Indicator

Risk description

Possible solutions

References

Assignment of storage location

Inadequate protection of the storage area against external intrusion

procedures governing access to the area for storage of goods;

an area or areas is/are designated for the storage of goods with CCTV surveillance system or other appropriate controls.

SAQ - 6.7.1 & 6.7.2

Goods to be stored outdoors

Manipulation of those goods

need to use adequate lighting and if appropriate CCTV surveillance;

integrity of those goods has to be checked and documented before loading;

if possible show the destination of those goods at the latest possible stage (for i.e. bar codes instead of plain text indicating destination).

Internal control procedures

Lack of procedures to ensure security and safety of stored goods.

No proper action if discrepancies and/or irregularities are discovered.

procedures for regular stocktaking and recording and investigating any irregularities/discrepancies including reviewing procedures and taking remedial action.

Instructions regarding goods notification addressing how and in what way the incoming goods will be checked.

SAQ - 6.7.3

ISO 9001:2015, section 2

Separate storage of different goods

Unauthorised substitution of goods and/or tampering with goods.

location of goods is recorded in stock records;

where appropriate different goods e. g. goods falling under restrictions or prohibitions, community/non community goods, hazardous goods, high value goods, overseas/domestic goods, air cargo are stored separately.

SAQ - 6.7.4

TAPA (Technology Asset Protection Association) Certificate

Additional security and safety measures for access to goods

Unauthorised access to the goods.

authorised access to the storage area only for designated staff;

visitors and third parties should have temporary identification badges and be accompanied at all time;

data on all visits including names of visitors/third parties, arrival/departure time and attendant should be recorded and stored in appropriate form (e.g. logbook, IT system);

- if own storage area is at another operator premises this area should be secured by regular communication between the operators involved and by visits and controls on spot by the AEO.

SAQ - 6.7.5

ISO 28001:2007, section A.3

ISPS Code