Supply Chain Security

Pre-Assessment Checklist
General Merchandise, Food,
and Goods Not For Resale Sourcing Facility

February 2013

A Walmart sourcing facility must possess security standards and procedures to guard
against the introduction of unmanifested cargo, such as illegal drugs, explosives, weapons,
and people into outbound shipments. A facility must comply with all domestic laws, rules
and regulations governing the sale of goods and will cooperate with local, national, and
foreign customs agencies to protect the supply chain from illegal shipments.

This Pre-Assessment Checklist is used by a sourcing facility to determine their security

status in preparation for an on-site audit to determine compliance with Walmart Security
Standards. Mark each checklist question Yes, No, or N/A based on completing the
requirement of the question. Provide a comment following each Category for questions
answered No or N/A.

Send the completed checklist to the address below, if requested, based on the country
where the facility is located:

Region Contact address

China and North Asia [email protected]
Americas [email protected]
Indian Subcontinent, Southeast Asia, [email protected]
Australia, New Zealand, Philippines
Europe, Africa, Middle East [email protected]

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 1

PERSONNEL SECURITY
QUESTION YES NO N/A
1. The facility has a written Employee Security Policy, which includes
procedures for hiring, employment application and employee
documentation, and screening of new employees. (Critical Question)

 Facility must have a written Employee Security Policy that includes

employee hiring, personnel records system, and a screening process.
o The applicants name is verified by photo ID (country issued ID card,
drivers license, passport, etc.).
o Applicant's current address is verified.
o Personal references, if any, are contacted.
o Employment history is verified.
QUESTION YES NO N/A
2. The facility has a written policy to require that the Employee Security
Policy is reviewed every 12 months to determine if updates are
necessary.

 The Employee Security Policy is reviewed every 12 months and updated

where necessary and by documenting the 12 month review.
QUESTION YES NO N/A
3. Every permanent or temporary employee applicant completes a written
employment application before being considered for employment.

 Facility must require every prospective employee to complete an

employment application prior to hiring.
QUESTION YES NO N/A
4. The facility has a written procedure to conduct a background check for
an applicant applying to work in a sensitive position or a current
employee working in a sensitive position.

 The facility has a written procedure to perform a background check for

sensitive positions such as packing/loading area, security, shipping, IT
managers, etc.
 The facility has evidence of a background check.
QUESTION YES NO N/A
5. The applicant's photo ID card is reviewed during the application process.
(Critical Question)

 The facility must have a written procedure to review applicant’s photo ID

card prior to hiring.
 Verification of this review is kept on file.
QUESTION YES NO N/A
6. A personnel file is maintained for each employee.

 The facility must maintain a personnel file for each employee containing
the original employment application, copy of the applicant’s photo ID,
documents verifying identity.

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 2

QUESTION YES NO N/A
7. The facility has a written policy to issue a photo identification card or an
access card to each employee for access to the facility.

 The facility must have a written policy to require issuing every employee
including full-time, part-time, and temporary an access credential. When
an ID badge is issued it must include the employee’s picture and name
and the employee must always wear their badge while at the facility.
 High and Medium Risk: Either a photo ID or an access card is required.
Although not required, the facility may use a biometric system instead of
photo ID or card access.
 Low risk: The facility must have a written procedure that requires use of
either a photo ID, access card, or a process by management/supervisors
to verify only employees are permitted access.

QUESTION YES NO N/A

8. The facility has a written procedure that requires review of the
background check document every 12 months for an employee working
in a sensitive position.

 The facility must have a written procedure to review the background check
of sensitive positions, such as packing/loading area, security, shipping, IT
managers, etc., every 12 months.

QUESTION YES NO N/A

9. The facility has a written Employee Termination policy to remove the
identification badge, facility access, and system access for an employee
who is terminated or resigns?

 The facility must have a written policy for employee termination.

 The policy must include collection of and disabling of an employee’s facility
identification, access keys and cards.
 The policy must require that security and/or management is informed of
employees who resign or are terminated.

Personnel Security: Explain why a question was answered No or N/A.

THREAT AWARENESS PROGRAM

QUESTION YES NO N/A
10. The facility has a written Threat Awareness Program to train employees
about the security threat at each segment of the supply chain.

 The facility has a written training program to discuss with employees the
threat posed to the supply chain.
 Training focuses on security of the facility: access by only authorized
employees and registered visitors, to report someone in a work area who
does not belong there, especially in sensitive or restricted areas such as
the shipping area, packing area, loading area, warehouse, systems rooms
and to report attempted unauthorized access to a computer terminal, etc.

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 3

QUESTION YES NO N/A
11. The Threat Awareness Program trains employees on how to report a
security situation or incident.

 The program includes the procedure for an employee to report a security

issue.
 Employees are trained to report a possible security breach, such as a
broken window, broken door lock, breach in perimeter fence/wall/barrier,
broken or inoperable security alarms/CCTV/exterior lights.
 Employees are trained to report unusual activity.
 Training provides examples of security issues and the reporting process to
help employees understand the procedure.

QUESTION YES NO N/A

12. The Threat Awareness Program provides specific job related training to
shipping and receiving employees?

 The facility provides specialized training to shipping and receiving

employees regarding access to sensitive work areas, reporting
unauthorized people in the work area, ensuring that only authorized cargo
is loaded into the container or trailer, and how to report situations that may
involve a conspiracy to use the supply chain for illegal purposes.

QUESTION YES NO N/A

13. Threat Awareness training is provided during new hire orientation and
then every 12 months as refresher training to all employees.

 The facility provides training to all new hire employees.

 The facility provides training to all employees as refresher training at least
every 12 months.

QUESTION YES NO N/A

14. Employees who report suspicious activity and security violations are
given some form of encouragement.

 The Threat Awareness Program includes providing an incentive to

employees who report suspicious activity and security violations.
 An incentive could include a certificate, recognition during a meeting, cash
bonus, time off, or some other form of encouragement.

QUESTION YES NO N/A

15. Are Threat Awareness Program security procedures publicized in
common areas of the facility?

 The Facility posts security procedures in common areas frequented by

employees.
 The facility can determine the best method and manner in which to display
the procedures.

Threat Awareness: Explain why a question was answered No or N/A.

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 4

PHYSICAL ACCESS CONTROLS
QUESTION YES NO N/A
16. The facility has a written policy to ensure that only authorized employees
are permitted access to sensitive or restricted areas.

 The facility must have a written policy stating that designated restricted
areas or sensitive areas are required to have access controls determining
who can enter the area

QUESTION YES NO N/A

17. Does facility management review and update employee lists that
authorize access to sensitive and restricted work areas?

 Facility management should review the list of authorized employees

permitted to enter sensitive and restricted areas.

QUESTION YES NO N/A

18. A security guard or designated facility manager or supervisor is
designated to monitor access to the facility.

 Security guard(s) or designated member(s) of management perform

patrols of the facility premises and report security incidents to the facility’s
management team.
 Facility has designated checkpoints to ensure patrols are made.

Exception for a food pack house: a security force is not required. It is sufficient for a designated
member of management or an employee to patrol the immediate premises, offices, and any other
building on the premises. However, patrol of the produce field or orchard is not necessary.

QUESTION YES NO N/A

19. The facility periodically performs an inspection of an existing perimeter
fence or wall to check for damage, attempted illegal access, and needed
repairs.

 The facility should have a procedure for inspection and maintenance of

and existing perimeter fence or wall.

Exception for a food pack house: some pack houses may operate seasonally, in a temporary
structure, in a temporary location, or are a field location. In these cases, a wall or fence is not
required, therefore, mark the question as N/A. It is sufficient for these facilities to have natural
barriers or to use roving security patrol or designated employees to patrol the perimeter.

QUESTION YES NO N/A

20. The facility has a written procedure requiring employees to immediately
report any security incident to facility management.

 The facility should have a policy and procedure requiring that security
incidents are reported, logged, and investigated.

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 5

QUESTION YES NO N/A
21. Does the facility have a written policy and procedures to deny access of
employees who either resign or are terminated?

 The facility must have a written policy to deny access of employees who
have resigned or been terminated.
 A list of recently resigned or terminated employees should be updated
whenever an employee is terminated or resigns.

QUESTION YES NO N/A

22. Additional security monitoring is applied for a building or structure that
adjoins the facility that could enable unauthorized entry.

 In case of an adjoining structure or building that could allow access to the

facility additional security measures are applied to mitigate the risk. For
example, additional fencing, a security guard, use of CCTV, or designated
employees may be assigned to monitor the area.

QUESTION YES NO N/A

23. The facility uses Closed Circuit Television (CCTV) or another surveillance
method to monitor activity in sensitive areas within the facility such as
receiving, shipping, final packing, main offices, the lobby, and the
computer server/systems room. (Critical Question)

 CCTV is not required. If CCTV is not used, the facility uses another
surveillance method such as security guard patrols or designated
management to monitor areas of the facility.
 If the facility uses CCTV, determine if recordings are kept for a minimum of
30 days.

QUESTION YES NO N/A

24. The facility has a written procedure that requires a visitor and a pick-
up/delivery driver to show photo identification before entry is permitted.

 The facility must have a written procedure requiring security staff or a

receptionist to verify the photo identification of a visitor.

QUESTION YES NO N/A

25. The facility has a policy to issue a serial numbered visitor badge to each
visitor and maintain a Visitors Log.

 A facility has a written policy to issue a visitor badge.

 Visits are recorded in a Visitors Log (name, date, time in and out, who at
the facility is to be visited, and the badge number).

QUESTION YES NO N/A

26. The facility has a written policy that all visitors are escorted while at the
facility.

 The facility must have a written policy indicating that all visitors are
escorted.

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 6

QUESTION YES NO N/A
27. The facility has a written policy that requires a control log is maintained
for any pick-up or delivery truck arrival and departure to include the
driver's name, driver’s license number, truck license number, reason for
visit, and that the control log is kept for 30 days. ((Critical Question)

 The facility must have a written policy to log a truck’s arrival and departure
to include the drivers name, truck license number, time of arrival, time of
departure, and reason of visit. The log is kept for at least 30 days.

QUESTION YES NO N/A

28. The facility has a written policy indicating that employees are not
permitted to bring personal items into the final packing and shipping
areas. (Critical Question)

 The facility must have a written policy stating that no personal items (such
as a lunch box, a purse, a backpack, etc.) are allowed in the packing and
shipping areas.
 The facility may provide an appropriate location for employees to keep
personal items while at the facility.

Physical Access Controls: Explain why a question was answered No or N/A.

PHYSICAL SECURITY
QUESTION YES NO N/A
29. The facility has appointed in writing a company official responsible for
facility, employee, and transportation security.

 The facility has designated in writing a manager responsible for overall

security to include creating the security policies and procedures and that
physical security is accomplished in accordance with each security policy.

QUESTION YES NO N/A

30. The facility has a written policy that requires all security procedures are
documented as either a policy or procedure. (Critical Question)

 The facility must have a written policy that requires all security procedures
are documented as a policy or procedure.

QUESTION YES NO N/A

31. The facility security policies are reviewed every 12 months and updated
when necessary. (Critical Question)

 The facility requires that all security policies are reviewed every 12 months
and necessary updates are made.

QUESTION YES NO N/A

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 7

32. A security assessment of the facility site is conducted to identify
weaknesses at least every 12 months? Are the weaknesses identified,
recorded in a log, and corrected in a timely manner.

 The facility must perform a security site assessment every 12 months.

 Facility must document issues identified and take necessary corrective
action.

Exception for food pack house: some pack houses may operate in a temporary structure or a
temporary location. In such cases, a site security assessment is not required. Mark the question N/A.

QUESTION YES NO N/A

33. The facility restricts access to cargo handling and storage areas.

 The facility must use an appropriate method to ensure that only authorized
employees and escorted visitors are permitted access to cargo handling
and storage areas.
 Cargo handling and storage areas should be designated as restricted
areas and display signage.

QUESTION YES NO N/A

34. Facility access gates, exterior doors, and windows are secured with
locking devices.

 Locking devices could be a manual applied lock, locking bars, security

latches, or electronically controlled devices.
 Windows should be locked from the inside.

Exception for a food pack house: some perishable food pack houses may operate seasonally, in a
temporary structure, in a temporary location. In such cases, there may not be any doors, windows or
access gates. There may also be some “open” pack houses that have no walls, doors or windows. In
this situation, mark the question not applicable (N/A).

QUESTION YES NO N/A

35. The facility has an intrusion detection system or a security surveillance
method for sensitive/controlled access areas.

 The facility can use either an electronic detection system or manual

methods such as roving security guards or management/supervisors who
monitor sensitive areas.

Exception for a food pack house: some perishable food pack houses may operate seasonally, in a
temporary structure, or in a temporary location. There may also be some “open” pack houses that
have no walls, doors or windows. In these cases, an intrusion detection system is not required. In this
situation mark the question N/A.

QUESTION YES NO N/A

36. The facility has a written Access Control Program that establishes
responsibility to maintain control of all locks, keys and access cards?
(Critical Question)

 The facility has a written procedure for an Access Control Program that
describes methods used to record and track of keys or other access
devices issued to authorized employees for use within the facility.
Exception for a food pack house: some perishable food pack houses may operate seasonally, in a
temporary structure, in a temporary location that do not possess doors or gates that require the use
of a lock/key or access cards. There may also be some “open” pack houses that have no walls, doors
or windows. In these cases mark the question N/A.

QUESTION YES NO N/A

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 8

37. The facility’s Access Control Program include a control log that accounts
for all keys/access cards not issued or are issued and not returned?

 The program must include a control log that accounts for all keys/access
cards on-hand and not issued, those issued, and any returned to include
the employee’s name, date signed out, date signed in, reason for use, and
the name of issuing person.
Exception for a food pack house: some perishable food pack houses may operate seasonally, in a
temporary structure, in a temporary location that do not possess doors or gates that require the use
of a lock/key or access cards. There may also be some “open” pack houses that have no walls, doors
or windows. In these cases mark the question N/A.

QUESTION YES NO N/A

38. The Access Control Program includes an inventory process to account
for all keys/access cards.

Based on Country Risk Rating:

 High and Medium Risk: Once every month.
 Low Risk: Once every 3 months.
 The key/access card inventory check must be recorded and available
for audit.

QUESTION YES NO N/A

39. Are lost keys/access cards reported immediately to the facility Security
Manager?

 The Access Control Program policy includes the process to report a lost
key or access card.

QUESTION YES NO N/A

40. The facility’s buildings are constructed of materials that resist unlawful
entry.

 The facility’s production building(s) and storage building(s) are constructed

of materials that deter easy access by an intruder. Examples of
satisfactory construction materials include metal siding, reinforced wood,
brick, cement block, etc.

Exception for a food pack house: some perishable food pack houses may operate
seasonally, in a temporary structure, in a temporary location and construction materials are
made of less permanent materials. There may also be some “open” pack houses that have
no walls, doors or windows. In these cases mark the question N/A.
.
QUESTION YES NO N/A
41. The facility has a documented process to inspect buildings for security
and maintenance issues each month and to make necessary repairs.

 The facility production buildings and storage buildings are inspected for
either signs of illegal entry or needed repairs based on Country Risk
Rating
o High Risk: Once every month.
o Medium Risk: Once every month.
o Low Risk: Every 6 months
o Documentation of this should be available in the factory.
Exception for a food pack house: some perishable food pack houses may operate seasonally, in a
temporary structure, in a temporary location and construction materials are made of less permanent
materials. There may also be some “open” pack houses that have no walls, doors or windows. In
these cases mark the question N/A.

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 9

QUESTION YES NO N/A
42. The facility’s perimeter is secured with a fence or wall or patrolled by
security guards/facility management or supervisors, to deter
unauthorized access.

 The facility is protected by a wall or fence to avoid easy and unwanted

access by an intruder.
 Underground access points such as utility tunnels or water drainage
should be secured to prevent unauthorized access into the facility.
 Facilities in a country rated Low risk are not required to have a fence or
wall, however, they must use a security guard or designate in writing
employees to periodically patrol the property to detect and deter unwanted
visitors.
Exception for a food pack house: some pack houses may operate seasonally, in a temporary
structure, in a temporary location, or are a field location. In these cases, a wall or fence is not
required, therefore, mark the question as N/A. It is sufficient for these facilities to have natural
barriers or to use roving security patrol or designated employees to patrol the perimeter of the facility.

QUESTION YES NO N/A

43. Facility management, the security manager, or designated security
employees conduct meetings to review security alerts and discuss how
to improve facility security.

 The facility should indicate when meetings take place. Any regular
meetings can be noted as compliant.

QUESTION YES NO N/A

44. There is radio or phone communication between the central security
office and any guard posts.

 The facility uses a reliable communications method between security

personnel and any exterior guard post or roving guard.
 All security guards should be equipped with hand held radio sets /cell
phones or have access to telephone for communication.
 This question is not applicable for a facility that does not use a security
guard force and instead uses employees to perform a roving security
function, it is sufficient for the designated employee to have adequate
means to communicate with facility management.
Exception for a food pack house: If the facility does not use a security force, it is sufficient
for the designated security person to have adequate means to communicate with facility
management.

QUESTION YES NO N/A

45. During darkness the facility perimeter fence/wall is well illuminated.

 If the facility possesses a perimeter fence or wall, lighting should

sufficiently illuminate the fence, gates, or other access points.
 Security lighting allows for visual surveillance during darkness. The facility
must have outside flood lighting sufficient to illuminate areas between
buildings, the fence/wall line, the container/trailer stuffing, loading and
storage areas.

Exception for a food pack house: If the facility does not have a permanent structure then mark this
question as N/A.

QUESTION YES NO N/A

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 10

46. Access to outside lighting switches or controls is restricted to only
authorized employees or the security guard supervisor.

 Lighting switch access should have controls to ensure that unauthorized

persons cannot access the switches.

Exception for a food pack house: If the facility does not have a permanent structure then mark this
question as N/A.

QUESTION YES NO N/A

47. Facility management has direct communication to local law enforcement
authorities?

 The facility should have an emergency contact list such as police, fire
station, hospital, and ambulance.

QUESTION YES NO N/A

48. Visitor and employee personal vehicles are prohibited from parking near
a cargo handling area, a cargo storage area, or near cargo vehicles.

 The facility must not permit personal vehicles parked near cargo loading or
handling areas.
 Due to parking space restrictions, some parking areas may be combined;
however, during container/trailer loading all personal vehicles should be
moved.

QUESTION YES NO N/A

49. Only facility management and a designated security guard supervisor are
permitted to have keys or other controls necessary to open/close facility
gates.

 The facility has a process to ensure that only authorized personnel are
issued keys/control devices to open, close, lock, and unlock the facility
access gates

QUESTION YES NO N/A

50. The facility’s gates are monitored by security guards and/or closed
circuit television (CCTV).

A facility with access gates, whether for truck carriers or employees/visitors,

should ensure the gates are monitored based on country risk:
 High Risk: Monitored by security guards 24/7.
 Medium Risk: Monitored by security guards 24/7
 Low Risk: Monitored by either security guards or designated facility
employees during hours of operation.

Exception for a food pack house:. Facility gates, if used, may be monitored by the use of roving
security guards, CCTV, or a designated facility employee.

Physical Security: Explain why a question was answered No or N/A.

CONTAINER / TRAILER SECURITY

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 11

QUESTION YES NO N/A
51. When the facility uses a contracted consolidator to load containers or
trailers, does the facility have a written contract with the consolidator
that requires them to have security standards for employee hiring,
security of their perimeter, security of their cargo holding areas, and
security of their cargo loading docks.

 The facility must have a written contract with the freight consolidator that
specifies security requirements consistent with the country risk rating and
the facility’s security standards.

QUESTION YES NO N/A

52. The gate security guard or a designated facility manager performs a
container or trailer inbound inspection? (Critical Question)

 The facility maintains a container/trailer inspection process to include

looking for signs of modification and inspecting the undercarriage for
hidden devices or packages.

QUESTION YES NO N/A

53. The gate security or a designated facility manager performs a truck
outbound inspection and the results are recorded in an Outbound
Vehicle Log?

 An outbound inspection will include verifying that the transportation

documents are accurate and complete, the driver has the correct container
or trailer, and that the actual security seal number is the same seal number
listed on the shipping document.
 The Outbound Log captures the driver’s name, truck license number,
container/trailer number, seal number, date and time of departure based
on country risk:
o High risk: A completed log should be kept for 12 months.
o Medium risk: A completed log should be kept for 6 months.
o Low risk: A completed log should be kept on file for 2 months.

QUESTION YES NO N/A

54. Outbound container or trailer incidents involving a seal number
discrepancy or a broken security seal are reported to facility
management.

 A seal incident is recorded on the Outbound Log and in a facility Security

Report.
 The facility has a process to resolve the discrepancy.

QUESTION YES NO N/A

55. When a seal discrepancy is discovered, does facility management or
security examine the container or trailer contents for illegal cargo.

 The facility should have a process to resolve a seal discrepancy before the
container/trailer is permitted to depart from the facility.

QUESTION YES NO N/A

56. An empty or loaded container and trailer is kept in a secure area at the
Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 12
 facility?

 The facility must maintain a container or trailer in a secure manner.

 Facility security or a designated member of management must periodically
monitor the security of containers and trailers.

QUESTION YES NO N/A

57. When stored at the facility, is an empty and loaded container or trailer
secured with a lock or high security seal.

 The facility must use either a lock or a high security seal to secure a
container or trailer while held in temporary storage.
 When a lock is used, the shipping supervisor must have control of the key.

QUESTION YES NO N/A

58. A stored container or trailer that has potentially been tampered with is
reported to a security supervisor or facility management.

 The facility has a procedure to identify and report if potential tampering to a

container or trailer has occurred.
 The facility procedure includes instructions on how to report the incident.

QUESTION YES NO N/A

59. A container or trailer loading is supervised by either a security guard or a
designated member of management to prevent introduction of non-
manifested cargo.

 A security guard, a shipping supervisor, or a designated member of

management is physically in the shipping area to observe cargo loading
and to ensure security procedures are followed.

QUESTION YES NO N/A

60. When CCTV is used to capture container/trailer loading, the recording is
kept for a minimum of 30 days.

 When CCTV is used at the facility, the system captures the conveyance
loading process, to include applying a security seal.
 The facility must keep a recording of the loading process for a period of 30
to 45 days.

QUESTION YES NO N/A

61. Prior to loading a container or trailer integrity and security is verified by
performing a 7-point inspection (Critical Question)

 The facility has a process to perform a 7-point inspection consisting of

checking the front wall, left side wall, right side wall, floor, ceiling/roof,
inside and outside of doors, and the undercarriage of the container or
trailer.
 Anomalies are reported to a security guard, the shipping supervisor, or a
designated member of management.

QUESTION YES NO N/A

62. A record of the container or trailer 7-point security inspection is
maintained at the facility for at least 45 days.
Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 13
  The 7-point inspection process and results are recorded on a tracking log
or some another document for at least 45 days.

QUESTION YES NO N/A

63. The facility places an ISO 17712 High Security Seal on a container or
trailer immediately after loading is completed. (Critical Question)

 The facility secures the conveyance door latch with an ISO 17712 high
security seal immediately after loading is complete.
o High risk: High security cable seal is used.
o Medium risk: High security bolt seal is used.
o Low risk: High security bolt seal is used.
Exception for a food pack house: When the facility ships break-bulk items, or cartons moving to a
freight consolidation facility, a pad lock may be used to secure the conveyance

QUESTION YES NO N/A

64. The facility has a process to ensure that only authorized management
and the shipping supervisor has access to high security seals. (Critical
Question)

 The facility has designated specific management /supervisor employees

with access to high security seals.

QUESTION YES NO N/A

65. The facility has a method to ensure that unused security seals are kept
securely.

 The facility’s process ensures that seals available for use are kept in a
secure cabinet, secure drawer or some other secure location that is not
easily accessible by unauthorized personnel.
 Only authorized employees have access to the seals.
 A missing seal is reported to security or a supervisor.

QUESTION YES NO N/A

66. The facility has a written procedure for affixing, recording, and tracking
high security seal use.

 The facility has a written procedure that states how high security seals are
affixed to a container or trailer, are recorded onto a usage log, and are
tracked.

QUESTION YES NO N/A

67. The facility maintains a Seal Control Log for six months.

 The facility utilizes a Seal Control Log to track seal usage.

 The log must include seal usage information such as container/trailer
number, date used, and name of person using the seal.
 On-hand and available seals are recorded on the log in sequential order.
 The seal control log is kept on file for six months, either electronically or
hard copy.

QUESTION YES NO N/A

68. The shipping supervisor or an authorized employee verifies that the
transportation documents are complete and accurate. (Critical Question)

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 14

  The facility has a procedure for the Shipping Supervisor or an authorized
employee to inspect shipping documents for accuracy.

Container / Trailer Security: Explain why a question was answered No or N/A.

PROCEDURAL SECURITY

QUESTION YES NO N/A

69. The facility uses security methods to prevent tampering with goods
during final packaging. (Critical Question)

 The facility may employ security guards, employees designated by

management, or CCTV to monitor the final packing of goods.
 If CCTV is used, the recording should be maintained for a minimum of 30
days.

QUESTION YES NO N/A

70. The facility has a process to screen arriving packages and mail prior to
distribution. (Critical Question)

 The facility has a process to screen arriving mail prior to distribution.

QUESTION YES NO N/A

71. The facility has a written procedure to ensure that data used to create
cargo documents and manifests are accurate, legible, complete, and
protected against tampering or loss. (Critical Question)

 The facility has a written procedure to ensure that data used to create
cargo documents and manifests is accurate, legible, complete, and
protected against tampering or loss.
 Cargo shipping documents are kept in secure location to prevent
tampering.

QUESTION YES NO N/A

72. The facility’s shipping department maintains a record of each shipment
made.

 The facility has a process that requires shipping records are kept for a
specified period according to local law.

QUESTION YES NO N/A

73. The facility conducts a review of shipment information and
documentation controls to verify accuracy and security.

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 15

  A record of the review and findings is documented and produced for an
audit based on country risk rating:
o High risk country: Review every 3 months.
o Medium risk country: Review every 6 months.
o Low risk country: Review every 12 months.

QUESTION YES NO N/A

74. The facility has a process to ensure that international and domestic
cargo shipments are kept separate in the shipping area.

 The facility can demonstrate their process to ensure that domestic and
international cargo are kept separately.

QUESTION YES NO N/A

75. The facility requires employees to report anything unusual found in a
shipment or shipment documents.

 The facility must have a procedure for employees to report anything

unusual found in a shipment, such as a different carton, or in the
accompanying documents, such as improper cargo description.

QUESTION YES NO N/A

76. The facility uses a method to count outbound cartons to identify an
overage or shortage.

 Facility must have a process to ensure the correct number of cartons are
loaded into a container or trailer for shipment.

QUESTION YES NO N/A

77. The facility has a process to ensure shipping cartons are properly
labeled with item description and carton weight before loading or
shipping.

 Facility has a process to ensure that shipping cartons are properly labeled
to indicate item description and weight.

QUESTION YES NO N/A

78. Prior to selecting a highway transit carrier the facility considers company
history, driver/employee hiring procedures, and existing transit security
controls.

 The facility has a procedure to check the carrier’s company history,

employee hiring procedures, and internal security controls prior to hiring.
 The question is not applicable (N/A) if the facility does not arrange
transportation of the cargo to the port or to the border crossing location.

QUESTION YES NO N/A

79. The facility’s written agreement with their transport company indicates
preferred transit route(s) used by the driver, the allowable transit time

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 16

 limit, designated rest/meal stop locations and a process for a driver to
report a container or trailer security issue?

 The facility’s contract with their transportation service company includes

the commercial routes that used, allowed transit time, designated rest/meal
stops and requires a driver to report any security issue involving the cargo.
 This question is “N/A” if the facility is not responsible for arranging the
transporting of the container or trailer.

QUESTION YES NO N/A

80. The facility conducts a security review of their transport company to
ensure compliance with the contract.

 The facility must conduct a security review of their contracted transport

company to include driver hiring procedures, facility controls, and truck
security inspection.
 The facility must document and retain the transport company security
review based on country risk:
o High risk country: every 12 months
o Medium risk country: every 12 months
o Low risk country: every 24 months

QUESTION YES NO N/A

81. The facility has a written policy that designates which employees are
permitted access to the information systems. (Critical Question)

 Facility security policy designates specific company employees or job

functions with responsibility for IT system security.
 Policy permits access to the systems control room by designated systems
contractors or service providers when accompanied by a facility
supervisor.

Procedural Security: Explain why a question was answered No or N/A.

INFORMATION SECURITY

QUESTION YES NO N/A

82. The facility has designated a system administrator responsible for
establishing system users and their identity codes/user names.

 The security policy designates a manager responsible for systems controls

and for assigning User IDs/ access controls.

QUESTION YES NO N/A

83. Designated computer terminal users are assigned a password and are
required to change their passwords periodically.

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 17

  The facility has designated specific job functions and employees with
access to computer systems.
 Best practice: Users of facility computers should be required to change
their personal password at least every six months.

QUESTION YES NO N/A

84. The systems administrator reports a security incident to facility
management.

 The systems administrator reports security incidents to facility

management.

QUESTION YES NO N/A

85. Each computer terminal has a close and lock feature after a period of
inactivity.

 Computer terminals lock after a period of inactivity.

QUESTION YES NO N/A

86. The system administrator receives a report of invalid password attempts.

 The systems administrator should receive and review records of invalid

computer terminal password attempts.
 The system administrator reviews the system generated lock out report for
suspicious activity and takes necessary action to determine the cause of
the lock out.

QUESTION YES NO N/A

87. The system administrator investigates reported incidents of attempted
unauthorized system access or breach.

 The systems administrator has a method to track and investigate

unsuccessful attempts to access the system.

QUESTION YES NO N/A

88. The facility’s information system has an intrusion warning program such
as anti-virus programs.

 The facility’s computer system has a program to detect unauthorized

access/attempted access by hackers and provides a report for
management review.

QUESTION YES NO N/A

89. The facility’s data is saved on a back-up system that enables restoration
in the event of significant data loss.

 The facility has a method to back-up and restore data in case of a

significant loss.

Information Security: Explain why a question was answered No or N/A.

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 18

CONTRACTOR SECURITY
QUESTION YES NO N/A
90. The facility has a written procedure regarding security vetting of service
contractors who require routine or scheduled access to the facility.
(Critical Question)

 The written procedure requires vetting of contractors with access to

sensitive or restricted areas to be vetted.
 Vetting considers the contractor's security controls, employee hiring
process, and corporate history.

QUESTION YES NO N/A

91. The facility has a procedure that provides security standards for
contractor employees who enter the premises.

 Procedure is provided to contractor employees stating security standards.

 The procedure includes a requirement that a contractor must report a
security violation to facility management.

QUESTION YES NO N/A

92. The facility assigns an ID badge to a contractor’s employee that enters
the premises?

 The facility assigns an ID badge to a contractor’s employee.

 The procedure includes positive identification, such as a photo ID, before
issuing the ID badge.
 The procedure includes requiring the badge is worn and visible anytime
the contractor employee is at the facility.
 The identification badge is issued and returned daily.
 The identification badge is accounted for by the facility.

Contractor Security: Explain why a question was answered No or N/A.

Supply Chain Security Pre-Assessment Checklist Walmart Stores Page 19