global security verification reporterp.hansae.com/sharefile/compliance/survey/carters_2019... ·...

Registration Number : A24786-427722Company : HANSAE TG CO., LTDDate of Verification : 27-Mar-2018 Auditor(s) Name : Vuong Thai Quoc, Long Pham

HANSAE TG CO., LTD

Measured Performance - Improved SecurityGlobal Security Verification ReportParticipating Facilities : 17963

Low Risk Priority (86 –100)Meet Expectations

High Risk Priority(0 –75)Urgent Action Required

Medium Risk Priority(76 –85)Further Improvement Needed

Overall Rating

Send Us a secure message. Complete the GSV on-line Compliments and Complaints feedback formContact Us Go Now

http://www.importsecurity.com/OnlineForm/OnlineForm.aspx

Number of buildings 26Distribution: 0Production: 7Warehouse: 0Container yards: 0Other: 19Logistics/Transportation for shipments to US

FACILITY STRUCTUREFacility land size: 371000M. Sq.Total facility floor size: 181766M. Sq.Warehouse customs bonded:

NOFree trade zone: NO

Trucks owned By Company: NoPercent of goods exported to US By air: 10%By sea: 89%By rail: 0%By truck: 0%

Industry: ApparelKey / Main product: KnitwearCountry of operation: VietnamParticipation in security initiatives: NoDescription of security initiative: None

BUSINESS OVERVIEWPermanent: 4984Temporary: 0Overseas / Migrant: 42Total: 5026

Company name: HANSAE TG CO., LTDContact name: Ms. Jinna Goyal/ Compliance ManagerAddress 1:

Lot BIII, BIII-25, BIII-26, Tan Huong Industrial Park, Chau Thanh District, Tien Giang ProvinceAddress 2: -

City: -State: Tien Giang Province

COMPANY INFORMATIONPostal Code: 860000Country: VietnamPhone: 0273-6265777Fax: 0273-6265888Email: [email protected]: N/A

NUMBER OF EMPLOYEES

COMPANY PROFILE

Send Us a secure message. Complete the GSV on-line Compliments and Complaints feedback form 1Contact Us Go Now


Export Logistics Facility responsible for the relationships with the following type of logistics :Air : SometimesSea : AlwaysRail : NeverLand Carriers: Always

Freight forwarders: NeverNVOCC: NeverOther 3rd party logistics providers: NeverConsolidators: Never

Description of "other" buildings:one 02-storey building was occupied for office, two 02-storey buildings were occupied for foreign dormitory, 06 one 01-storey building were not used and ten 01-storey building were occupied for canteen

Brief description of direct shipments to port process:

Yes, Upon completion of loading stage, seals were affixed on containers by shipping staff and delivery note with signatures of key persons given to the driver before the containers were leaving the facility for the ports.In-country transport services detail: Yes, The facility uses Thanh Trung Trading Service and Investment Co., Ltd for providing containers that was selected by the facility.

Brief Description of the Facility:

HANSAE TG CO., LTD is located at Lot BIII, BIII-25, BIII-26, Tan Huong Industrial Park, Chau Thanh District, Tien Giang Province, Vietnam. The total land area is about 371,000 square meters, in which the total land area in use is 181,766 square meters. The main product is knitwear. The main market is US. There were 26 buildings being located in the visited site: one 02-storey building was occupied for office, two 02-storey buildings were occupied for foreign dormitory, four 01-storey buildings were occupied for material warehouse, sewing section, ironing section, inspection section, packing section, finished goods warehouse and production office, one 01-storey buildings were occupied for material warehouse, cutting section, sewing section, ironing section, inspection section, packing section, finished goods warehouse and production office, 06 one 01-storey building were not used, one 01-storey building was occupied for sample room and clinic room, ten 01-storey building were occupied for canteen and one 01-storey building was occupied for cutting section. There are 5,026 employees working at the facility. The main production processes are listed as follows: material, cutting, sewing, inspecting, ironing, packing and finished goods warehouse.

Brief Description of Loading Process for Shipment:

When the drivers delivered empty containers to the facility, security guards checked security status of containers and made reports. Then, they informed to the shipping department and warehouse keeper that goods could be loaded into containers. One staff of shipping department, one security guard would monitor the loading process. Uponcompletion, the shipping staff would place a seal on the door of containers and gave documents for the driver tocarry the containers to the ports. The area of container storage was monitored by security guards and CCTVthat was monitored by security guards in the security room.Brief Description of Sealing Process:

Seals were delivered to the shipping department by the truck or container drivers. Shipping manager wasresponsible for keeping the seals in secure cabinet until they were fixed on containers.

The companies used vary routes: No,

GENERAL OVERVIEW



The companies used employ security guards: Yes, The companies used provide vehicle escort: Yes, The companies used Global Positioning Satellite (GPS):

Yes, The companies used truck convoys: No, Required transit time between audited facility to the port/the next supply chain:

About 2.5 hours from the facility to the nearest port (Cat Lai Port).CCTV details: Yes, 227 CCTVsSecurity guard force details: Yes, 44 external security guards



Category Name Score Must Do Should Do Best Practice

Records & Documentation 90 4 0 0Personnel Security 84 3 4 9Physical Security 91 5 5 12Information Access Controls 82 4 0 4Shipment Information Controls 100 0 0 0Storage & Distribution 100 0 0 2Contractor Controls 96 1 0 3Export Logistics 100 0 0 1OVERALL 92 17 9 31

I. NUMBER OF NON-COMPLIANCES NOTED IN EACH CATEGORYThe C-TPAT Security Criteria and Security Guidelines indicate that there are must and should requirements. "Must" means that it is a requirement of the program participation. "Should" means that the procedure is considered to be an industry "best practice" however as the program matures, more "shoulds" will become "musts."

Send Us a secure message. Complete the GSV on-line Compliments and Complaints feedback form 4Contact Us Go NowHigh Risk Priority (0-75%) Low Risk Priority(86-100%)Medium Risk Priority(76-85%)


Security SectionsSection/Subsection Score

(0-100)

Records & Documentation 90

Personnel Security 84

Documented Personnel Security Policies/Procedures 100

Personnel Screening 100

Identification System 76

Education/Training/Awareness 81

Physical Security 91

Plant Security 87

Perimeter Security 56

Outside Lighting 100

Container Storage NA

Security Force 96

Access Controls 85

Visitor Controls 90

Entering/Exiting Deliveries 99

Employee/Visitor Parking 100

Production, Assembly, Packing Security 100

Information Access Controls 82

Shipment Information Controls 100

Storage & Distribution 100

Storage 100

Loading for Shipment 100

Contractor Controls 96

Export Logistics 100

OVERALL SCORE 92

II. FACILITY SCORE CARD



Criteria: Compliant/Non-CompliantThe facility does not have a risk assessment program to analyze and identify critical areas of its supply chain that is the most likely targets for infiltration. Non-CompliantThe facility does not use computer software risk-based assessment tool. Non-CompliantThe facility does not have written processes for the selection of their business partners to include a detailed risk assessment. Non-CompliantThe facility does not have a comprehensive risk assessment covering their own facility. Non-CompliantThe facility does not have a comprehensive risk assessment covering point of packing and stuffing. Non-CompliantThe facility does not have comprehensive risk assessment covering contractors. Non-CompliantThe facility does not have a comprehensive risk assessment covering export logistics and at each transportation link within the chain. Non-CompliantThe facility does not conduct a comprehensive risk assessment annually. Non-CompliantThe facility has not adopted the 5 Step Risk Assessment Process Guide in conducting security risk assessment of their supply chain(s). Non-Compliant

III. RISK ASSESSMENT



90% Section: Records & Documentation

Exceptions Noted: Global Freq. of Compliance %

The facility has no documented procedure and/or assessment reports to conduct periodic security checks to ensure that Personnel Security procedures are being performed properly. 85 %The facility had documented procedure and assessment that required periodic security check at least every 12 months to ensure that all security procedures were implemented but not include Personnel Security.

The facility has no documented procedure and/or assessment reports to conduct periodic security checks to ensure that Information Access Controls procedures are being performed properly. 81 %The facility had documented procedure and assessment that required periodic security check at least every 12 months to ensure that all security procedures were implemented but not include Information Access Controls.

The facility has no documented procedure and/or assessment reports to conduct periodic security checks to ensure that Contractor Controls procedures are being performed properly. 63 %The facility had documented procedure and assessment that required periodic security check at least every 12 months to ensure that all security procedures were implemented but not include Information Contractor Controls.

The facility has no documented procedure and/or assessment reports to conduct periodic security checks to ensure that Export Logistics procedures are being performed properly. 70 %The facility had documented procedure and assessment that required periodic security check at least every 12 months to ensure that all security procedures were implemented but not include Export Logistics.

84% Section: Personnel Security

SubSection: Documented Personnel Security Policies / ProceduresNo exceptions noted

SubSection: Personnel ScreeningNo exceptions noted

SubSection: Identification SystemInternational Supply Chain Security Requirements & CriteriaAn employee identification system must be in place for positive identification and access control purposes


The facility identification is not required for entry of personnel 92 %Based on facility tour and facility management confirmation, it was noted that 02 observed folding employees at folding area of workshop no.5 did not wear their ID badges with their photos for identification during working in the facility.

IV. OPPORTUNITIES FOR IMPROVEMENTSThe following sections includes all exceptions noted during the on-site audit. Each exception is color coded to indicate the severity as indicated in the C-TPAT criteria for foreign manufacturers.

Must Do Should Do Best Practices Informative



The ID does not include an indicator, i.e. a unique physical identifier such as a facial photograph or fingerprint 86 % IDs are not required to access restricted areas 52 %

It was noted that employee ID was not required to access the restricted areas such as IT and finance.

SubSection: Education / Training / AwarenessInternational Supply Chain Security Requirements & CriteriaEmployees must be made aware of the procedures the company has in place to address a situation and how to report it / Additional training should be provided to employees in the shipping and receiving areas, as well as those receiving and opening mail / Specific training should be offered to assist employees in maintaining cargo integrity, recognizing internal conspiracies, and protecting access controlsThese programs should offer incentives for active employee participation


New employee orientation does not include recognizing internal conspiracies 72 %It was noted that the new employee orientation training did not include the content on Recognizing internal conspiracy.

New employee orientation does not include detecting unlawful activity 76 %It was noted that the new employee orientation training did not include Detecting unlawful activity.

Personnel is not trained and encouraged to report irregularities, suspicious activity and/or security violations and not informed of procedures to resolve the situation. 89 %It was noted that the threat awareness training program did not include training and encouraging personnel to report irregularities, suspicious activity and/or security violations and procedures used by the facility to resolve the situation.

The facility does not give incentive to personnel to report irregularities, suspicious activity and/or security violations. 73 % 91% Section: Physical Security

SubSection: Plant SecurityInternational Supply Chain Security Requirements & CriteriaAlarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to cargo handling/storage areasManagement or security personnel must control the issuance of all locks and keys


Facility management does not review and approve the up-to-date list of employees with special access to controlled or sensitive areas 57 %It was noted that the facility management did not conduct review and approve a up-to-date list of employees with special access to controlled or sensitive areas every three months.Remark: The list of employees with special access to sensitive areas posted at sensitive areas at each workshop but did not indicate the established date in the above list.

The facility does not have an intrusion detection or an alarm system 35 %It was noted that the facility only installed intrusion detection in sensitive areas at workshop no.5 but did not have an automatic intrusion detection or alarm system installed in sensitive/controlled access areas at workshop no.1, 6, 9 and 10.

SubSection: Perimeter Security



International Supply Chain Security Requirements & CriteriaCargo handling and storage facilities in international locations must have physical barriers and deterrents that guard against unauthorized access.


The facility has adjoining/overhanging structures or foliage which would potentially facilitate illicit entry over the fenced areas into the facility 49 %Based on the facility tour, it was noted that 02 out of 04 facility's perimeter barriers (side perimeter barrier and front perimeter barrier) in the facility were not maintained to prevent illicit entry via any adjoining/overhanging structures (Tree branches).

Underground access points, culverts, utility tunnels, sewers, etc. are not secured to prevent unauthorized access 95 %It was noted that underground access points, culverts, utility tunnels, sewers, etc. were not checked to prevent unauthorized access.

SubSection: Outside LightingNo exceptions noted

SubSection: Security ForceInternational Supply Chain Security Requirements & CriteriaA threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by terrorists at each point in the supply chain / Specific training should be offered to assist employees in maintaining cargo integrity, recognizing internal conspiracies, and protecting access controls


The security guards do not receive specific security training in recognizing internal conspiracy 76 %It was noted that the guards specific training did not include Internal conspiracy.

SubSection: Access ControlsInternational Supply Chain Security Requirements & CriteriaAlarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to cargo handling and storage areas.


CCTVs are not monitored constantly on all shifts. 59 %Working time

CCTVs are monitored by non-security personnel 42 %HR Director

The facility does not use Closed Circuit Television (CCTV) or another surveillance method to monitor activity in all sensitive areas within the facility. 76 %It was noted that the facility had equipped the CCTVs in receiving, shipping, final packing and the computer server/systems room were in good condition but there was no CCTV or another surveillance method to monitor activity in the main offices, the lobby.

SubSection: Visitor ControlsInternational Supply Chain Security Requirements & CriteriaAccess controls must include the positive identification of all employees, visitors, and vendors at all entry points




Visitors and/or contractors are not required to wear temporary ID badges. 85 %It was noted that 01 observed building contractor employee and 03 observed waste contractor employees did not wear temporary ID badges during working in the facility.

SubSection: Entering / Exiting DeliveriesInternational Supply Chain Security Requirements & CriteriaWritten procedures must stipulate how seals are controlled and affixed to loaded containers, including recognizing and reporting compromised seals and/or containers to local Customs authorities / All shortages, overages, and other significant discrepancies or anomalies must be resolved and/or investigated appropriately / All shortages, overages, and other significant discrepancies or anomalies must be resolved and/or investigated appropriately


Examinations of containers/trailers found with broken seals do not document other anomalies 45 %SubSection: Employee / Visitor Parking

No exceptions noted

SubSection: Production, Assembly, Packing SecurityNo exceptions noted 82% Section: Information Access Controls

International Supply Chain Security Requirements & CriteriaProcedures must be in place to ensure that all information used in clearing merchandise/cargo is legible, complete, accurate, and protected against the exchange, loss or introduction of erroneous information. Documentation control must include safeguarding computer access and informationProcedures must be in place to ensure that all information used in clearing merchandise/cargo is legible, complete, accurate, and protected against the exchange, loss or introduction of erroneous information. Documentation control must include safeguarding computer access and information / A system must be in place to identify the abuse of IT, including improper access, tampering or the altering of business dataA system must be in place to identify the abuse of IT, including improper access, tampering or the altering of business dataDocumentation control must include safeguarding computer access and information.


There is no system in place to suspend a login user ID after three failed access attempts 41 %It was noted that the login user ID was not suspended after three failed access attempts during randomly testing onsite.

There is no system in place to review periodically and maintain daily security logs for invalid password attempts and file access 33 %It was noted that system administrator did not receive and review report of invalid password attempts and file access.

There is no system in place to identify IT abuses including improper access, tampering, or the altering of business data 61 %It was noted that there was no a system in place to identify IT abuses including improper access, tampering, or the altering of business data.

Desktops do not lock automatically after a designated period of inactivity 83 %It was noted that desktops or computer terminal automatically did not close and lock after a designated period of inactivity.



100% Section: Shipment Information Controls

No exceptions noted 100% Section: Storage & Distribution

SubSection: StorageNo exceptions noted

SubSection: Loading for ShipmentNo exceptions noted 96% Section: Contractor Controls

International Supply Chain Security Requirements & CriteriaForeign manufacturers must have written and verifiable processes for the selection of business partners including, carriers, other manufacturers, product suppliers and vendors (parts and raw material suppliers, etc).


When selecting the contractors used by the facility, the facility does not consider the contractor's hiring practices 44 %There were no Hiring practices (background checks) considered when selecting the contractor.

100% Section: Export Logistics

No exceptions noted NS Section: Transparency In Supply Chain Not Scored


The facility does not conduct on-site inspections of the contractors' implementation of the their security standards/procedures that includes compliance with human trafficking and slavery policies. 19 %The facility did not conduct security on-site inspection of contractor including compliance with human trafficking and slavery policies.

The facility does not require its contractors to conduct self-assessment of their security policies and procedures including status of their compliance with human trafficking and slavery policies and share the results of those assessments with the facility. 16 %The sub-contractor security self-assessment did not include compliance with human trafficking and slavery policies.



The facility does not have written security standards and documented procedures for selection of its contractors (contracts, manuals, etc.) and handling contractors failing to meet company standards regarding security and slavery and trafficking. 23 %The facility written procedure for selection contractors did not include handling the contractors failing to meet company standards regarding slavery and human trafficking.

Strengths Noted: Global Freq. of Compliance %

There is a documented system in place to ensure that management is informed of and investigates all anomalies found in shipments including human trafficking. 49 % There is documented cargo verification procedure in place to prevent unmanifested cargo and/or illegal aliens from being loaded. 63 % The facility have written or electronic confirmation of its partners' compliance with Business Transparency on Human Trafficking and Slavery Act (e.g., contract language, a letter of commitment signed at the management level or above, signed acknowledgement of receiving the facility's participation announcement).

19 % There is a written security awareness program covering awareness of current terrorist threat(s), human trafficking, smuggling trends, and seizures in place to ensure employees understand the threat posed by terrorist at each point of the supply chain. 25 %

NS Section: Risk Assessment Not Scored


The facility does not have a risk assessment program to analyze and identify critical areas of its supply chain that is the most likely targets for infiltration. 15 %It was noted that the facility did not have the program to analyze and identify critical areas of its supply chain.

The facility does not use computer software risk-based assessment tool. 7 %The facility does not use computer software risk-based assessment tool.

The facility does not have written processes for the selection of their business partners to include a detailed risk assessment. 13 %It was noted that the facility did not have written processes for the selection of their business partners to include a detailed risk assessment.

The facility does not conduct a comprehensive risk assessment annually. 15 %Risk assessment was not conducted annually.

The facility has not adopted the 5 Step Risk Assessment Process Guide in conducting security risk assessment of their supply chain(s). 8 %There was no risk assessment program in the facility.

The facility does not have a comprehensive risk assessment covering their own facility. 20 %There was no risk assessment conducted

The facility does not have a comprehensive risk assessment covering point of packing and stuffing. 18 %There was no risk assessment conducted

The facility does not have comprehensive risk assessment covering contractors. 15 %There was no risk assessment conducted

The facility does not have a comprehensive risk assessment covering export logistics and at each transportation link within the chain. 14 %There was no risk assessment conducted



Existing Best Practices:

Section: Personnel Security Criminal record checks are conducted Other type of checks such as criminal record checks are conducted on all employees The facility has a process in place to publicize the security procedures throughout the facility (i.e. posters, bulletin boards, etc) The facility provides training in local language or language understood by employees of different origin. Photos of authorized employees to access the restricted areas are posted in the work area to detect any unauthorized entry/access.Section: Physical Security Gates are monitored during operating hours by guards at the gate Gates are monitored during operating hours by patrolling guards Gates are monitored during operating hours by CCTV Gates are monitored by guards during non-operating hours Gates are monitored by patrolling guards during non-operating hours Gates are monitored by cameras during non-operating hours Vendors are required advance information before visiting the facility premises Parking lots for visitors and employees are separated Vehicles are prohibited/prevented from parking near perimeter fencing. Visitor and employee personal vehicle parking lots are monitored by security guards during facility operating hours. The facility requires the use of visual identification for visitor parking. The company requires the use of visual identification for employee parking The facility has digital cameras as part of surveillance. The facility has motion activated cameras as part of surveillance. Advance notice is required for a pick-up or delivery transport company. The gate security or a designated facility manager performs truck outbound inspection and the results are recorded in an Outbound Vehicle Log. Guards receive specific training in General Security. Guards receive specific training in Site-Specific. Guards receive specific training in C-TPAT. The emergency contact numbers are posted in the security posts and command center. All visitors given are safety and security pamphlet and/or visitors ID which lists general company safety and security rules that need to be followed while on the premises. Corrective actions are taken when missing visitor badges are identified. A log is maintained with Driver's license number.

V. BEST PRACTICES AND RECOMMENDED BEST PRACTICESCBP describes Best practices as innovative security measures that exceed the C-TPAT minimum security criteria and industry standards.The following are a list of best practices this supplier has implemented.



Pilfer or tamper proof packaging and tapes are utilized to secure the goods.Section: Information Access Controls Facility implemented into its network system anintrusion warning system and/or virus protection The facility conducts review of access rights to safeguard electronic business data. The facility provides different level of access rights to employees according to their roles. Employees are required to sign a Non-Disclosure Agreement (NDA) to secure and protect Company's information. Each office workstation contains a photo of the employee who is assigned to that work area to detect any unauthorized computer terminal usage. Visitors are required to declare all electronic equipment entered in the facility.Section: Shipment Information Controls Information requirements for shipments are automated Facility conducts a review of shipment information and documentation controls to verify accuracy and security at least every six months The facility have electronic access control system to secure sensitive trade documents.Section: Storage & Distribution The facility keeps records of seal numbers together with the name of person using the seal and date of use of seal. Container/trailer loading process is monitored by security or a supervisor. Empty containers are inspected by the gate guards upon entry to the facility. The facility obtains copy of Container Interchange report and review it to ensure that it has been inspected by the forwarder prior to delivery to the facility. Loaded containers/trailers' final inspection is conducted. The facility receives approval from the importer/buyer before cargo can be loaded into a container. The container/trailer loading process monitored by more than one personnel including security and supervisor. According to procedure, the seals are affixed to the right door of the container/trailer on the hasp that has the welded rivet. The seal verification and inspection process includes the following VVTT procedure: Verify seal number. The seal verification and inspection process includes the following VVTT procedure: View seal and container locking hardware. The seal verification and inspection process includes the following VVTT procedure: Tug on seal to make sure it's on right. The seal verification and inspection process includes the following VVTT procedure: Twist and turn seal to make sure it doesn't unscrew. Multiple seals or security devices are used on each container/trailer. There are signs posted at each of the loading doors with pictures and examples of the correct seal verification and inspection process.Section: Contractor Controls The facility require assigning an ID badge to a contractor’s employee that enters the premises. The facility terminates service with non-compliant contractors. The facility require its contractors to participate in security awareness training. The facility provides periodic security awareness training to all of the contractors. The facility communicates its security policies to its contractors. The facility communicates the company's security policies through: publication.



Section: Export Logistics The carrier has intermediate staging/rest period/layover of cargo conveyances prior to reaching the consolidation center/port/border The facility has a procedure for in-country carriers to report security violations to facility’s management The facility conduct a security review of their transport company to ensure compliance with the contract. Cargo trucks are monitored and checked every hour. There is a written procedure in place to identify/inquire if trucks are late for their scheduled appointment. The facility utilizes a progress control system to monitor the status of up its cargo delivery (including contracted in-country transport).Recommended Best Practices:

Section: Personnel Security IDs should specify access for loading/unloading/packing dock areas by Numeric coding IDs should specify access for loading/unloading/packing dock areas by Map coding Personnel should be encouraged to report irregularities through Suggestion Box Personnel should be encouraged to report irregularities through Phone Number/Hotline The facility should provide online training portal. The facility should provide Certificate of Completion and/or similar recognition to all employees who attended the training. The facility should perform emergency response mock drills. A security awareness assessment should be given annually to a random sample of employees to gauge their understanding of the company's general security policy. Personnel should be encouraged to report irregularities through Email HotlineSection: Physical Security The facility should have a back-up power source for the alarm system The alarm system or intrusion detection system should be tested regularly. Violations to the alarm system should be reported The lighting system should have an emergency power source/generator Access to the lighting switches should be restricted to only authorized personnel. Lights should be illuminated automatically. Gates should be monitored during operating hours by motion detectors Gates should be monitored during non-operating hours by motion detectors The facility should maintain an up-to-date list of names and addresses of all contractor (e.g., canteen staff), vendor, repair personnel. Visitors should be subject to metal detector and/or scanner screening. Visitors should be subject to X-ray of their personal belongings. For conveyance entries/exits, logs should be maintained with name of the guardSection: Information Access Controls Access to the data should be protected from being copied, altered, tampered or deleted. The facility should limit use of VPN to access company's network directory. Security warning message should be displayed when guest are given access to company's internet access.



USB ports and external drives should be disabled/sealed to prohibit copying of company information.Section: Storage & Distribution The facility's external shipping door should be assembled in such a way that opening the door requires a person outside and another person inside to open it. Facility should have a procedure that after the seal is affixed to the container, there is an authorized employee who should make sure that the seal is secure by pulling down on it.Section: Contractor Controls The facility should implement a corrective action process for non-compliance found during on-site inspections of the contractors. The facility should communicate the company's security policies through internet websites (homepage contains information and/or link of C-TPAT and other security standards). The facility should communicate the company's security policies through: electronic advertisement.Section: Export Logistics The facility’s written agreement with their transport company should indicate preferred transit route(s) used by the driver, the allowable transit time limit, designated rest/meal stop locations and a process for a driver to report a container or trailer security issue.



Last Assessment (Not Applicable) First Assessment (Not Applicable)Current Assessment (27-Mar-2018)

Advancers DeclinerConstant

Why Performance Trend Analysis Matter?Investors in the international supply chain look closely at trends to make a judgment about the current and future direction of a businesspartners performance. It is often easier to determine how best to support the development and implementation of measures for enhancing business performance, by looking at a chart of performance trends over a period of time, in relation to the performance traits of similar such enterprises operating within like industries. Mutual understanding of cause and effect is an important first step toward achieving a shared objective of continuously enhancing performance and building stronger business partner relationships.

Section Name Current Last First Change(Current-Last) Change(Current-First)Records & Documentation 90 Not Applicable Not Applicable Not Applicable Not ApplicablePersonnel Security 84 Not Applicable Not Applicable Not Applicable Not ApplicablePhysical Security 91 Not Applicable Not Applicable Not Applicable Not ApplicableInformation Access Controls 82 Not Applicable Not Applicable Not Applicable Not ApplicableShipment Information Controls 100 Not Applicable Not Applicable Not Applicable Not ApplicableStorage & Distribution 100 Not Applicable Not Applicable Not Applicable Not ApplicableContractor Controls 96 Not Applicable Not Applicable Not Applicable Not ApplicableExport Logistics 100 Not Applicable Not Applicable Not Applicable Not ApplicableOverall Score 92 Not Applicable Not Applicable Not Applicable Not Applicable

VI. PERFORMANCE TREND ANALYSIS



Criteria Facility Challenges: Facility performance ranks in the bottom percentile of the population Global Freq. of Compliance%Must Do Underground access points, culverts, utility tunnels, sewers, etc. are not secured to prevent unauthorized access 95%

Must Do The facility identification is not required for entry of personnel 92%Should Do Personnel is not trained and encouraged to report irregularities, suspicious activity and/or security violations and not informed of procedures to resolve the situation. 89%

Must Do Visitors and/or contractors are not required to wear temporary ID badges. 85%Must Do The facility has no documented procedure and/or assessment reports to conduct periodic security checks to ensure that Personnel Security procedures are being performed properly. 85%

Must Do Desktops do not lock automatically after a designated period of inactivity 83%Must Do The facility has no documented procedure and/or assessment reports to conduct periodic security checks to ensure that Information Access Controls procedures are being performed properly. 81%

Should Do The facility does not use Closed Circuit Television (CCTV) or another surveillance method to monitor activity in all sensitive areas within the facility. 76%

Should Do The security guards do not receive specific security training in recognizing internal conspiracy 76%Should Do The facility does not give incentive to personnel to report irregularities, suspicious activity and/or security violations. 73%

Criteria Facility Strengths: Facility performance ranks in the top percentile of the population and/or has implemented a best practice process

Global Freq. of Compliance%Informative The facility have written or electronic confirmation of its partners' compliance with Business Transparency on Human Trafficking and Slavery Act (e.g., contract language, a letter of commitment signed at the management level or above, signed acknowledgement of receiving the facility's participation announcement).

19%

Informative There is a written security awareness program covering awareness of current terrorist threat(s), human trafficking, smuggling trends, and seizures in place to ensure employees understand the threat posed by terrorist at each point of the supply chain. 25%

Must Do The facility requires eligible carriers to demonstrate C-TPAT, AEO, PIP certification and/or ineligible carriers to demonstrate compliance with C-TPAT, AEO, PIP equivalent standards 28%

Must Do Facility conducts periodic unannounced security check.to ensure that transport company is in compliance with the contract. 30%

Should Do The facility requires its contractors to conduct self-assessment of their security policies and procedures and share the results of those assessments with the facility 33%

Should Do Where restricted areas exist, guards check employees ID to monitor access to these areas 37%Must Do IDs specify access for loading/unloading/packing dock areas by color coding 40%Must Do Reference checks are conducted 41%Must Do The loading and departure of containers/trailers is captured on CCTV providing adequate views of loading activities and inside container and/or the recording is kept for 30 to 45 days (applicable to trucks and closed vans). 44%

Must Do Security guidelines for hiring are evaluated periodically to ensure their effectiveness 47%

VII. KEY STRENGTHS AND CHALLENGES



VIII. COMPARISON BENCHMARK



1.Facility Entrance

2.Perimeter Fencing

FACILITY PHOTOS FOR HANSAE TG CO., LTD



3.Facility Building

4.Employee Parking

5.Visitor Parking



6.Outside Lighting

7.Security Room- Communication Equipment

8.CCTV system and monitor



9.Packing Area



10.Finished Goods Warehouse

11.Loading Area

12.Facility Name



13.Employee ID Badge

14.Container Manifest and Inspection Record

15.Visitor's ID Badge



16.Shipping Logs

17.Shipping Documents

18.Non-Compliance Issues

It was noted that 02 observed folding employees at folding area of workshop no.5 did not wear their ID badges with their photos for identification during working in the facility.

It was noted that 01 observed building contractor employee and 03 observed waste contractor employees did not wear temporary ID badges during working in the facility.



It was noted that 02 out of 04 facility's perimeter barriers (side perimeter barrier and front perimeter barrier) in the facility were not maintained to prevent illicit entry via any adjoining/overhanging structures (Tree branches).



DISCLAIMER

This report is for the exclusive use of the client of Intertek named in this report (“Client”)and is provided pursuant to an agreement for sevices between Intertek and Client (“Client Agreement”).No other person may rely on the terms of this report. This report provides a summary of the findings and other applicable information found/gathered during the audit conducted at the specified facilities on the specified date only. Therefore, this report does not cover, and Intertek accepts no responsibility for, other locations that may be used in the supply chain of the relevant product or service. Further, as the audit process used by Intertek is a sampling exercise only,Intertek accepts no responsibility for any non-compliant issues that may be revealed relating to the operations of the identified facility at any other date.Intertek's responsibility and liability are also limited in accordance to the terms and conditions of the Client Agreement.Intertek assumes no liability to any party, for any loss, expense or damage occasioned by the use of this information other than to the Client and in accordance with the Client Agreement and these disclaimers. In case there is any conflict between the disclaimers stated herein and the applicable terms and conditions of Intertek incorporated into the Client Agreement, then these disclaimers shall prevail.

