Scribd
Upload
44 views

C-TPAT Requirements

The document discusses information technology security policies and procedures. It outlines requirements for password protection, including regular password changes and individual user accounts. It also addresses accountability for IT system access and potential abuse. The document contains many checklist items to evaluate compliance with these IT security standards.

Uploaded by

Ferdous Wahid
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
44 views

C-TPAT Requirements

The document discusses information technology security policies and procedures. It outlines requirements for password protection, including regular password changes and individual user accounts. It also addresses accountability for IT system access and potential abuse. The document contains many checklist items to evaluate compliance with these IT security standards.

Uploaded by

Ferdous Wahid
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Also known as

Global Security Verification-GSV


Supply Chain Security-SCS

Ref: SPLGroup/ERP/Ferdous/Compliance/C-TPAT Check List-Oct’21 Page 1 of 36


5. lnformation Technology Security
0 Password Protection
0 Accountability
0 wb‡R¯^ Sever _vK‡Z n‡e|
0 30 w`b cici Computer Password cwieZ©b Ki‡Z n‡e|
0 IT abuse policy _vK‡Z n‡e|
0 IT policy _vK‡Z n‡e|

lT Back up :
Server base bv n‡j back up system _vK‡Z n‡e|
IT back up 1 eQi ivL‡Z n‡e|

0 Password Protection

i. Automated systems must use individually assigned accounts that require a


periodic change of password.

ii. lT security policies, procedures and standards must be in place and provided to
employees in the form of training.
Check list
• Does the facility have procedures for identifying which employees are allowed
access to automated systems ?
• ls there a designated system administrator within the facility to set up,
change, deactivate the user lD ?
• Do employees use the individual assigned accounts that are unknown to other
individuals ?
• Do direct supervisors request computer access from lT administrator when new
staff
is hired ?
• Are passwords subject to regular forced changes (at least every 3 months) ?

Ref: SPLGroup/ERP/Ferdous/Compliance/C-TPAT Check List-Oct’21 Page 2 of 36


• Are passwords the combination of letters and numbers with at least 6
characters long ?
• ls screen saver programmed to automatically log off a user after certain minutes
of inactivity ?
• Does the system administrator specify the frequency and dates of password
change ?
• Will the server operating software remind employees about the change ?
• Are the access blocked if employees failed to change their passwords within the
given period until unlocked by the system administrator ?
• Are there procedures of requiring employees to change their network I
computer passwords on a regular basis ?
• Does employee change password more often if there is a risk that the privacy
of password has been compromised ?
• Are there procedures to adjust or rescind access to password regular forced
changes ?
• Are employees allowed to download any software ?
• Are employees allowed to use their computers for non-business related activities
that may expose the lT system to virus risk ?
• Are the relevant employees provided with lT training ?
• Does the facility include computer system training in new staff orientation ?
• Are the lT security training documented ?

O Accountability

i. A system must be in place to identify the abuse of lT including improper access,


tampering or the altering of business data.
ii. All system violators must be subject to appropriate disciplinary actions for
abuse.

Check list
• ls the facility using network PCs or standalone PCs ?
• ls the facility implemented firewalls into the network system ?
• ls the facility implemented intrusion warning systems into their network ?
• ls the lT system server environment locked?
• ls there a user lD suspension policy for certain numbers of failed access
attempts to computer system ?

Ref: SPLGroup/ERP/Ferdous/Compliance/C-TPAT Check List-Oct’21 Page 3 of 36


• ls a login user lD suspended after a certain number of failed access attempts ?
• Does the system administrator review periodically and maintain security logs for
invalid password attempts and file access ?
• Does factory maintain lT security policy addressing lT security issues ?
• Are incidents of unauthorized lT system access investigated and recorded ?
• ls there a process or plan to restore lT data in the case of a failure (such as
virus attack, fire at the facility, etc.) ?
• ls computer information saved on a back-up system ?
• ls computer backup information stored in a fire resistant safe or at an off-
site facility ?
• Are there documented procedures in place for disciplining lT system violator ?
• ls the disciplinary action recorded ?

Best Practice

 ls the facility conduct periodic un-announced information access control security


checks to ensure that all security procedures are being performed properly ?
 Are the information access control security procedures and checks documented
and verifiable ?
 Are the check records maintained ?

Ref: SPLGroup/ERP/Ferdous/Compliance/C-TPAT Check List-Oct’21 Page 4 of 36


Ref: SPLGroup/ERP/Ferdous/Compliance/C-TPAT Check List-Oct’21 Page 5 of 36

You might also like