Q. Our supply chain relies on many third party contracted suppliers to provide their transportation services for our products and goods. How can we hold the suppliers accountable for meeting our security expectations?
A. Whenever a cargo or package transportation company is relying on contractors, third parties, or suppliers to have access to the trusted goods they are handling, specific security steps need to be taken. Because a company is relying on another supplier to support its transportation services, it needs to ensure no less than its own security standards are being followed. The transportation company needs to design and implement a draft that outlines the security requirements it expects of any business partner who is being given access to their goods and services. After drafting a list of requirements, it should given legal scrutiny. This draft should ultimately become a security addendum that can be associated with the contract agreement between the transportation company and it’s respective suppliers.
• Include in your contract requirements that any employee of the supplier who has access to the cargo or packages must have successfully passed a criminal background check. I suggest you stay consistent and use the same standards that you on employees.
• Include any security requirements that your customers have in contracts with you. If they expect it from you, the same will hold true for your contractors and suppliers.
• If you have specific security requirements that you would follow in your operations and these services are being contracted in your behalf, by a supplier, state those requirements in the addendum. Ones that come to mind are using truck or container seals, not leaving vehicles unattended, securing facilities where your cargo is transiting, etc.
• Get your legal department involved early in the process to include language stating that the supplier will be liable for negligence or failure to adhere to your security requirements when acting on your behalf. Your addendum needs to express that the supplier will be liable for full coverage for any claim resulting from their failure to follow your security requirements.
• Establish ongoing auditing processes to provide you with feedback relative to the supplier’s security performance. In your contract security addendum, include a requirement that security audits will be implemented. You may need to have your operations management be involved with the supplier audit activities, which will re-enforce their ownership of your security program. It also lets the supplier know that this is an organization security program not just a corporate security one.
• Make certain that your suppliers are insured at a level that will cover losses or damages to any of your products or goods. This is particularly important when using supply chains that are moving high risk or high value products.
• Strong language in your supplier contracts holds them accountable to compliance. They cannot afford pay for major mistakes or failures.
By developing a supplier security addendum that is consistent with your internal security standards, you have taken the first step toward accountability. The next step should be to have an assessment process, one that checks to confirm the business partner is living up to the requirements in your addendum.
The last steps of this process should be to support and ensure the suppliers have training and awareness processes that influence assurance to the addendum standards. The effective security manager will find a way to manage their business partners to ensure that security levels are consistently followed. Make sure you have your suppliers included in your security assessment and audit processes. The policies in your program need to have feedback that compliance is being maintained. Develop a relationship with the business partner that includes an ongoing assessment for compliance. Be proactive with knowing how the supplier is performing against your security expectations.
Answer provided by Peter Cheviot, Security Executive Council Faculty Emeritus.