Indicator |
Risk description |
Possible solutions |
References |
Routines for access or entry of vehicles, persons and goods |
Unauthorised access or entry of vehicles, persons or goods to the premises and/or close to the loading and shipping area. |
the number of vehicles with access to the premises should be as limited as possible; for that reason parking for staff should be preferably outside the security ring; in addition it can be implemented, if possible, that trucks are waiting before and after loading in a separate area outside the security area. Only signed in trucks will get access to the loading area on demand for the time of the loading; the usage of badges is reasonable. The badges should have a photo on it. If there is no photo on it the badges should at least indicate the name of the operator or the premises they are valid for (risk for misuse in case they are lost). The use of badges needs to be supervised by a responsible person. Visitors should have temporary identification badges and be accompanied at all time. Data on all entries including names of visitors/drivers, arrival/departure time and attendant should be recorded and stored in appropriate form (e.g. logbook, IT system) and are enumerated. Badges not to be used twice in a row to avoid passing the badge to a companion; access control with codes: routines for changing the code regularly; badges and codes should only be valid during the working hours of the employee; Standardised procedures for the return of all access authorisations; Visitors should be met and supervised by the business to prevent any unauthorised activities; Identification badges for visitors have to be worn visible; Speak to unknown persons; Corporate clothing to recognise unknown persons; In case of temporary work (i.e. Maintenance work) a list of authorised workers of the outsourced company. |
SAQ – 6.3 ISO 28001:2007, section A.3 ISPS Code |
Standard operating procedures in case of intrusion |
No proper action if intrusion has been discovered. |
implement procedures for cases of intrusion or unauthorised entry; conduct intrusion tests and record the test results and, if necessary, implement corrective actions; use of incident report or other appropriate form to record incidents and action taken; implement remedial measures as a result of incidents related to unauthorised entry. |
ISO 28001:2007, section A.3 ISPS Code |