facility has a written policy that requires a
control log is maintained for any pick-up delievery
truck arrival and departure to include the driver’s
name, driver’s license number, truck license number,
reason for visit, and the control log is kept for 30
days
39'-9"
17
'-3
"
Lo
ck
er
s
Shipping
Office
C
C
C
C
C
The shipping supervisor
or an authorized
employee verifies that the
transportation document
are complete and
accurate
The gate security guard or designated facility
manager performs a truck outbound inspections
and the results are recorded in an outbound vehicle
logDuring times of darkness the facility’s perimeter
fence/wall is well illuminated
The facility’s perimeter is secured with a fence
or wall or patrolled by security guards/facility
management or supervisors, to deter
unauthorized access
Security Booth
Auditor Code of
ConductAct with Integrity.
Conduct opening meetings to explain
audit purpose.
Explain audit process.
Show respect for the individual.
Do not give the results of the audit.
Never ask for or accept a gift.
Report to your supervisor any gift offering
and provide details.
Conduct closing meeting.
Report conflict of interest.
Steps for a Successful
AuditBe on time.
Be prepared.
Minimize disruption.
Conduct an opening meeting.
Review facility documents.
Write down findings.
Conduct Closing meeting.
Instruct Facility to accept findings.
Walmart Stores, Inc. Global Supply Chain Security Critical Areas
12
Security Audits Score & WMT SCS CAP
WMT SCS Corrective Action Plan (CAP)
Plan (CAP) Supply Chain Security Audit Renewals
A security audit is renewed based on the
country’s Risk Rating where the facility is
located
Audited facility is in a country rated high risk for supply chain security.
Any Critical Standard question is found not performed at the facility
Factory has 60 days to make security improvement.
Email [email protected] with completed SCS CAP’s.
Country Risk Level
High Risk
Medium Risk
Low Risk
12
Months
12 or 24
Months (*)
24
Months
Audit Renewal Period
13
Member Audit Company Member
Shared Program
Vision/Concept
• ONE audit for ALL
• Standardized criteria that meets
Global Security Program standards
• Adheres to both C-TPAT and AEO
requirements
• Potential to become the recognized
security audit platform
• Potential to become the platform for
more types of audit requirements
Shared Audit Firms
Engineer/Build
• Standardized fees
• Standardized auditor training
• Standardized audit result
assessments
• Standardized Validation process
• Global capacity
• Corrective Action Plans
Shareable Results
Execute/Support
• SCAN manages the program
• Centralized data base
• Flexibility by member companies to
assess results in accordance with
company standards
• Drives industry Best Practices
• Confidentiality maintained
Global Security Operations – Supply Chain Security
SCAN – Supplier Compliance Audit Network
14
SCAN Audit Score & CAPA
Corrective Action Plan Accomplished (CAPA) • A CAPA is required when any Critical or Must questions on the audit are
missed.
• All CAPA’s must be completed by the facility before the audit is considered
complete.
• If a CAPA is required the facility will be sent an email with the CAPA request
within 10 days of the on-site audit. This will include the questions, the facility
response and SCAN feedback.
• Facilities are expected to return to the Assessment Portal and respond to the
corrective actions by the due date.
• Facilities will receive an email notification confirming CAPA completion.
Audit Renewal Cadence • A security audit is renewed based on the Member company’s protocol –
see page #12).
FAQ’s and Contacts
Global Security Operations – Supply Chain Security
16
FAQ’s
• Who/ what is the Importer of Record (IOR)? If you (the supplier) are responsible for
customs clearance, your company is the Importer of Record (i.e. USA Supplier). If Wal-
Mart Stores, Inc. is responsible for customs clearance, Wal-Mart will be in the Importer
of Record. If you are unsure, please contact your buyer/ sourcing manager for
verification.
• I have multiple Supplier/ Vendor IDs. Do I need to disclose my factories in each
profile? Yes, it is required to disclose all factories that will be producing items under the
corresponding Supplier ID.
• How do Suppliers know when the audit is for SCAN, and how can they track the
audit process? Regional teams will engage the business and suppliers when the audit
is requested for SCAN. The Global Office will update Retail Link as information
becomes available, and Regional teams will keep the business updated on status as
reporting comes available.
• How do Suppliers know when their facility is contacted by a SCAN audit firm?
Walmart GSO Regional teams notify the supplier that a SCAN audit has been
requested for their facility and advised the supplier to engage their facility.
Global Security Operations – Supply Chain Security
17
Who Are My Contacts?
Key Contacts: Retail Link Help Desk: 479.273.8888
Global Security Operations – Supply Chain Security
Region Contact Address
_ China and North Asia [email protected]
_ The Americas (includes Canada) [email protected]
_ Indian Subcontinent, Southeast Asia,
Australia, New Zealand, Philippines [email protected]
_ Europe, Africa, Middle East [email protected]
_ Global Security Operations – Global Office [email protected]