September 2020
SCS is part of Responsible Sourcing Compliance (RSC) a framework of standards in our supply chain that help to combat forced and
underage labour, address unsafe working conditions and promote dignity of workers. The objective of RSC is to ensure that all goods and
services supplied for Walmart and its subsidiaries are produced in a compliant manner with our standards and our brand integrity
maintained.
Is designed to measure
whether facilities are capable
of producing the proposed
product and able to produce
the proposed order quantities
on time.
Is intended to protect the shipment of
goods against tampering and to guard
against the introduction of un-
manifested cargo such as illegal drugs,
explosives, weapons, and people.
Procurement and selling of goods
through a socially and environmentally
responsible supply chain, monitoring
and strengthening of working
conditions.
Provides checks that a food facility
produces food that is safe to eat, meets
all relevant legal requirements and is of
the agreed quality standards Suppliers
must, at all times, maintain good
manufacturing practices and adhere to
stringent food and product safety
expectations.
OUR VISION
OUR FOCUS
OUR VALUES
OUR EXPECTATIONS
To drive responsibility
in our supply chain,
and
to lead and inspire
others to do the
same.
On the legal,
operational, and
reputational risks of
Walmart being
associated with acts
of terrorism and the
smuggling of persons
or illicit items.
OUR APPROACH
To control against the risk
that factories and other
physical locations
involved in the
movement of goods are
involved in acts of
terrorism and/or the
smuggling of persons or
illicit items.
All facilities involved in the
production of goods for
which Walmart or any of its
subsidiaries is the importer
of record (Direct Import) are
subject to audit
requirements. These act as a
control to validate suppliers
and services providers being
compliant with the
Minimum Security Criteria
defined by US Customs &
Border Protection and the
AEOs (or equivalent) in
other Walmart retail
markets.
Delivering value to our
customers through
ability to accelerate
supply chain
sustainability by
maintaining security
controls of movement
of our goods on a
global scale.
o
o
o
o
The SCS programincluding the SCS Audit Programapplies only to goods that move across international borders
o
o
Supplier
Location
Contact
Details
[email protected]om
[email protected]
[email protected]
AUDIT REQUEST OPEN
ASSIGNED TO AUDIT FIRM
NOTIFICATION TO
SUPPLIER/FACILITY SENT
AUDIT PASSED/ FAILED SUMMARY REPORT SHARED AUDIT DAY
AUDIT ASSESSED IN RL
DATE SCHEDULED
PAYMENT COMPLETED
FACILITY DISCLOSED
Pre-Qualification
New facilities or reactivated facilities producing DI merchandise may be required to meet certain requirements under RSC or
other compliance areas (FCCA, Food Safety) that may apply for the facility prior to the facility being activated.
Exceptions
Program-related: requires the approval of the Vice President of Global Trade Compliance
Audit-related: the Senior Manager of SFA team will consolidate the exceptions; they review and present the exception request to the Senior Director
of Global Supplier Compliance
AUDIT RENEWAL
o
o
To return to this Menu click on the icon throughout the deck
Personnel Security
Threat Awareness
Physical Access Controls
Physical Security
Container/Trailer Security
Procedural Security
Information Security
Contractor Security
Remember SCS audit relates to
Corporate Security, People and
Physical Security, and
Transportation Security
SCS requirements are:
1. All procedures must be
documented either in a policy or
procedure
2. Ownership and accountability of
the SCS Program to a member
of the facility´s management
3. Security policies and procedures
must be reviewed every year
KEY INFO
SCS AUDIT
SCORING
AUDIT FEES
The facility will need to have an
active audit status to continue/
start to receive new POs
* Audit scoring is subject to change
Global Region
Audit Fee (USD)
Europe
$1,250
The America’s
$975
Africa / Middle
East
$1,000
Asia / South
Asia
$700
Australia and
New Zealand
$2000
Audit Validity based on Country Risk
Audit Score High Risk
Medium Risk
Low Risk
0 - 74 Fail Fail Fail
75 - 87 12 Months 12 Months 24 Months
88 - 100 12 Months 24 Months 24 Months
Personnel Security
Procedures for hiring
Completion of an employment
application
Employee documentation
Screening / background check of new
employees according to local law
regulations
The facility must have a written
procedure to review applicant’s photo
ID card prior to hiring
Employee badges to easily identify
anyone in a sensitive area with
permission
The Employee Security Policy is
reviewed every 12 months and updated
where necessary
Create and maintain a personnel file for each employee
Determine sensitive positions within the facility (packing/ loading area, security,
shipping, IT)
Background check includes:
o Personal references
o Verify home address
o Information related to previous jobs
Create evidence (records, logs) of background checks
Procedures for employee termination:
o Collection of ID badge and/or access control
o Communication to security or employee responsible for access control to
the facility
Determine a department within the facility as responsible for the ID badge
issuance
Threat Awareness
To train employees to recognize and be
aware of the threat at each point in the
supply chain
Employees must be aware of
emergency procedures the company
has in place
Employees must know how to report
situations that may compromise security
(who, what, when)
Each facility has guidelines and
emergency numbers
The facility provides training to all new
hire employees
The facility provides training to all
employees as refresher training at least
every 12 months
The facility ensures that only authorized
cargo is loaded into the container or
trailer
Report the loss of an ID badge
Employees should know fellow co-workers and challenge unauthorized
personnel to identify themselves when seen on the premises
Process to remove a non-authorized person in the facility
Identify suspicious packages
Employees should immediately report:
o Damage to exterior fencing, lighting and the building structure
o Defective locking devices and signs of tampering or forcing locks in the
building or along the fence line;
o Missing keys and access cards or the use of keys and cards by
unauthorized personnel
o Any damage to the alarm systems or video surveillance systems
Physical Access Controls
Written policy to ensure only authorized employees are permitted to
access sensitive or restricted areas (review every 12 months)
ID critical areas:
o Main entrance
o Offices, lobbies, computer, servers area
o Container, trailer, truck parking area
o Decks, loading, shipping area
o Final packing, bottling, palletizing, assembling, area
Create logs for vehicles and visitors control
Procedure to require visitors and drivers to show an ID with a picture
before to gain access to the facility
Include a procedure for all employees to report a security incident
The facility must have a written policy
stating that designated restricted areas or
sensitive areas are required to have
access controls determining who can
enter the area
Facility management should review the
list of authorized employees permitted to
enter sensitive and restricted areas - keep
a log
The facility should have a procedure for
inspection and maintenance of and
existing perimeter fence or wall
The facility should have a policy and
procedure requiring that security incidents
are reported, logged, and investigated
Physical Security
CCTV is not obligatory, there are other options to deliver the standards
Create logs of execution
Identify persons with no authorized access
Identify suspicious packages
Document approach
The facility should have an emergency contact list such as police, fire
station, hospital, and ambulance
The facility has a written procedure for an Access Control Program that
describes methods used to record and track of keys or other access
devices issued to authorized employees for use within the facility
Control Logs
Keys and Access Cards
Procedures in case of key loss
Documented owner of the procedure
Inventory process and review
Lights
Illuminate the fence, gates, and other access
points
Container / trailer stuffing, loading and storage
areas
Access control to light switch
Vehicle Control
No parking by storage or containers
Segregate domestic and international
shipments
Container / Trailer Security
List of authorized employees with access to the cargo handling and storage
areas
Establish a process to communicate with authorities in case of a security incident
Security standards required to contracted consolidator or load containers / trailers
Cargo documentation: process must contain review for accuracy, legibility,
completion and protected against tampering or loss
7- point inspection
Ensure locks and locking mechanisms are secure and reliable
Check for loose bolts, ensure hinges are secure and reliable, rubber door seals
are in good condition
Check for structural damage (dents, holes, repairs)
Support beams are visible
Ensure no foreign objects are mounted on container
Look for unusual repairs to the floor, ensure floor is of uniform height
Inbound / Outbound checks
Check for modification
Protect facility from contraband
Ensure driver details are checked
Validate correct seals are in place, not broken or
damaged
Escalation procedures
Maintain a log
Procedures when a loaded empty container,
trailer, truck remains at premises
Container / Trailer Security
The origin country risk rating will determine the type of high security seal used:
Low or Medium Risk Country of Origin
A container or trailer must be secured with a high security bolt seal
High Security Seals
High security seal must be affixed to any
container or trailer shipped to Walmart
A container or trailer shipped to Walmart must
be secured with an ISO17712 high security
seal
Walmart requires the use of “H” class seals
which stands for ‘High Security
Seals classification: the test laboratory must
also be accredited according to ISO/IEC
17025 to perform testing specific to ISO
17712
“H” class Security Seals or High Security
Seals are manufactured to the highest
standards and are marked with a “H” on the
seals body
The most popular high security seals are bolt
seals and cable seals
High Risk Country of Origin
A container or trailer must be secured with a high
security cable seal
Procedural Security
Process to prevent tampering with goods during final packaging,
bottling, palletizing etc.
If a manufacturing practice is used ensure it forms part of your security
policy
Assign responsibility to a supervisor / security guard or any designated
employee
Mail Screening
Procedure to assess incoming mail for possible contraband or
dangerous substance
No requirement for a screening device
Process to screen arrival packages and mail prior to distribution
Process to create data for cargo documents
Process must contain review for accuracy,
legibility, completion and protected against
tampering or loss
The facility has a process that requires shipping
records are kept for a specified period
according to local law
Information Security
Create password for computers
Password must be changed every 6 months
Report of unauthorized access attempt
What steps are followed in critical issues?
Security in servers room
IT Information back up
Who is responsible for IT security?
Who allocates the system access?
Ensure that the approach is documented
Contractor Security
Critical question relates to selection criteria, should take into account:
o corporate history
o employee hiring
o security standards
Procedure to identify and authorize access to contractors to the
premises
ID badges assigned to contractors
Procedure for security vetting of service
contractors who require routine or
scheduled access to the facility i.e.
maintenance, 3
rd
party employees
Vetting based on security standards:
considers the contractor's security controls,
employee hiring process, and corporate
history
Authorised Economic
Operator
AEO status in lieu of Walmart SCS audit
For Walmart to accept AEO accreditation supplier needs to provide a
copy of their certification that will be uploaded to internal Retail Link
(RL) system
AEO will be will be accepted if Walmart is able to validated AEO
certificate within the respective AEO portal
Walmart only accept Authorization type which covers Security and
Safety program management
How long does Walmart accept this AEO status for?
AEO status is valid for a year from an assessment date in RL
The status is reviewed annually
For more information please see CBP website here
Customs Trade Partnership Against Terrorism - Mutual Recognition
The goal of Mutual Recognition is to link the international industry partnership programs
that collaborate and create a unified and sustainable security posture that assists in
securing global cargo trade. Mutual Recognition promotes end-to-end supply chain security
based on program membership. It is arrangement between U.S. Customs and Border
Protection (CBP) and a foreign Customs Administration (as AEOs).
Walmart accepts AEO agreements in lieu of Walmart SCS audit for the bellow countries:
New Zealand - June 2007 New Zealand Customs Service’s Secure Export Scheme Program
Canada - June 2008 Canada Border Services Agency’s Partners in Protection Program
Jordan - June 2008 – Jordan Customs Department’s Golden List Program
Japan - June 2009 – Japan Customs and Tariff Bureau’s Authorized Economic Operator
Program
Korea - June 2010 Korean Customs Service’s Authorized Economic Operator Program
European Union - May 2012 – European Union’s Authorized Economic Operator Program-
more details on the slide 18
Taiwan - November 2012– Directorate General of Customs, Taiwan Ministry of Finance’s –
Authorized Economic Operator Program*
Israel June 2014 - Israel Tax Authority’s Authorized Economic Operator Program.
Mexico - October 2014 - Mexico Tax Administration Service's New Scheme of Certified
Companies (NEEC) Program
Singapore December 2014 – Singapore Customs’ Secure Trade Partnership (STP) Program
Dominican Republic - December 2015 Authorized Economic Operator Program AEO
Peru - September 2018 - Authorized Economic Operator Program
AEO in the European
Union
What is AEO?
The AEO concept is based on the Customs-to-Business
partnership introduced by the World Customs Organisation
(WCO).
Who can become AEO ?
Any economic operator established in the customs territory
of the European Union (EU)
The AEO status granted by one member state is recognized
by the customs authorities in all member states
Where to apply for AEO status?
For more information about AEO and how to apply please
access the link here
AEO status in lieu of Walmart SCS audit
Walmart accepts AEOS- safety and security; and AEOF-
Full authorisation (combination of AEOC-customs
simplification, and AEOS)
For Walmart to accept this accreditation, facility must be
found in Taxation and Customs Union (TAXUS) portal here
and share PDF copy of their status
PDF copy of AEO certification is uploaded in RL
How long does Walmart accept this AEO status for?
AEO status is valid for a year from an assessment date in
RL
Validity of the status is reviewed annually
Supplier Compliance
Audit Network
Region
Audit fee
(USD)
Africa
$1,345
Americas
$1,320
Europe
$1,595
Lower Southeast
Asia
$1,595
Middle East
$1,345
North Asia
$1,045
Southeast Asia
$1,045
SCAN is an industry trade association that utilizes one
agreed SCS audit to share among their membership of
importers.
Audit progress is managed by the British Standards
Institute British Standards Institute (BSI).
For detailed information on SCAN please access website
here.
SCAN process with Walmart
Supplier requests the audit in Retail Link (RL)
Supplier advises SFA Team that they want or have an
existing SCAN audit
Audit is performed by an approved SCAN audit firm
SCAN contacts the facility for payment and scheduling
of an audit date
The facility is provided a log-in code to access the audit
results
The facility will communicate their SCAN result to
suppliers
Audit Checklist
Most questions have multiple answer selections
Audit is scored by SCAN
Submit completed checklist to the SCAN/ BSI
program manager
CAPA is required for any critical or must
question missed
Facility has 60 days to complete CAPA from the
assessment date
All CAPA’s must be completed by the facility
before SCAN considers the audit complete
Walmarts approved SCAN audit firms
Bureau Veritas, BSI Group, Intertek, Omega,
SGS, UL
Contact SCAN
SCAN@SCRiskSolutions.com
Self-Assessment
The Small Supplier program is designed to provide assurance through
an evidence based desktop audit at a reduced cost
Evidence is submitted to the Intertek audit company through a Inlight
portal
NO auditor will visit the facility, the standards are assessed based on
evidence submitted in portal
Small Supplier audit eligibility
Annual POs below $250,000 (USD)
Facilities located in Low or Medium risk countries for SCS
* Audit eligibility is subject to change
Desktop audit
The audit costs between $279 and $299 depending on location
Answering questions:
o Yes = evidence needs to be submitted (logs, policies,
procedures, photos)
o No = not verified, no option to upload documents
o N/A = provide explanation why the question doesn’t apply to your
facility
Audit process
1. Register/ Activate your account on Inlight portal
2. Undergo training via Intertek online platform
3. Activate/ Subscribe/ Submit Payment for the Walmart Checklist
Self - Assessment Questionnaire (SAQ)
4. Receive notification that your payment has been received by audit
firm
5. Complete checklist (SAQ) and submit
6. Only submit when all the evidence is uploaded and annotation is
completed (you only get one chance to submit an audit)
7. Remember there is a difference between answering ‘No’ and ‘NA’.
If it is ‘NA’ – annotate why. ‘No’ stands for standards not in place
8. Evidence and SAQ is reviewed by an auditor
Audit Result
1. Intertek completes the desktop verification and assigns a score
2. Passing score is 75 and above
3. Intertek shares audit result and report with Walmart’s SFA Team
4. SFA Team uploads the result to Retail Link and notifies supplier
Multiple-Owned Program
A supplier with multiple wholly owned and operated sourcing facilities under the same management system
documentation, may qualify for a reduced audit programe.
Who can qualify?
There must be a minimum of 5 or more facilities in the owned program
Facilities located in a country rated Low Risk for SCS
This program does not apply to the Goods Not for Resale (GNFR) facilities/suppliers
Supplier must provide evidence that sourcing facilities are wholly owned regardless of the country where the
facility is located
Audit Requirements
Every year, 20% of a supplier’s owned facilities must undergo and pass an onsite audit
Remaining facilities will complete a Security Self Assessment (SSA)
The SSA is scored and must receive a pass rating
Facility that Fails an Onsite Audit
The facility must undergo and pass a re-audit before becoming eligible to produce goods for Walmart.
Additionally, another 50% of the supplier’s remaining facilities must undergo an onsite audit.
Facility that Fails an SSA
The facility must undergo and pass an onsite audit before eligible to produce goods for Walmart.
Every year, SFA Team will select the facilities to undergo an onsite SCS audit
NUMBER
OF
FACILITIES
20%
ON-SITE
AUDITS
1 - 1
2 - 1
3 - 1
4 - 1
5 1 1
6 1.2 2
7 1.4 2
8 1.6 2
9 1.8 2
10 2 2
11 2.2 3
12 2.4 3
13 2.6 3
14 2.8 3
15 3 3
If the calculation results in a fraction then the number
will always round-up to the next whole number.
CTPAT Tier II or III
About CTPAT
CTPAT stands for Customs Trade Partnership Against Terrorism
Is a voluntary public-private sector partnership program which
recognizes that Customs and Border Protection (CBP) can
provide the highest level of cargo security through close
cooperation with stakeholders of the international supply chain
such as importers, carriers, consolidators, licensed customs
brokers, and manufacturers
For more information please see US CBP website
CTPAT Benefits
Reduced number of CBP examinations
Shorter wait times at the border
Access to the Free and Secure Trade (FAST) Lanes at the land
borders (applicable to the USA)
Access to the CTPAT web-based Portal system and a library of
training materials
Accepting CTPAT Process
1. Disclose their facilities in Retail Link (RL), on manual form or via the
SFA/ RSC Team
2. Be a current CTPAT Tier II or Tier III member
3. Request in the CTPAT Portal to monitor Walmart (SVI section)
4. Supplier submits an image of their CTPAT certification
5. Once approved, Walmart uploads waiver that is valid for one year, or
invalidated upon loss of certification
6. Individual Markets are responsible for updating the information on the
waiver template
7. An image of the CTPAT Tier II or Tier III certification is uploaded to RL
8. Upon expiry of the validity, these facilities will be placed under the
Audit Submission Process and will be required to submit an updated
certificate
SUPPLIER
ACCOUNTABILITY
The management of relationship with facilities they choose to produce from
Ensures the chosen facility can meet SCS standards for Walmart
Ensures the payment for an audit is rendered timely
Is responsible for any remediation noted in CAP and ensures timely CAP completion
Is responsible for providing the most up to date information in Retail Link :
Request to disassociate facilities no longer used
Change and update contact details