Security Policy

Introduction
1. The Customs Trade Partnership Against Terrorism (C-TPAT) is a comparative

endeavor between the trade ,community and US customs service to develop, enhance and
maintain co-operative relationship that strengthen overall supply system and border
security. C-TPAT recognizes that the highest level of security can be provided only through
close co-operation with the ultimate owners of the supply chain importers, carriers,
brokers, warehouse operators and manufacturers of the supplied items.
2. The expectation for the trade on this program is to make commitment toward the
common goal of creating a more secured and efficient supply chain through partnership. C-
TPAT demands the assistance of private industry to ensure increased vigilance throughout
the supply chain. Business must ensure that their brands, employees, and customers are
protected to the best of their abilities.
3. C-TPAT is not intended to create any new “liability” for the company beyond their
existing security practices. However, joining C-TPAT will commit company to follow the
actions specified in the signed agreement. C-TPAT recognizes that a safe and security
supply chain is the most critical part of both the vendors and the buyers. For this reason, a
strong anti-terrorism partnership with the community through C-TPAT is required to
safeguard the supplied commodities. Trade partners will have a commitment to both trade
security and trade compliance, which are routed in the same business practices. US
customs wants to work closely with companies through C-TPAT whose good business
practices ensure security of supply and compliance with trade laws.
4. As part of our effort to enhance supply chain security of goods ordered by our
customers, we have set principles, guidelines and procedures at our factory within the
premise and its area. Besides to enhance the security of our own factory for the protection
of our property and safety of all employees, it is further established to comply to our
customers’ as well as US Customs’ security requirements. The objective of this plan is to
ensure our factory to play an important role in the supply chain security, and is one of the
most secured factories in the country.
Security Policies
Our factory is committed, from our part, to the Supply Chain Security as part of our
compliance program. The management and all employees of our factory are responsible to
uphold and maintain the Supply Chain Security Plan (herein after called the “security plan”)
in accordance with the criteria we set and the applicable local law within the factory and the
factory’s subcontractors, if any.
Principles
Our factory’s security plan was developed based on the following principles, and shall focus
on prevention and risk management rather than to handle the incident afterward. The keys
of this security plan are:
• Prevention on TRESPASSING
• Prevention on TAMPERING
• Establishment of the TRACEBILITY
Guidelines
Our factory has developed guidelines for every employee in this factory to follow as part of
the factory’s regulations; such guidelines are posted on the readily accessible place to alert
all employees’ concern on security. These guidelines were developed to cover the security
of the following 7 areas:
• Container/Closed Truck Security— Focus on the physical integrity of the incoming and
outgoing containers closed truck prior to stuffing and the procedures of the seals and the
reliability of the locking mechanisms of the doors.
• Physical Access Controls — Focus on prevention of unauthorized access to the

shipping, loading and cargo areas. Implement controls on identification of all employees,
visitors and vendors. Procedures for challenging, unauthorized/unidentified persons.
• Personnel Security — Our factory shall enhance the factory’s recruitment system to
include interviewing and background checks/verifications.
• Procedural Security — To set systems and methodology to handle the incoming and
outgoing goods. Engaged with Security Officers on controls of in/out cargo; record on
shipping marks, weights, number etc; procedures for verifying seals on containers, trucks
etc; reporting shortages and overages; storage of empty and fill containers to prevent
unauthorized access; and a tracking system of all cargo movements.
• Security Training and Threat Awareness — This security plan also provides to our
employees a security awareness training, that including operation procedures, awareness,
identity and reporting of crime, and determining and addressing unauthorized access. The
training program encourages active employee’s participation in security controls.
• Physical Security — Focus on buildings & constructions; external and internal locking
devices; warehouse safety; lighting inside and outside the facility; shipping, loading &
cargo areas; as well as internal and external communications systems for assurance of
factory’s physical security.
Information Technology Security
Focus on the protection and accountability policy on the Information Technology (IT)
Procedure
Detailed operation procedure on each process of operation in each working area /

department is listed in this security plan as part of our standard operation procedure. Such
procedure shall clearly define what an employee in different working capacity should do to
achieve the objective of security.
Methodology
All employees, including management and workers, are expected to have a thorough
understanding of the security plan, familiar with the operation procedure. Our education on
awareness and training on practices on supply chain security issues are conducted in the
following manner:
1. Education — Orientation and familiarization of the security plan will be conducted to

every employee and in case of new employee, on first day reported to duty.
2. Communication — Small group meetings will be held periodically to permanent
employees as refresher on Supply Chain Security.
4. Supervision — managers are responsible to ensure all criteria listed in this plan are
properly carried out.
5. Inspection— Security Officers nominated is responsible to carry out inspection on

all security devices and implementation of the system.
6. Periodical Review — Periodical review on employee’s knowledge and application of

this security plan will be conducted by our principal.
Security Guard
Security Guard’s Responsibilities
1. Entrance Control - The security guard should station at all entrance gates for 24
hours. Guard on duty should complete hand-over and takeover procedures clearly to the
next shift before leaving.
2. All locks/anti-intrusion alarm/security devices are 24 hours well

functioning - The security guard should inspect all the security devices periodically so as
to assure that all the security devices function properly, and also, an inspection record is
required. In case of any security devices are out of service, the security guard should
report to the management, and notify the mechanic, and arrange temporary security
measures.
3. Daily patrolling on the factory premises Besides entrance control, the security
guard should patrolling all factory departments periodically in order to assure that no
unauthorized/unidentified people/object trespasses on the factory of which obstructs the
security operation of the factory.
4. Visitor’s Registration All visitors should register (the company name, date and
time of entry/leave, etc.), and should be verified by the reception employee before entering
the factory. (Exhibit A)
5. Incoming Vehicles/Containers/Trucks Registration The security guard has to

register all incoming vehicles/containers/trucks (the vehicle/container/truck number,
driver’s identification document, company name, phone number, date and time of
entry/leave, etc)
6. Verifying Employee’s Identification The security guard has to check all the
employees’ badges to verify all the employees’ identification in/out the factory. If the
employee loses the employee’s badge, the security guard should notit3’ the relevant
departments and Security Manager to verify the identification of the employee and record
the case, before allow the employee enters the factory.
7. Unidentified/Illegal Object Inspection The security guard has the responsibility

to check all the worker’s belongings carrying in/out the factory whether they carry any
unidentified/illegal objects (such as explosives, chemicals, etc) in/out the factory. If they
find any suspected objects, they should report to the Security Manager and police
immediately.
8. To handle intruders or defenders If any intruder or defender is found, the
security guard should report to the Security Manager and police. If any unauthorized
employee/person enters the secure areas, including Packaging Department, Cargo Loading
Area, and Finished Goods Warehouse, the security guard should report to the Security
Manager and management. If the situation is serious, the security guard should report to
police immediately.
Responsibilities of the Internal Security Guards & Supervisors (If any)

Security Supervisor:
1. Ensure that all the guards reported on time and deployed with delay to the
respective post.
2. Take over the duty from the reliever with all details and sign in the handing and
taking over register.
3. Assist Security Office / Supervisor at the time of factory opening and closing.
4. Ensure the entrance of the authorized persons- checking the ID Cards are hanged with
the neck.
5. Ensure that goods and materials are loaded and unloaded as per the laid procedure.
6. Enter the details of gate passes into the appropriate registers and preserve the gate
passes for further records.
7. Enter the details of vehicle in I out in the vehicle register.
8. Ensure proper parking of the vehicles inside the factory and take extra effort while
shipment vehicle enters / go out of the factory.
9. Do periodical patrolling to check the alertness of the guards especially at night.
10. Ensure that no person enter into the factory after closing, in case of any urgency
report the same to the concerned senior management person.
11. Ensure the safety and security of the factory and materials.
12. Take appropriate action in case of any fire incident in the factory.
Main Gate
1. Report to the duty, place on time.

2. Know the scope of the security of the post.
3. Allow only the authorized persons to enter and exit the factory - checking the ID
Cards are hanged with the neck.
4. Do body check of the out-going persons- workers, staffs.
5. Check the bags on suspicion — by showing courtesy.
6. Scrutiny for carrying anything by any worker or staff.
7. Be vigilant at the gate and out of the factory premises.
8. Observe for any suspected movement of any person- own or outsider.
9. Scrutiny about the vehicles coming for loading and offloading.
10. Examine the Chalan and gate passes regarding the goods and enter the same into
respective register.
11. Inform with full particular at the reception if any person needs to enter with car or
other vehicle.
12. Shall not leave the post with permission.
Packing Area
1. Observe the activities of the packing men during packing. No unauthorized person is
in the area during packing.
2. Not to allow any person with out the permission of the concerned manager.
3. Observe the unnecessary movement of any person- check, interrogate and inform
accordingly.
4. Observe for any thing being throwing through window.
5. Check/observe for any conspiring by any person through the gate with outsiders.
6. Ask/ inform to the reliever if any thing important.
7. Not to leave the post without any reliever.
8. Observe for any type of sabotaging.
9. Do not leave the post with permission
Stair case
1. Restrict unnecessary movement of the workers.

2. Ensuring that no goods are carried through the stair case.
3. Observe that authorized persons are entering into the production floor or office.
4. Check the visitors for visitor pass.
5. Being observed any unnecessary movement of any person, intercept and inquire the
reason.
6. Do not leave the post with permission
7. Watch the water pump for their proper functioning
Floor Area
1. Restricting the movement of the unauthorized persons.

2. Frequently check and ensure the identity of the person working there.
3. Observe for any susceptive activities of any person.
4. Observe for any stealing and sabotaging activities.
5. Not to leave the post with any replacement
6. Be vigilant and alert by using the light and whistle.
7. Do not leave the post without permission
Loading and off loading point:
1. While on the loading and off loading duty ask for the gate pass and delivery challan
to know about the number and quantity of the materials.
2. Ensure that concerned person is present at the time of loading and off loading.
3. Count the item in the tally sheet and submit the same to the supervisor for further
record.
4. If it is observed that the quantity I number is not matching with the gate pass
challan or packet or bundle is torn or broken inform the matter to security officer /
supervisor immediately.
5. Check the lock before and after loading and off loading for its effectiveness.
Main Store
1. Ensure that no unauthorized person enters into the store.

2. Without any valid reason no staff or worker will not be allowed to enter into the
store.
3. While any Service or any other person taking any item from the store check the
requisition, challan and gate pass for exact number and quantity.
4. Allow the services to collect the items one by one and observe the transactions.
5. If anybody suspected to carry anything he/she can be checked / searched.
6. Observe for any type of susceptive and unnecessary movement in and around the
store.
7. For any major problem inform the same to the Supervisor or concerned senior
person.
Out Side of the factory:
1. Be vigilant at the post with whistle and baton.

2. Observe for any type of susceptive movement made by any person.
3. Observe that no material are thrown / smuggled over the boundary wall.
Instructions for Carton Case Security Guards
1. Take over the duty of the post mentioning the date and time in the handing taking
over register.
2. Check the area whether every thing in order or not.
3. If any problem found the same to be noticed to the concerned authority with out
delay.
4. Ensure that the concerned persons entered into the case area.
5. Inquire the reason of entering by checking the challan.
6. Enter the full particular of the person need to enter into the case.
7. This formality is applicable for all people.
8. Hand over the duty to the reliever with everything OK.
Location of Guards
• Main Gate( Front)

• Main Gate (Rear)
• Ramp Gate
• Exit Gate East
• Exit Gate West
• 1st Floor (Pack Area)
• 2nd Floor( Store)
• 3rd floor ( Pack Area)
• Canteen
ORGANIZATION OF SECURITY
UNIT-2
Manager
(Security)
Supervisor
Guards Guards Guards

The Commission and Training for the Security
Manager and Security Guards
In order to assure the effectiveness of the factory’s security plan, the commission of all the
security chief manager/officer/security guard should meet the following recruitment
requirements:
 Factory has to verify the background/past history of the security candidates
 No criminal records
 Good physique
 Holder of Security Guard Permit/Qualification.
 Passed the professional training for security guard .
 Employed by professional security companies or troops .
 Periodical on job training to strengthen the security awareness
Security awareness and CTPAT Training program for the employees.
 To give a general idea regarding what is CTPAT? Why CTPAT is so important for us?
 What is security threat? What are the activities which will help us to work safely?
 If anyone sees or discover any suspicious activities taking place whom they should
inform immediately.
 General Counseling regarding wearing ID card and uniform.
Security awareness and CTPAT Training program for the Security Guards
 To guard the insertion of illegal / unauthorized materials/ product tampering into the
factory.
 To guard against the unauthorized entry of any person.
 To handle recognition? Reporting of suspected illegal conducts activities
by any employee.
 To give a general idea regarding what is CTPAT?
 Why this is so important for us.
 Frisking and checking of ID card of each and every employee.
Policy for 7 Point Checking
All shipment must document their preloading, 7 Point container inspection program
including visual inspection of container wall, floor, ceiling and door for any signs of
tempering or malfunction prior to loading. All security guards would be trained on 7 point
checking.
Procedure for Challenging unauthorized I Unidentified
The security Personnel will be very alert to identify any unauthorized persons entering the
factory. The unauthorized person would be stopped in the main entrance and ask the
purpose of the visit. His ID card would be checked for proper verification. If the verification
is correct he would be directed to the appropriate person/department after proper
documentation of his personal details in the register kept in the main gate. If his
identification can not be verified then GM (Security and Admin) would investigate his
identity. Under no circumstance any one would be allowed to enter in the factory without
proper identification. If any illegal person is identified then he would be handed over to the
law enforcement agency for proper investigation and necessary action.
Container Loading
Container Loading/Unloading Security Procedure Guidelines
1. All containers loading or unloading must be operated at a loading area designated by

the factory. If factory cannot provide a designated loading area for container loading, then
factory has to appoint at least I security guard to monitor the whole loading process, so as
to assure that no unauthorized person or unidentified object tampering with the container.
2. When the containers enter the factory, the entrance guard should identify and register
the following details:
 The date (year/month/day), time of entry, origin of the container.

 The driver’s identification document, company name and the registration number of
the truck.
 The container and the seal is still intact, and the container number/seal number is
the same as it stated on the delivery note, Bill of Lading or others related shipping
documents.
3. During loading process, the company should appoint at least one supervisory
employee to monitor the whole process, and have to check and verif3’ whether the goods
match with the information stated on the documents, and the packing of the goods are
intact. In case any items/quantity of the good are not match with the information stated on
the relative documents or the package is damaged, then the supervisory employee should
report to the management and relevant departments. Stop all loading process and
investigate the reasons immediately.
4. For all cargoes move in/out the warehouse, the warehouse supervisor should issue a
cargo receipt/delivery order for record. And the cargo receipt/delivery order should include
the following details:
 The date (year/month/day) and time of the in-cargo/ex-cargo

 The container number/seal number and the origin of the container
 Details of the cargo, e.g. type, style/model, color, quantity, etc.
 The name and employee number of the workers who store/extract the cargo. If the
carrier is the Employee of the factory, then the warehouse supervisor has to verify
and register the carrier’s personal information, such as name, identity card number,
company name, etc.
5. After the loading/unloading procedures finish, the warehouse supervisor has to

assure that the procedure and the details on all the relevant documents are clear and
correct. The warehouse supervisor has to monitor the employee to lock up the container
with a seal, and has to take photos for verification and record. After the loading finish, the
supervisor has to pass all the relevant documents to the shipping department and also has
to send a copy to the warehouse department for record.
6. When the truck leaves the factory, the security guard at the entrance gate should
register the date (year/month/day), time and container number for record.
Security Procedure for Container Loading
In and out Warehouse
• For all in-cargo/ex-cargo, the carrier must have valid in-cargo receipts/delivery
orders for record and verification.
• The Delivery Order should contain the following details:
 The issue date

 The style reference number
 The description of the cargo
 Ex-warehouse date
 Quantity and unit
 The name and signature of the Department I-lead issuing the Delivery Order.
 The name and signature of the carrier(If the carrier is the employee of the factory,
then, the warehouse supervisor has to verify and register the carrier’s personal
information, such as name, identity card number, company name, etc., and the
carrier should be accompanied by the company employee to extract the cargo)
 The name and signature of the warehouse supervisor
 For the in-cargo receipt, the following details should be included:
 The issue date

 Container number (only applicable for container loading) or other reference number
(if applicable)
 In-cargo date
 The name and signature of the department head issued the in-cargo receipt.
 The name and signature of the carrier(If the deliverer is not the employee of the
factory, then the warehouse supervisor has to verify and register the carrier’s personal
information, such as name, identity card number, company name, etc., and the carrier
should be accompanied by the company employee to store the cargo)
• The warehouse supervisor has to verify and monitor the procedure for in-cargo and
ex-cargo in order to assure that all the cargoes in/out the warehouse, quantity, and others
are clear and correct.
• The warehouse supervisor has to keep all the in-cargo receipts delivery orders for record.
• The warehouse supervisor has to keep daily warehouse reports and monthly
summary reports in order to have a detailed record of the goods in the warehouse for
verification and tracing, or the warehouse can verify the records with other departments.
Packing
The packing department should follow the guidelines below:
• Appoint at least one employee to monitor the whole packing process.

• The monitoring employee should be alert if there is any unidentified objects being
packed in the poly bags/cartons during the packing process
• Before packing starts, all the packing materials, such as carton box, plastic bags,
have to be pre-checked in order to assure that no unidentified object will be packed in the
poly bags/cartons.
• During packing, check and verify the description of the shipping mark printed on the
carton, including the style, color, quantity, gross weight and net weight of the
merchandises against the details provided by other departments. Pay special attention to
the color, quantity, gross weight and net weight of the goods.
• Assure that all the packed merchandises and carton box are intact.
• In case if packed merchandises or carton box are opened, record the date, time,
reason and the details of add on or take off materials, then verify the revised information
with the shipping forwarder or the courier. All the relevant documents must be copied and
sent to all related departments for record and file.
Container Loading and Unloading
• Container inspection When receiving an empty container, a designated employee

must be appointed to inspect the container, and assure that the container is intact and
without damage/contamination. A standard procedure to inspection contain includes:
 Front wall
 Left side
 Right side
 Floor
 Ceiling / Roof
 Inside / Outside doors
 Outside / Undercarriage
 The container number
If the said unusual circumstances were found, the employee needs to inform the shipping
forwarder immediately.
• Loading area security
 The company should assign a specially designated area for loading and unloading
purposes. Only authorized employee is allowed to enter this area. The company has
to appoint one supervisor to coordinate record and monitor the whole loading
process.
 Only authorized people are allowed to enter and work in this specially designated
loading area.
 All visitors are prohibited to enter or stay in this area except the truck driver.
 Loading and Unloading procedure
 The appointed loading coordinator has to record and verify the type, style, quantity
or other necessary details of the loaded cargo and has to monitor the whole loading
process, in order to assure that the whole process is faultless (no unidentified objects
are loaded into the container during the loading process)
 In case of the type, style, quantity, unit and other details are not conformed with the
documents, then, the nonconformity must be clarified the with the related
departments, and should wait for the final judgment from the Heads of the packing
and shipping department.
 The appointed loading coordinator should file all the records after the loading process
completed.
 The register & verification of the shipment details The employee of the
related departments should register and verify the details of the cargo to be shipped.
The details should contain the following items:
 Invoice copy
 Packing list copy
 Customs documents (such as export license, country of origin, etc.)
 The type, style, color, quantity and unit of the cargo
 The gross weight and net weight of the cargo
All the above said documents should be file for record tracing.
 The container seals
 The container seal is a very important object, so it should be a high security

mechanical seal and should meet the current PAS ISO 17712 standard. Besides, the
seal should be properly kept and the appointed loading coordinator should monitor
the sealing of the container/closed truck and make sure that
 The seal is intact
 The seal is properly affixed to the container
 The affixed seal cannot be open under hand pressure
 The loading coordinator should have a fill record of:
 Serial numbers or Forwarders’ Booking numbers
 Affixing seals or Sealing numbers
 Replacing seals or Transshipment reference
 Recording seals or Cargo receipt
 Tracking seals or Bill of Lading number
 For the closed truck, after the whole loading process is completed and correct, the
truck should be locked with a high security mechanical lock and should be recorded
and filed.
 The seal number only provides for purpose of the related documents. (e.g. quoted on
the Bill of Lading)
 Report Container Information The assigned loading coordinator should submit a

report and all related documents to the shipping department for reference and file.
 The responsibility of the shipping department

The shipping department should receive a report and all related documents from the
loading employee after the loading process completed. He should verify all the information
(including the time when the container leaving the factory and arriving the forwarder’s
warehouse/terminal), and file all the documents for record. All the records/reports should
be kept for at least 12 months.
 Reporting System
In case of the loading information is not conformed, such as over-shipment or short-
shipment, the employee who discover this nonconformity should report to his/her
department head firstly. Then, the employee should further clarify with all correlated
departments whether there is any typo error or because of other reasons. All department
heads involved should take appropriate arrangement and decision as soon as possible after
they receive the inquiries of the nonconformity queries. If the situation is serious, all
loading and unloading operations should be stopped immediately, until the problems are
correct.
Security Procedure for Closed Truck Loading
 All LCL cargo must be transported by closed truck from factory to forwarder’s
warehouse.
 Assign a designated employee to monitor the cargo stuffing and escort the cargo
from factory to forwarder’s warehouse.
 Verify and record the Truck Driver’s identity documents.
 Issue the Delivery orders for record and verification.
 The Delivery Order should contain the following details
 The issue date

 The style reference number
 Ex-warehouse date
 The name and signature of the Department Head issuing the Delivery
Order.
 The name and signature of the carrier and driver
 Closed Truck inspection Assign a designated employee to inspect the container of

the closed truck for damage/contamination under the following standard procedures:
 Front wall
 Left side
 Right side
 Floor
 Ceiling/Roof
 Inside/Outside doors
 Outside/Undercarriage
If the said unusual circumstances were found, the employee needs to inform the shipping
forwarder immediately.
 Loading area security
 Assign a specially designated area for loading and unloading purposes. Only
authorized employees are allowed to enter this area. The company has to assign one
supervisor to coordinate record and monitor the whole loading process.
 Only authorized people are allowed to enter and work in this specially designated
loading area.
 All visitors are prohibited to enter or stay in this area except the truck driver.
 Loading and Unloading procedure
 The assigned loading coordinator has to record and verify the type, style, quantity
or other necessary details of the loaded cargo and has to monitor the whole
loading process, in order to assure that the whole process is faultless (no
unidentified objects are loaded into the truck during the loading process)
 In case of the type, style, quantity, unit and other details are not conformed with
the
documents, then, the nonconformity must be clarified the with the related
departments, and should wait for the final judgment from the Heads of the
packing and shipping department.
 The loading coordinator should file all the records after the loading process
completed.
 The register & verification of the shipment details The employee of the
related departments should register and verify the details of the cargo to be shipped.
The details should contain the following items:
o Invoice copy
o Packing list copy
o Customs documents (such as export license, country of origin, etc.)
o The type, style, color, quantity and unit of the cargo
a The gross weight and net weight of the cargo
All the above said documents should be file for record tracing
 Assign a designated employee to inspect the mechanical lock and lock the closed
truck, After the whole loading process is completed and correct. The locking process
should be recorded and filed.
11. A designated employee must escort the cargo from factory to forwarder’s
warehouse, and hand over the cargo to forwarder. The employee records the time
when the truck leaving the factory and arriving the forwarder’s warehouse. The cargo
hand over should be recorded with receipt document, chop and signature.
12. Report cargo loading and trucking Information
The assigned loading coordinator should submit a report with all related
Documents to the shipping department for reference and file.
i) The responsibility of the shipping department
The shipping department should receive a report and all related documents from the
loading employee after the loading process completed. He should veri& all the
information (including the time when the truck leaving the factory and arriving the
forwarder’s warehouse) and file all the documents for record. All the records/reports
should be kept for at least 12 months.
j) Reporting System
• In case of the loading information is not conformed, such as over-shipment or short-
shipment, the employee who discover this nonconformity should report to his/her
department head firstly. Then, the employee should further clarii’ with all correlated
departments whether there is any typo error or because of other reasons. All related
department heads should take immediate action to investigate the case after they receive
the inquiries of the nonconformity queries.
If the situation is serious, all loading and unloading operations should be stopped
immediately, until the problems are correct.
Procedure of tracking the goods from factory to ultimate destination.
Lenny fashions ltd. produces garments for number of buyers. Our company policy is to
ensure safe and secured departure and arrival of all shipments to ultimate destination in a
safe and secured manner.
We believe that, it is necessary to ensure safety of the transportation process to make the
shipment safe and secured for arrival to the destination within the reasonable time.
As a matter of policy we have the following procedure of tracking the shipment goods in the
process of movement from factory to destination.
1. After getting the final inspection passed report or SRA (Shipment Release Authorization)
from buyer Qc for a particular consignment. We contact nominated C&F agent to get
covered van/container for loading the cartons.
2. Before loading the loading area security personnel long with store officer in charge of
export & commercial officer check the covered van/containers. This checking is recorded in
the delivery record book signed by the store officer. If the covered van/container is free
from any damage or any suspected materials only the loading is initiated. If the condition is
not found satisfactory we inform to C & F agent and ask for replacement Covered
van/container.
3. During checking of the covered van? container if we find any suspected or illegal
materials DEPZ security and police station is informed.
4. Our security maintains a log book for checking the covered / containers, which includes
the covered van? container number and store in charge’s signature.
5. In presence of security store and commercial staff loading is done as per packing list and
locked properly Different procedure are being maintain for locking the truck and container
which are as follows
a. If it is a covered van, security locks it and handover the key to commercial department.
Our commercial department sends a representative separately to nominated C & F office,
chittagong along with the keys.
b. If it is a containers, customs authority staffs comes over here in the factory and lock and
seal the containers in front of our security commercial and store staffs.
6. We closely monitor the trucks/containers until it arrives to nominated forwarder at
chittagong as well as we communicate with the buyers nominated forwarder whether they
have received the
7. goods in due time or not. After that times to time we communicate with the shipping
lines to get the exact location of shipped goods on the way to final destination.
8. One of our representatives is permanently posted in chitt agong to monitor the goods till
ship to destination.
Procedure for checking discrepancy in shipment documents.
Lenny Fashions Ltd. is one of the largest and prominent garments manufacturers in
Bangladesh. We have an separate commercial department to arrange and prepare the
shipping documents foe smooth shipment of goods to our buyer.
Our commercial department checks all the relevant shipping documents through a checklist
before shipment of goods.
We follow below mentioned procedure to prepare the shipping documents in different
stage:
1. When goods are ready for shipments , immediately we contact the buyer nominated
forwarder to get the booking confirmation and stuffing details. On the basis of above we
start preparing the shipping the shipping documents.
2. Goods send to forwarder along with invoice and packing list signed by our Commercial
Manager.
3. Prepare and arrange commercial invoice, final packing list, multiple country declaration,
and manufacturer certificate, certificate of origin, wearing apparels details and bill of lading
send to forwarder. Above documents are checked and signed by our Commercial Manager.
4. Before sending the above documents to forwarder our commercial staff in charge of
export check and verifS’ the documents through a set checklist (if any specific buyer has
any checklist that is also adhered to) and that checklist includes concerned persons
signature for accuracy of the documents. If they find any discrepancy in the documents,
they bring it into the notice of the concerned staff for correction or rectification . Only then
the documents are put to Commercial Manager for final checking for his signature. The
commercial Manager only signs when he finds there is no discrepancy in the documents
prepared.
5. Corrected and verified documents are then sent to the forwarder. If forwarder finds any
discrepancies in the shipping documents they immediately bring it to the notice of the
Commercial Manager.
Policy for handling of suspected or illegal activities
At present, Garments sector is the backbone of Bangladesh and Lenny Fashions Ltd. is one
of the largest exporters in this sector. So, we are very much aware and conscious to tackle
any kinds of destructive situation as well as illegal activities . Natwally, we have to remain
more cautious to overcome any unexpected situation.
Therefore following procedure regarding suspected and illegal activities are to be followed:
1. All the security posts to remain alert round the clock for inside and perimeter security so
that they can identi& any suspected person or movement.
2. Nobody is allowed to get inside without proper identification.
3. It has been instructed to all workers regarding quick information to the admin dept. or
security for any suspected incident or suspicious person.
4. If any suspected person is found inside the factory,
a. He will interrogated by company security guard and administration department.
Unauthorized persons will be detained for further action.
b. Unauthorized person shall be handed over to the DEPZ security or police with valid
reason.
c. A general dairy to be entry in local police station.
5. If any suspected materials is detected
a. Initially those materials will be cordoned by own security force till any competent
representative of DEPZ or local police authority come. So that no body can come across.
b. As soon as possible DEPZ security and local police station should be informed.
c. All employees to be removed from that particular place to the safe area.
d. Materials to be handed over to the local police in presence of DEPZ authority.
e. A general dairy to be entry in local police station.
Procedure for Surprise check) unannounced audit.
The factory authority adopts appropriate measures to ensure a good standard security in all
the vulnerable places in the factory. To ascertain the adopted measures the iesponsible
persons of administration and personnel dept with the instruction from higher authority
undertakes the activities mentioned below
I. (a) A surprise security is found to undertake a spot checks suspecting any activities
against the security of any area of the factory. It includes the identity checking in different
workplaces, stair and gate.
(b) Checking any section for the authorized persons are working or not.
(c) Checking for whether any persons is disappeared without permission for considerable
time.
Cd) Observe closely the interaction and discussion not concern to the production.
(e) Checking for the ID card for any unauthorized persons.
(Q In a certain day 5 to 10 workers/employees are picked up while entering or leaving the

factory to check whether anybody is carrying any harmful thing.
(g) In a certain day one of the stair is cordoned to check for any unauthorized persons.
2. The surprise checking team with the involvement of the packing In-charge open few
cartons in random basis to check for any harmful teams.
3. The team checks suddenly while containers are being loaded or unloaded . It checks
whether the cartons are intact.
4. The team surprise checks the lock and seal of the containers while loaded or unloaded.
For any discrepancy regarding the said matters the administration with help from personnel
department take corrective and legal action as per the decision of the higher authority.
Key control policy
1. All keys when not used must be in possession of Duty Supervisor of Security Section.
2. When issued to any one and returned be recorded.
3. At night after closing of factories and stores the keys be handed over to unit-I and be
drawn back on
following morning by Duty Supervisor.
4. After closing and sealed of store /factories keys for any emergency purpose keys can not
be used
without prior permission of chief of Security of Lenny Fashions Ltd unit -1/2.
5. Loss of any must be informed immediately to Chief of Security. Duplicate key will be
used to open the
existing lock or broken and be replaced with a new lock.
Sub-contract policy
Introduction: Lenny Fashions Ltd. is a 100% Export oriented Garments Industry. It’s loyal
to its buyers, associates & sub-contractors. Human rights, Environment, Quality, CT-PAT,
uT, business Privacy are major points we follow in our business relationship.
Comply with CTPAT standard: The subcontractor must maintain the CTPAT guide line in the
premises and supply chain. Written consent from the subcontractor is required in this
regard.
Prefcrence in Sub-contract: In Sub-Contract we always prefer buyer’s nomination. If buyer
has no choice then we try to find the best one.
Assure HR, Environment, privacy: Before sub-contract our ‘HR & Compliance department’
visits the factory & assure about the fIR, Security standard, Environment & Business
Privacy up to Ethical standard.
Assure Quality & JIT: Our Production Technical Team visits the factory before sub-contract
assures the Quality Production, capacity to delivery JIT.
Commercial Contract: All Sub-contract activities Commercial based. No-Verbal agreement
is valid.
Delivery & Receiving: All Delivery & Receiving process though physical counting, Gate Pass
& Challan with valid Signature.
Transport: We use our nominated transport.
Procedure for locking covered Van
As a 100% Export oriented Garment Industry, Lenny Fashions Ltd understands the Covered
Van Locking Arrangements and Procedures to meet different types of business needs
After getting approval for loading cartons to ship, store team should count the cartons to be
loaded physically.
After counting, comparing and confirming with commercial invoice, the cartons should be
loaded into covered vans.
A delivery challan & Gate pass should be made truck wise for each shipment. Company),
security sign and van driver sign (on behalf of C&F agent)
After Loading a shipment into a truck from factory, the C&F agent, Truck driver are the
responsible persons to hand over the shipment to Buyer’s Forwarder.
The Shipment Truck) Van should be locked and sealed by the security in front of truck
driver, Store person and commercial person.
If the seal is found broken before handing over to the Buyer’s forwarder, the Buyer’s
forwarder will not accept the Shipment? Goods of the truck and should inform the incidence
to commercial personnel and to factory management immediately.
Policy for affixing, replacing record and track seal place in control
As a 100% Export oriented Garment Industry, Lenny Fashions Ltd understands the policy
for Affixing, replacing record and track seal place in control.
After getting approval for loading cartons to ship, store team should count the cartons to be
loaded physically.
After counting, comparing and confirming with commercial invoice, the cartons should be
loaded into covered vans.
A Delivery challan & Gate pass should be made Truck wise for each shipment. It should be
having sign of store person (on behalf of company), Security sign and van driver sign.
After Loading a shipment into a truck from factory, the C&F agent, Truck driver are the
Affixing:
The Shipment Truck! Van should be locked and sealed by the security in front of truck
driver, Store person and commercial person.
forwarder will not accept the Shipment! Goods of the truck and should inform the incidence
Replacing & Tracking:
The seal may be broken? damaged! opened on transit in various reasons/ ways. It may
happen for police checking, natural disaster, accidents, stealing etc...
If such circumstances arise, the C&F agent must inform to the Factory stating the reason
why the seal was broken? damaged! opened with the reasons.
Commercial dept accompany a person with a seal and will send him to the place for
replacing the seal. The goods should be off loaded, recounted and should be loaded again
in front of him before handing over to Buyer’s forwarder.
Procedure for reporting of lost ID cards

ID card of employees may be lost. If anyone’s ID card is lost then he/she needs to file a
general dairy stating that his/her ID card is lost to the nearest police station. Then he/she
needs to apply to the Personnel Manager stating that Ms/her ID card is lost along with the
copy of Dairy. The same should be forwarded by the Personnel Manager to payroll so that
he/she can get the card in 02 working days.
If someone is unable to make a General Diary in the nearest police station then he/she
needs apply to the personnel manager in a white sheet that the card is lost. Personnel
Manager should forward the application to the payroll department so that the ID card can
be issued in shortest possible time..
Policy for Visitors, Delivery and Transportation Drivers
As a 100% Export oriented Garment Industry, Lenny Fashions Ltd understands that
Visitors, Business associates, Suppliers, Delivery and Transportation Drivers may need to
come to factory premises to meet different types of business needs.
Visitors:
A separate register is maintained by security for the Visitors who come to the factory to
meet different personnel. Their name, purpose of visit, person whom they want to meet,
time of in and out, reasons are recorded in a register.
The person of factory whom visitors want to meet should be informed by security. Then the
person of factory whom visitors want to meet should give his/her consent whether to meet
the visitor or not.
Then the security will record the details and initiate the visit by issuing a temporary Visitors
Card accordingly.
Drivers:
Shipment Vehicle Drivers:
Any Shipment Vehicle Driver/Covered Van/Covered Truck Driver (related to shipment)
should submit his License number, Vehicle number to the factory security and that is
recorded in a register.
Shipment Vehicle Drivers should have accounts of the shipment of his truck thoroughly.
After completing loading of his truck, he must ensure and confirm that the Loaded
shipment qty and commercial invoice qty is equal and OK.
A Delivery challan should be issued for each and every shipment and each and every truck
on behalf of factory and it should be confirmed and signed by the Truck driver.
Security should lock truck in front of Truck driver, Commercial person and store person.
Truck Drivers are not allowed to enter into the factory. Any discrepancy! irregularities occur
in transit, they must inform immediately through C&F agent.
Visitors and Company Owned Vehicle Drivers:
Visitors Drivers are not allowed to enter into the factory. They park their cars in the parking
area designated for the visitor’s parking. A security guard is posted over there to look afier
the vehicle/s.
Company’s owned vehicles Drivers are having company provided ID cards. So they are
pennitted to enter into the factory for punching, taking food and for any official duties.
Company leased Vehicle Drivers are allowed to enter into the factory for taking food and for
any specified official purpose.
Procedures for Detecting and Reporting Shortages and Overapes

As a 100% Export oriented Garment Industry, Lenny Fashions Ltd understands that
Procedures for Detecting and Reporting Shortages and Overages in Import and Export
shipments.
Procedures for Imports:
Incoming shipments containers should be opened in front of C & F agent, Commercial
person and Security and Store person.
Any Incoming shipments should be checked and confirmed with Import Invoice before
taking inventory by store team.
After un loading any shipment, it should be counted by store team and should be checked,
compared and confirmed with Import invoice.
After confirming, a challan should be made and should be signed by store person, security
and commercial person for confirmation.
If any shortages! Overages will be there in shipment, Store team should inform
Commercial, Import Department, Production GM and to Merch dept immediately and it
should be recorded style wise, Invoice wise.
Procedures for Exports:
Any shipment is to be exported should be checked and confirmed with Commercial invoice
before loading by store team.
Shipments should be counted at Cover Van while loading and it should be recorded style
wise, truck wise.
After completing loading, a delivery challan should be made and it should be signed by
store person, commercial person, security and Tnick driver for confirmation.
If any shortages/ Overages will be there in shipment, Store team should inform to
Production GM and to Commercial dept immediately.
Policy for Security Violations at Transit

As a 100% Export oriented Garment Industry, Lenny Fashions Ltd understands the Policy
for Security Violations at Transit
After Loading a shipment into a truck from factory, the C& F agent, Truck driver are the
The Shipment Truck! Van should be sealed by the security in front of truck driver, Store
person and commercial person.
forwarder will not accept the Shipment) Goods of the truck and should inform the incidence
The incidence should be reported to the nearest police station.
C&F agent is the solely responsible for the Transit Jn between the factory and Port and till
hand over to Buyer’s forwarder place. Lenny Fashions Ltd has a written contract with C&F
agent, in that any violation, Damage, misappropriation, stealing should be borne by the C &
F agent.
Any infringement) Violation! Damage! Stealing happen at Transit, C&F Agent should inform
to factory management immediately.
Preface
In order to meet Customer’s requirements on the security of the factory and safety of the
merchandises, our factory has developed our security plan. The security plan is based on
the following three principles.
1) Prevention on TRESPASSING
2) Prevention on TAMPERING
3) Establishment of the TRACEBIIJTY
In order to enhance the effectiveness of this security plan, all employees of our factory are
responsible to uphold and maintain the security plan in accordance with the criteria we set
and the applicable local law within the factory.
Security Code of Conduct for Employee

1. All employees must wear their own employee’s badge inside the factory premise and
should be hung on the front chest to enable security guard to verify their identity easily.
2. All employees are prohibited to carry any contraband goods into the factory. In case the
Contraband goods are discovered, factory will report and hand-over the case to the Police.
3. All employees have the responsibility to keep his/her own employee’s badge and identity
card
Properly. No employee is allowed to keep or safekeeping other employee’s employee badge
or identity card.
4. Tn case of damaging or losing the employee’s badge, the employee should report to the
personal officer for record and reissue the employee’s badge immediately. Same procedure
is applied to the employee who loses the identity card, report to the personal department.
The personnel of the personal Department will accompany the employee to go to the Police
Station for reporting loss of ID card and applying reissue the identity card.
5. All personal belongings are prohibited to bring into the workplace. During working hours,
all personal belongings should be locked in his/her own drawer or locker.
6. In order to enable factory’s management to check the exact number of attendees, all
employees must punch their time card when entering or leaving the factory. To punch the
time card for other employee is not allowed.
7. Either sick leave or annual leave, all employees should submit a leave application for the
leave request. For sick leave, a doctor’s or hospital certificate is required.
8. Even for the occasional leave, all employees have to submit a leave permit and must
wait for the management approval before leaving the factory.
9. All employees should always stay in his/her workplace during the working hours; should
not go to other departments unless in emergency or special job duties. Otherwise, the
employee will receive security inquiries and need to explain the reason entering to other
departments.
Guidelines for Security Guards

1. Security Guards also have to follow point 1-9 in the “Code of Conduct for Employees”.
2. Always be punctual and keep as a good practice. Punctual to work and well prepare the
task to Hand over to the Security Guards of next shift.
3. Everyday, before all the workers enter the factory, the security guard should personally
unlock the doors and carry out security and fire safety check in order to assure that all
workers are working in a safe working environment.
4. Every patrol, the security guard should inspect all the monitoring TV are well function,
and all the emergency exits and pathways are unblocked.
5. All the security guards, especially the entrance guard, should always observe and
identify the badge of the employees whether it is matched the employee’s identity in order
to ensure that no intruder enters the factory.
6. The security guard should report and hand over all lost employee’s badge or other
personal Belongings they found during the patrol to chief security and record those
findings. They should inform the i-JR & Administration Department simultaneously.
7. In case of finding the working procedure of any department may cause instant security
crisis, then the security guard should provide corrective recommendation to the related
department and report to the chief security for record and file.
8. Before/after working hours, or after all the workers leave the factory, the security guard
should Conduct security inspection on all departments. He/she should inspect all the
security devices and record the date and time of the inspection.
9. Security Guard will conduct security inspection after all workers leave the factory, after
the Inspection is finished; all the doors/exits should be locked up by the security guard
10. The security guard should always be alert and periodically trained so as to reinforce the
security Consciousness.
Security on Materials and Information Flow
1. According to the container loading guideline, all the workers and security guard should
comply with the ruling in order to assure that the security system can execute effectively.
2. When all goods and materials (including garment accessories, raw materials, mechanic
equipments, stationery, chemicals, commodities, food and beverages, etc.) enter the
factory/warehouse, it should be security checked and verified. All the related documents
should be kept for tracing.
3. All workers have the obligation to assure that no unauthorized people or
unidentified/illegal materials enter to the factory’s province.
4. In case of finding some unidentified/illegal materials enter the factory; the worker has to
report to the nearest security guard or security supervisor immediately.
5. Since all the departments have their own necessities, so in order to have a clear stock
list, the supervisor or the top management should approve and record down all the details
before extracting or written off the materials.
6. Should not expose factory’s documentary to third party unless having a mutual
understanding/agreement with the buyer. Otherwise, all unauthorized people are not
allowed to call out any documentary from the factory.
Monitoring and Training

1. In order to enhance the effectiveness of the security plan, all the doors, pathways,
workplaces and warehouse are suggested to add in the video camera to monitor the
activities in the factory. This set up is only favor for security purposes instead of affecting
worker’s activities.
2. In order to ensure that all the workers understand the whole security plan, factory
should provide some training courses to the worker annually (suggest to be on the quarter
of each year). For all new corners, the security guideline of the related department, the
administrative officer has to explain clearly the whole factory’s security plan to the new
corner. The training should include:
a) The method to handle unauthorized person access to secure area.
b) Educate the employees to identilS’ suspicious cargo, people, situations and anomalies.
c) Encourage, recognize and report suspicious cargo, people, situations and anomalies.
3. Specific training should be provided to the employees on
a) Who handling incoming mails and parcels
b) I-Tow to identi& and report on the overage, shortage or un-manifest cargo
4. The security chief officer should establish and maintain a threat awareness program so
as to educate and update the employee periodically the smuggling trends, seizures and
information on terrorist threats.
5. Same as fire drill, the Security Compliance audit or drill should be carried out annually.
All the workers, including the supervisor and top management, should participate in this
Security Compliance audit or drill. All Security Compliance audit or drill should be recorded
and kept for at least 12 months.
6. In order to enhance the security plan continuously, all workers are encouraged to
express their opinions or suggestions on the security plan. He/she is free to bring out their
suggestions to their department supervisor, the chief security or the top management by
all means.
V. Security Guidelines Notice Specimen for all Departments

1. HR & Administration Department
2. IT Department
3. Security Department
4. Entrance Guard
5. Reception / Mailing Room
6. Office
7. Production Workshop
8. Laundry I-louse
9. Packaging Department
10. Cargo Loading
11. Raw Materials Warehouse
12. Finished Goods / Storage Warehouse
13. Parking
Security Guidelines for Personnel Department for background check (Screening)

during recruitment and termination procedure
1. All job candidates including temporary worker need to complete a written job application
including the personal information, employment history and reference of the applicants
2. Should conduct interview to all job candidates including temporary workers to verify
application information such as employment history and reference
3. Should conduct background checks and investigations of perspective employees prior to
employment
4. Periodically check and reinvestigate the background of employees whose positions are
sensitive and important such as packing, loading/unloading department
5. Need to collect the employee identification badge, facility and system access including
return of keys, key cards, etc for whom employment has been terminated
6. Need to take periodic internal audits of hiring practices to ensure that the recruitment
process is consistent and meet security requirements.
Procedures to notify customs and border protection in cases where anomalies or
illegal activities are detected or suspected by the company.
Leimy is always having high regards regarding the law of the land and guideline provided
by the valued customers. Due to some unavoidable circumstance such as dacoits, terrorist
activities or unwanted incidences the relationship between Vendor and buyer may be
affected badly. So Lenny is very much alert and agile that if such things take place Lenny is
determined to report the same to law enforcement agency and customs department so that
the actual course of action can be taken as per provision of law.
Any illegal activities are detected or suspected out side the premises regarding to
shipment, Lenny will inform Buyer’s forwarder and to Buyer as well if requires. Lenny is
determined to take help of the law enforcement agency as well.
Any illegal activities detected or suspected inside the premises in any form, Admin dept
reports to top management accordingly and record such type of activities. Lenny is
determined to take help of the law enforcement agency as well.
Security Guidelines for IT Department
I. Password logon be set up to control employees to access to network and sensitive
information
2. Conduct periodic internal audits of the IT system
3. Employees are required to change passwords on a regular basis
4. System in place to identi& the abuse of IT including improper access, tampering or
altering of business data
5. All system violators are subjected to appropriate disciplinary actions for abuse.
6. All system violators must be reported to the management and be recorded. All records
should be kept for at least 12 months
7. All illegal activities must be reported to the management and police.
Workin2 Guidelines for Security Department

1. All security guards on duty must wear tidy uniform and Security badge.
2. Security guards must report for duty 15 minutes before start to work. All hand-over
procedures between the shifis must be arranged and monitor by Security Manager in order
to assure the hand-over process is completed.
3. After the hand-over process is completed, a security check must be conducted, for
example, check if all CCTV cameras, equipment for communication and the lighting system
are well function.
4. Day shift Security Manager must know clearly the operation of all departments, in order
to arrange the security guard to station at the unattended department.
5. Night shift Security Manager must know clearly whether the departments have overtime
work. Whether the doors of the departments that do not have overtime have been locked
or completed the security cheek.
6. Security Manager of every shift must assign one security guard stationing at the
entrance of the factory, and arrange other security guard to patrol the front doors & back
doors of all departments at least once per shift and record all findings in detail.
7. All security guards including day and night shift must be well equipped with
communication apparatus so as to maintain contacts with Security Room all the time.
Security Guidelines for Entrance Guard

For Visitors and Employees
I. All visitors should register with name, identity card number, company name and the
visiting purpose
2. Issue a Visitor Badge to the visitor after his/her identification has been verified by the
relevant department. All visitors are required to display the visitor badge in a visible
position.
3. The date and time of entry should be recorded. Before the visitor leaves the factory, the
visitor’s badge should be collected and the time out should be recorded. All visitor records
should be kept for at least 12 months.
4. All employees should show their employee’s badge to the entrance guard when
entering/leaving the factory.
5. For employees who ask for leave and outgoing employee should present their approved
‘Leave Permit’ to the entrance guard for verification before leaving the factory.
6. In case of any in-cooperative situations, the entrance guard should report to the Security
Manager or relevant department immediately for assistant.
For Vchicles
1. All incoming vehicles and trucks should register with date and time, company name, and
the purpose of entry
2. All vehicles and trucks should register the leaving time when leaving the factory. All in
and out vehicles records should be kept for at least 12 months.
3. Every morning, before the security guard reports to work, he/she should submit the
registered records of previous shift to Security Department for verification.
Security Guidelines for Reception I MaiIin Room
1. Check and screen all the incoming mail and packages before distribute to related party.
2. Record the sender’s name, company name, date and time mail or parcel received. All
records should be kept for at least 12 months
3. The reception employees should always be alert and periodically trained so as to
reinforce the Security consciousness.
4. In case of any unidentified/illegal findings, the employee must report to the
management immediately.
Security Guidelines for Office
1. All employees must wear employee badge in the office.
2. Department managers are responsible for unlocking the door before work and locking
the door after work.
3. All documents should be filed into the file cabinets properly when it is not being used
currently.
4. All documents on the desks should be covered to avoid information disclosure.
5. Non-departmental workers or visitors without accompany of workers must not be
allowed to enter the department. Contact with Department Manager and Security Officer if
any suspect or stranger is found.
6. Security guard must on duty at the office during lunch time to avoid criminals or
suspects breaking into the office to place restricted objects or steal the property /
information of the company.
7. If any stranger inquires the information of the factory by telecommunication or e-mails
etc., do not disclose any factory information, and report to the department manager and
security officer immediately.
8. The passwords of computer and access to network/system must be changed regularly.
Security Guidelines for Production Workshop
I. Before report for work, the security guard should unlock the doors personally and
conduct a security and fire safety check.
All employees should wear the employee’s badge. All personal belongings are not allowed
to bring into the workplace.
2. Employees are responsible to keep watch any unidentified object or materials in the
workplace. If found, should report to the Department Head immediately.
3. Goods/materials moved from department to department must be listed clearly on the
delivery note.
4. In case of finding any stranger walks around the workplace without accompanied by any
factory employee, should report to the Department Head or Security Manager immediately.
5. Employees are responsible to keep and store their tools properly before off duty. In case
of any tools are lost, should report to the Department Head immediately.
6. Employees must not take away any factory’s property and goods when they leave the
factory. Once found, the employee will be treated as stealing and would be hand-over to
Police.
7. Before off duty, each Department Head and the security guard conduct a patrol
inspection at the workshop to ensure that there’s no illegal object in the workshop, and
then the security guard locks up all the windows and doors.
Security Guidelines for Laundry House

Before report for work, the security guard should unlock the doors personally and conduct a
security and fire safety check.
All employees should wear the employee’s badge. Employees not belong to Laundry
Department or Visitors without accompanied by factory employee are not allowed to enter.
All personal belongings are not allowed to bring into the workplace.
2. Record each and all used amount of the chemicals, such as detergent, softener, etc., the
dosage of each chemical should be clearly recorded. All empty chemical containers should
be returned to the supplier.
3. All chemicals should not be over-stocked and should be stored in a separate chemical
storage area with clear stored and used records.
4. All incoming or outgoing chemicals must be recorded and check the in/out date, quantity
and all details. For those unfinished goods that store overnight, the operator must check
the quantity and record the details.
Security Guidelines for Packa&n Department
1. Before report for work, the security guard should unlock the doors personally and
conduct a security and fire safety check.
2. Packing areas are restricted area. Only the employees of Packing Department can handle
the work in this area. All other employees do not belong to the Packing Department or
those visitors without accompanied by factory employee are not allowed to enter the area.
3. Before report for work or off duty, the operator must count and cheek whether the
quantity of the goods are conformed to the details on the documents, whether the goods
are damaged or moved without reasons.
4. All incoming and outgoing goods must be registered in order to ensure that no
tampering of unidentified objects and endangering factory’s security.
5. During office hour, the employee of the Packaging Department must be on duty. Jf
packing is suspended due to insufficient order, Department Manager and Security Guard
have to go around and inspect the security of the Department, and the Security Guard
must station in the Department until all employees of the Department leave the factory.
6. At the end of a working day, all packed finished goods should be moved to the separated
finished goods storage area. All these packed finished goods should be wrapped up with
plastic film or anti-tampering net.
7. No unsealed carton can be left overnight to avoid any unauthorized person tampers with
any forbidden or dangerous object.
8. All records and files must be kept and store in cabinets or drawers with locks and these
records should be kept for at least 12 months. No unauthorized persons could access to the
documents.
9. Packaging Department is a secure area. All unauthorized person and employee who is
not working at Packaging Department are not allowed to enter the Department.
Unauthorized access person or employee will be detained and reported to Management.
Security Guidelines for Cargo Loading
I. The entrance guard should direct the incoming vehicles/trucks to the designated parking
zone.
2. For those foreign vehicles without making previous engagement, should park in the area
with CCTV camera orjust next to the entrance guard kiosk.
3. For those visitors without making previous engagement should be arranged waiting for
receiving at the main reception.
4. Without the present of any security guard or loading supervisor, no loading process is
allowed.
5. The loading personnel should check the carton mark and quantity whether they are
conformed with the packing list, delivery note, or shipping advice.
6. In case of any carton damaging, or cargo details not conforming with shipping
documents, or absent of the security guard/loading supervisor, all loading process should
be stopped immediately and waiting for further decision from the management of the
relevant department.
7. The loading personnel should ensure that there are no wasted materials or boxes or
parcels in the loading area during break hours or after off duty.
8. Cargo Loading is a secure area. All unauthorized person and employee who is not
handling cargo loading or unloading are not allowed to enter the Cargo Loading area.
Unauthorized access person or employee will be detained and reported to Management
Security Guidelines for Raw Materials Warehouse
1. Before report for work, the security guard should unlock the doors personally and should
carry out a security and fire safety check.
2. Before report for work, the warehouse personneJ should go around the warehouse and
inspect in order to ensure that all the documents and storage goods are without any
abnormality.
3. During office hours, the warehouse keeper should always stay at warehouse to keep
watch. In case if necessary, the security guard can temporary be shifted to station at
warehouse.
4. All the storage records must be correct and updated. All in and out materials should be
registered.
5. All the storage records must be clearly filled with correct factory reference number. The
relevant records must be kept for two years or above.
6. All the storage records and documents must be properly filed/stored before off duty and
these records and documents should be kept or at least 12 months.
7. Before off duty, the security guard should ensure that no leftover cartons that contain
raw materials are placed outside the warehouse. If so, these leftover materials or cartons
should be moved back to the warehouse before locking up the warehouse doors.
8. All doors and windows must be locked and the security procedures are completed before
the warehouse is closed.
9. The security guard conducts a final patrol inspection before locking up the doors. After
locking the door, the locking time is registered with the signature of the security guard.
Security Guidelines for Finished Goods/Storage Warehouse
1. Before report for work, the security guard should unlock the doors personally and should
carry out a security and fire safety check.
2. Before report for work, the warehouse personnel should go around the warehouse and
inspect in order to ensure that all the documents and storage goods are without any
abnormality.
3. During office hours, the warehouse keeper should always stay at the warehouse. In case
if necessary, the security guard can be temporary shifted to station at the warehouse.
4. All the storage records must be correct and updated. All in and out cargo must be
registered. All damaged cartons must be identified. If any damaged carton is found, all in
and out warehouse procedures must be stopped immediately and inform the relevant
department head, for instance the Warehouse Manager and the Manager of Packing
Department, etc.
5. All the Incoming/outgoing records should be clearly marked with correct reference
number and these records should be kept for at least 2 years or above.
6. Before off duty, all the documents should be properly filed and stored.
7. Before off duty, the security guard should ensure that no leftover cartons that contain
merchandises are placed outside of the warehouse. If so, these leftover cartons should be
moved back to the warehouse before locking up the doors.
8. All doors and windows should be locked and the security procedures are completed
before the warehouse is closed.
9. The security guard should conduct a patrol site inspection before locking up the doors.
After locking, the locking time is registered with signature of the security guard.
10. Finishing Goods Warehouse is a secure area. All unauthorized person and employee
who are not working at Finished Goods Warehouse are not allowed to enter the Warehouse.
Unauthorized access person or employee will be detained and reported to Management
Security Guidelines for Parking
1. All the parking areas (for cargo-receiving/loading or private car) should be separated
from the factory premises.
2. All private car should be parked away from the cargo loading areas.
Training
Training Process
A competent member of Lenny fashions Ltd. conducts the training workshop quarterly for
every level of employees. Facilitator explains the purpose of security system and provides
necessary guidelines to follow and ensure secured work environment. The facilitator also
explains about the procedural security system. The workers are also given tips on what to
do in case of an emergency.
Security Training Program
Security Training program includes the following:
• General Security System,
• Procedural Security,
• Crisis Management,
• 1-landling of Security Equipment
• First Aid Treatment.
• Key Contacts
• Emergency evacuation plan
• Fire fighting
Awareness on Usages of Hazardous Materials
In order to ensure safe and secured work environment, the factory employees are trained
on the hazards, precautions and procedure for the safe storages, handling and use of all
potentially harmful materials relevant to each employee’s task and work area. Personnel
are also trained in environment, health and safety mailers including accident prevention,
safe lifting practices, safe handling of chemical and proper control and maintenance of
equipment and facilities.
VII. Miscellaneous
Drugs Controls Lenny Fashions Ltd. does not tolerate the introduction of drugs into its work
premises whether it is by inmates, visitors or staff. The management intends to prosecute
to the fullest extent of the law against those individuals involved in any illegal drug
transaction into the frontier of factory premise, if any. To ensure the process, management
has introduced the following guide lines and restrictions which every individual associated
with Kwun Tong needs to follow and abide by:
a. Any campaign encouraging usage of drug or any kind of alcohol is strictly prohibited
associating the company name.
b. The employees are kept under close observation during lunch hour, break hour and any
other time through surprise visit of assigned personnel.
c. The management carries out surprise visit to the toilets, canteen area, and other
suspected places where the employees take rest during off hour to restrict the employee
intervention with any illegal drugs transaction.
d. The employee & the authority arrange drug eradication program by organizing workshop,
seminars and training program to explain the hazards of taking drugs.
e. The factory is totally restricted of carrying, taking, selling or distributing of illegal drug of
any kind.
f. The factory premises is a no smoking and non — alcoholic zone.
Emergency telephone numbers
23. The following numbers are maintained by the security personnel:
a. Nearest police station
b. Nearest Fire Brigade
c. Ambulance
d. Nearest Clinics & 1-Jospital
e. Key Factory Personnel
Benefits of Participating in C-I’ PAT
41. C- TPAT offers an opportunity to play an active role in the war against terrorism by
participating in this first world wide supply chain security initiative. Company ensures a
more secured supply chain for their employees, suppliers and customers. Beyond these
essential security benefits, C-TPAT members are privileged of additional benefits including:
a. A reduced number of inspections
b. An opportunity to expand “low-risk” treatment to all divisions within the company .
c. An emphasis on self-policing
Customers Audit of C-T PAT:
42. The buyers make audit of the vendors factory security system to ensure overall trade
compliance. The factory must pass the audit and get approval of the concerned buyers to
continue business on a long term bais. The buyers may recommend additional guidelines,
which the vendors need to follow for overall se urity of the supply chain.
IT Policy
for
Lenny Fashions Ltd.
Contents
Page
1. Introduction j
1.1 Scope 4
1.2 Objectives 4
2. Physical Security 5
2.1 Physical Security Guideline for Server Room 5
2.1.1 Server room Access 5
2.1.2 Environmcnta 5
2.1.3 Fire Protection 6
-- 6 -
2.2. PhysicalSecurity Guideline for Data Center -
2.2.1. Data Center Access
6
2.2.2 Environmental 7
2.2.3 Fire Prevention 8
2.3 Physical Security Guideline for Other Computers 9
2.3.1 Computers in other departments 9
2.3.2 Environmental 9
2.3.3 Fire Protection 9
2.4PhysicaiSecurityforDesktopandLaptopcomputers 10
2.5 Physical Security for Other System and Devices 11
3. Information Security Standard 12
3.1 Access Control for information systems 12
3.1.1 Password Control 12
3.1.2 User ID Maintenance 13
3.1.3 Security Seals: 13
3.1.4 Access Controls for Outside Service Providers 14
3.2NehvorkSeaiñty 14
3.2.1 Network Security 14
3.2.2 Firewall 15
3.3 Data Encryption 16
3.4 Virus Protection 16
3.5 Internet and e-mail 16
4. Mail Management 17
pplication and Database Software:

18
6. Business Continuity and Disaster Recovery Plan
19
6.1 Business Continuity Plan (BCP) 20
6.2 Disaster Recovery Plan (DRP) 20
6.3 Backup / Restore 20
7. Service Provider Management 21
7.1 Service Level Agreement (SLA) 22
7.2 Out Sourcing 23

1. Infroduction
Developments in Information and Communication Technologies (ICr) are transforming the
company in dramatic ways. These developments are creating hitherto unimaginable
opportunities and possibilities, even as they pose new challenges for a company like ours.
Jn the production processes of today’s world, information and knowledge mean a great deal
more than material resources and physical inputs.
ICT has opened up the possibility of radically different information exchange patterns by
facilitating faster and more efficient dissemination of information. It can play a vital role in
sustaining the culture of the Lenny Fashions Ltd. and ensuring a high level of transparency
and accountability in governance
ICT and Information Technology Enabled Services (ITES) have by now turned into major
sectors of governance activity in the business world. Over the past one-and-a-haff decades,
these sectors have shown remarkable contribution to the growth of the company.
In every sector of Lenny Fashions Ltd., ICT now plays an important role in optimizing the
processes, thereby improving the quality and efficiency of production, human endeavors
and governance.
The management of Lenny Fashions Ltd. has a comprehensive view of icr as a vehicle for
transforming Lenny into a most efficient and effective company in the market by
implementing ICT in every sector for achieving the goal of the company.
Security of IT systems for Lenny Fashions Ltd. has therefore gained much greater in
importance, and it is vital that we ensure that such risks are properly identified and
managed. Moreover Information and information technology systems are essential assets
of the company and as well as for their customers and stake- holders. Information assets
are dangerous when these are in wrong hand. Protection and maintenance of these assets
are critical to the organizations’ sustainability. Company must take the responsibility of
protecting the information from unauthorized access, modification, disclosure and
destruction to protect stake holder’s interest.
Lenny Fashion’s MIS teem has prepared a IT Policy as a guideline for Information &
Communication Technology (ICT) for company to be used as a minimum requirement and
as appropriate to the level of computerization of their operations.
1.1 Scope
This if Policy is a systematic approach to policies required to be formulated for IT and also
to ensure security of information and information systems. This Guideline covers all
information that is electronically generated, received, stored, printed, scanned, and typed.
The provisions of this Guideline apply to:
• Lenny Fashions Ltd. for all of their IT systems
• All activities and operations required to ensure data security including facility design,
physical security, network security, disaster recovery and business continuity planning, use
of hardware and software, data disposal, and protection of copyrights and other intellectual
property rights
1.2 Objectives
This Guideline defines the minimum requirements to which IT department must adhere.
The primary objectives of the Guideline are:
a) To establish a standard IT Policy & IT Management
b) To help the company for secure and stable setup of its IT platform
c) To establish a secure environment for the processing of data
d) To identify information security risks and their management
e) To communicate the responsibilities for the protection of information
Prioritize information and information systems that are to be protected
g) User awareness and training regarding information security
h) Procedure for periodic review of the policy and security measures
2. Physical Security
Lenny requires that sound business and management practices be implemented in the
workplace to ensure that information and technology resources are properly protected. It is
the responsibility of each department to protect technology resources from unauthorized
access in terms of both physical hardware and data perspectives. In fact the effective
security measure of assets in the workplace is a responsibility held jointly by both
management and employees.
Physical security involves providing environmental safeguards as well as controlling
physical access to equipment and data. The following list of safeguards methods where
believed to be practical, reasonable and reflective of sound business practices.
2.1 Physical Security Guideline for Server Room
2.1.1 Sewer room Access
a) Server room must have a glass enclosure with lock and key with a responsible person of
the Branch.
b) Physical access should be restricted, visitors log must exist and to be maintained for
server room.
c) Access authorizati on hat must be maintained and reviewed on regular basis.
2.1.2 Environmental
a) Desktop screen must be locked and Server must have password protected screen saver
that should activate after 10 seconds.
b) Administrative password of Operating System and Database should be written in sealed
envelop and kept in vault.
c) User creation request form should be maintained.
d) Provision to replace the server within quickest possible time in case of any disaster.
e) Server room should be air-conditioned.
Power Generator should be in place to continue operations in case of power failure.
g) UPS should be in place to provide uninterrupted power supply to the server during power
failure.
h) Proper attention must be given on overloading electrical outlets with too many devices.
2.1.3 Fire Protection
a) Channel alongside the wall to be prepared to allow all the cabling to be in neat and safe
position with the layout of power supply and data cables.
b) Fire extinguisher needs to be placed outdoor of the server room. This must be
maintained and reviewed on an annual basis.
c) Proper earthing of electricity to be ensured.
2.2. Physical Security Guideline for Data Center
2.2.1. Data Center Access
a) Data Centre must be restricted area and unauthorized access is prohibited.
b) Number of entrance into the Data Centre should be limited, locked and secured.
c) Access Authorization procedures should exist and apply to all persons (e.g employees
and vendors). Unauthorized individuals and cleaning crews must be escorted during their
stay in the Data Centre.
d) Company should maintain Access Authorization list, documenting individuals who are
authorized to access the data centre, reviewed and updated periodically.
e) Access log with date and time, should be maintained documenting individuals who have
accessed the data centre.
f) Visitor Log should exist and need to be maintained.
g) Security guard should be available for 24 hours.
h) There should be Emergency exit door available.
2.2.2 Environmental
a) Sufficient documentation is required regarding the physical layout of the data centre.
b) Documentation regarding the layout of power supplies of the data centers and network
connectivity to be prepared.
c) Floors to be raised with removable square blocks or channel alongside the wall to be
prepared, which allow all the data and power cabling to be in neat and safe position.
d) Any accessories, not related to data center should not be allowed to be stored in the
Data Centre.
e) Existence of Closed Circuit Television (CCTVs) camera is required and to be monitored.
Data Centre must show the sign of “No eating, drinking or smoking.”
g) Vehicles for any emergency purpose should always be available on site.
h) Address and telephone or mobile numbers of all contact persons (e.g. Fire service, police
station, service providers, vendor and all IT personal) should be available to cope with any
emergency situation.
i) Proper attention must be given with regard to overloading of electrical outlets with too
many devices. Proper and practical usage of extension cords should be reviewed annually
in the office environment.
j) The following computer environmental controls to be installed:
i. Uninterruptible power supply (UPS) with backup units
ii. Backup Power Supply
iii. Temperature and humidity measuring devices
iv. Air conditioners with backup units
v. Water leakage precautions and water drainage system from Air conditioner
vi. Emergency power cut-off switches
vii. Emergency lighting arrangement
viii. Dehumidifier to be installed
2.2.3 Fire Prevention
a) The Data Centre wall/ceiling/door should be fire resistant.
b) Fire suppression equipment should be installed.
c) Procedures must exist for giving the immediate alarm of a fire, and reporting the fire
services and to be periodically tested.
d) There should be Fire detector below the raised floor, if it is raised.
e) Electric cables in the Data Centre must maintain a quality and concealed.
f) Any flammable items should not be kept in the Data Centre. ____
2.3 Physical Securily Guideline for Other Computers

2.3.1 Computers in other departments
a) The PC running the other department must be placed in the office room which can be
lock and key from outside environment and held by a responsible person.
b) Access authorization list must be maintained and reviewed on regular basis.
2.3.2 Environmental
a) Operator must have the desktop password only known to him.
b) PC must have password-protected screensaver which should activate after 5 minute of
inactivity.
2.3.3 Fire Protection
a) Power distribution board for the PC with a circuit breaker should be placed outside the
enclosure and covered with a box under lock and key held by the Operator.
b) Power and other connecting cables for PCs must be kept secured
from physical damage.
c) UPS for backup power supply to be placed in the enclosure.
d) Power supply of the PC should be switched off before leaving the branch.
e) Fire extinguishers with expky date mentioned, to be placed beside the Power distribution
board. This must be maintained and reviewed on an annual basis.
f) Proper earthing of electricity to be ensured.
2.4 Physical Security for Desktop and Laptop computers

a) Desktop and laptop computer should be connected to UPS to prevent damage of data
and hardware.
b) When leaving a desktop or laptop computer unattended, users shall apply the “Lock
Workstation “feature (ctrl/alt/delete, enter) where systems allow.
c) Password protected screen saver should be used to protect desktop and laptop from
unauthorized access.
d) Automatic screensaver should be activated after a period of inactivity. This period should
not be more than five (5) minutes.
e) Laptop computers that store confidential or sensitive information must have encryption
technology.
Desktop and laptop computers and monitors shall be turned off at the end of each workday.
g) Laptop computers actively connected to the network or information systems must not be
left unattended.
h) Laptop computers, computer media and any other forms of removable storage (e.g.
diskettes, CD ROMs, zip disks, PDAs, flash drives) shall be stored in a secure location or
locked cabinet when not in use.
i) Other information storage media containing confidential data such as paper, files, tapes,
etc. shall be stored in a secure location or locked cabinet when not in use.
5) Individual users shall not install or download software applications and/or executable
files to any desktop or laptop computer without prior authorization.
k) Desktop and laptop computer users shall not write, compile, copy, knowingly propagate,
execute, or attempt to introduce any computer code designed to self-replicate, damage, or
otherwise hinder the performance of any computer system (e.g. virus, worm, Trojan etc).
1) Any kind of viruses should be reported immediately.
in) Viruses shall not be deleted without expert assistance unless instructed by the 11.
n) User identification (name) and authentication (password) shall be required to access all
desktop and laptop whenever turned on or restarted.
o) Standard virus detection software must be installed on all desktop and laptop
computers, mobile, and remote devices and shall be configured to check files when read
and routinely scan the system for viruses.
p) Desktop and laptop computers shall be configured to log all significant computer security
relevant events. (e.g., password guessing, unauthorized access attempts or modifications
to applications or systems software.)
q) On holiday occasions computers should be removed from floors and away from windows.
2.5 Physical Security for Other System and Devices

This physical security includes following devices:
i. Printers,
ii. Scanners,
iii. Fax Machine,
iv. Video Conference,
v. CC Cameras,
vi. Controlling &t Monitoring Devices,
vii. Time Attendance & Door Access System, etc.
The security measures need to follow for these system and device should be followed are
as below
a) All the devices should be locked and secured by password, pin no. or any kind of
physical attachments.
b) The devices that are connected through LAN, should be access restricted through DNS
access control rules or others.
c) The devices that use WAN should be behind the firewall. For these kinds of devices there
should be special rule in the firewall that are carefully sated and properly monitored time to
time.
d) The output of these devices should only go to only the authenticated employee of the
company.
e) There should have time to time monitoring and documentation for if the outputs of these
devices are going to proper hand or not
3. Information Security Standard
The objective of this part is to specify Information Security Policies and Standard to be
adopted by all department of Lenny Fashions Ltd. using Information Technology (H’) for
service delivery and data processing. It covers the basic and general information security
controls applicable to all functional groups of a business to ensure that information assets
are protected against risk.
3.1 Access Control for information systems
3.1.1 Password Control
a) The password definition parameters ensure that minimum password length is specified
according to the company’s IT security policy of the company (at least 6 characters,
combination of uppercase or lowercase & numbers).
b) The maximum validity period of password is not beyond the number of days permitted in
the company’s IT Security policy (maximum 30 days cycle).
c) The parameters to control the maximum number of invalid logon attempts is specified
properly in the system according to the if security policy (at least 3 consecutive limes)
d) Password history maintenance is enabled in the system to allow same passwords can be
used again after at least 4 times.
e) Password entries must be masked.
f) The terminal inactive time allowable for users should be set in accordance with the
company’s policy.
g) Operating time schedule for the users is to be defined where necessary.
h) Sensitive passwords have to be preserved itt a sealed envelope with movement records
for usage in case of emergency.
i) Audit trail should be available to review the user profile for maintenance purpose.
3.1.2 User ID Maintenance
a) Each user must have a unique User ID and a valid password.
b) The User ID will be locked up after 3 unsuccessful log-in attempts.
c) There need to have a control to ensure that user ID and password are not same.
d) The User ID Maintenance Form with access privileges is duly approved by the
appropriate authority.
e) Access privileges are changed/locked within 24 hours when userst status changed or left
the office.
3.1.3 Security Seals:
a) Valid and allowed User ID and Password is mandatory to access any system in the
company.
b) There should keep detail profile for every correspondent User ID.
c) For every logon attempts should be kept in the history for future reference.
3.1.4 Access Controls for Outside Service Providers

There are rules for access of outside service provider. Very limited outsiders and only few
listed service providers may have that permission.
Authorized persons should review the access record on periodic basis to ensure only
authorized service provider personnel has access to the appropriate data. The review
periods should be as below:
a) Monthly review,
b) Half yearly review,
c) Yearly Review,
d) At the end of contract or before renewal of any contract with the service provider.
Review should be done by:
a) IT Administrator and authorized IT personals
b) Correspondent department head and users.
3.2 Network Security
3.2.1 Network Security
a) The Network Design and its security are implemented under a documented plan.
b) Physical security for the network equipment should be ensured.
c) Specifically: a. Access should be restricted and controlled. b. These should be housed in
a secure environment.
d) The sensitive information should be kept in restricted area in the networking
environment.
e) Unauthorized access and Electronic tampering is to be controlled strictly.
f) Security of the network should be under dual administrative control.
g) Firewalls are in place on the network for any external connectivity.

h) Redundant communication links are used for WAN.
3.2.2 Firewall
3.2.2.1 WAN/LAN Firewall:
The LAN of Lenny Fashions Ltd. is behind a world well reputed and trusted Firewall named
‘Check Point’. It is a licensed firewall and it updates about all the threats automatically from
the origin company and help the network pilfer proof every moment.
Security Check:
a) Firewall should be updated regularly.
b) Authorized person should check the rule of the firewall regularly! periodically to diminish
risk.
c) Rules should be well documented and each of every change in rule should be insbntly
updated in the log book.
Manipulators:
a) Authorized IT administrator or expert of the company.
b) No, outsider or vendor is allowed.
Review Period:
a) Weakly
b) Monthly review,
c) Half yearly review,
d) Yearly Review,
e) As the need arises or In response to any threats.
3.2.2.2 Other Firewall:
All the sewers, workstations, laptops, etc. are using original operating system; all of them
are protected with the updated firewall provided by the operating system vendor.
Security Policy:
a) Company should use original operating system and software.
b) All the firewall that comes with the operation system should be enabled.
c) All the operation system should be updated that the firewall wall can work properly.
d) Except administrator, no user should be able
3.3 Data Encryption
There is mechanism in place to encrypt and decrypt the highly sensitive data traveling
through WAN or public network.
3.4 Virus Protection
a) There should be Anti-Virus installed in each server and computer whether it is connected
to LAN or not.
b) Virus auto protection! auto protection mode should be enabled.
c) The anti virus software is always updated with the latest virus definition file.
d) All users are well-trained and informed about computer viruses and their prevention
mechanism.
e) There are procedures in place, which require that all the incoming e-mail messages are
scanned for viruses to prevent virus infection to the company’s network.
3.5 Internet and e-mail
a) All Internet facility should be routed through a Firewall for PCs connected to network.
b) Illegal, irrelevant and injurious traffic should not be routed.
c) No user should use personal e-mail web-mail account without authorization of the
network administrator.
d) User with web browsing should not fry to access unnecessary, irrelevant, web sites.
e) User with web browsing should not download any file, software or any other shortcut
without the authorization of the network administrator.
4. Mail Management
Administrator Level Duties:
a) Mail server or exchange server should be password protected
b) All the email ID should be password protected and used by 1 user only.
c) hi case of group email ID, user access should be limited by the system administrator.
d) Mail databases should be backed up periodically.
e) Proper documentation should be maintained while creating, altering and giving access
permission to any group email ID.
0 Virus protection should be ensured and black listed lOs and domains should be regularly
managed.
g) Only Administrator should have the permission to delete mail.
User Level Duties
a) Mail user should not misuse the email account for personal or any
other reasons. -
b) Users should not go through junk mails.
c) Users should not execute any file sent from any unknown user or any unknown file
format.
d) User should not sent same mail to more then 20 users at a time.
e) User should check the recipients list of any mail properly to protect secured data from
unwanted recipients.
1) User should to send unnecessary and unwanted attach files.
g) User should handover his/ her User ID and Password to the department head over or
mail administrator when they are leaving company or going for a holiday.
5. Application and Database Software:
Lenny Fashions Ltd. has expert teem to develop customized software themselves. But most
of the software aiid systems are outsourced according to the need of the company and
requirement of the buyers. IT policy enforces the following rules for using outsourced
system and software:
a) Company must use original software.
b) Licenses must be renewed time to time to maintain performance,
security and stake holder’s interests.
The IT policies of the company limit the employee access to the company’s information by
User ID and Password. Each of every User ID is guided by customized authentication level
which is control by the IT administrators and each department’s head.
User access and authentication control is fully automated by the smart application software,
Database Administration and Domain Name System.
Administrator Level Duties:
a) User creation and access authentication should be followed by Application and
Department rule.
b) Each of users should have a unique password protected user ID.
User Level Duties
a) User must not share thefr User ID and password with others.
b) Department’s superiors should not recommend excessive access to any user.
c) Any kind of error and failure should be informed to the application administrator.
Security Seals for Application Users:
a) Valid and allowed User ID and Password is mandatory to access any system in the
company.
b) There should keep detail profile for every correspondent User ID.
c) For every application should keeps stamps of user ID for every activity in the database.
Shipping Documents, Forms and Data:
1. Shipping forms, Documents and Data should be handled by only authenticated users and
employees.
2. Data manipulations, Form filling and Documents printing should be done only by valid
and active user.
3. Printings of shipping documents should be done only in a separated printer which is
restricted from the access of unauthorized employees.
4. Printed documents, forms, etc should be handled by only authenticated employees, kept
in a secured separated place and shattered after use.
Adjust or Rescind User Access:
1. Company should the procedure to adjust or rescind user access to the applications.
2. Every department should review departmental organogram every month and update
every body’s access permission.
6. Business Continuity and Disaster Recovery Plan
recovery plan. The BCP should take into account the backup and recovery process. Keeping
this into consideration this part covers BCP, Disaster Recovery Plan and Backup / Restore
plan.
6.1 Business Continuity Plan (BCP)
a) There must be a Business Continuity Plan (in line with business) for H’ in place.
b) All the documents related to business continuity and disaster recovery plan must be kept
in a safe/secured off site location. One copy can be stored in the office for ready reference.
c) BCP must contains the followings:
i. Action plan for i) during office hours disaster, ii) outside office hours disaster, and iii)
immediate and long term action plan in the line with business
ii. Emergency contacts, address and phone numbers including venders
iii. Crab list of items such as backup tapes, laptops etc.
iv. Disaster recovery site map
d) Review of BCP must be done at least once a year.
6.2 Disaster Recovery Plan (DRP)
a) A Disaster Recovery Site (DRS) must be in place replicating the Data Center (Production
Site).
b) DR site must be at a minimum of 10 kilometers (radius) of distance from the ‘production’
site.
c) DR site is equipped with compatible hardware and telecommunications equipment to
support the live systems in the event of a disaster.
d) Physical and environmental security at the DR site is appropriate.
e) Information security is properly maintained throughout the failback and DR recovery
process.
f) An up-to-date and tested copy of the DR plan is securely held off- site. DR plans exist for
all the critical services where DR requirement is agreed with the business.
g) DR test is successfully carried out at least once a year.
h) DR Test documentation should include at a minimum:
i. Scope - defines scope of planned tests - expected success criteria
ii. Plan - detailed actions with timetable
iii. Test Results
6.3 Backup! Restore
a) There is a documented back up procedure.
b) Backup copies of information are stored off-site at a geographically separate and safe
environment.
c) There is at least one backup copy kept on-site for time critical delivery.
d) The backup cycle is based on the following:
1. At least 6-days (week) daily cycle
ii. At least 6-month monthly cycle
iii. At least 1-year yearly cycle
e) The back up media is sent off-site immediately after the backs
up have been taken.
0 The back up log sheet is maintained, checked & signed by supervisor
g) The back up inventory is maintained, checked & signed by supervisor.
h) The ability to restore from backup media is tested at least quarterly.

1) Backup Media must be labeled properly indicating contents, date etc.
7. Service Provider Management
7.1 Service Level Agreement (SLA)
a) There should be Service Level Agreement between the vendor and company.
b) The Annual Maintenance Contact (AMC) with the vendor should be active and currently
in force.
c) The user site should ensure that the equipment does not contain sensitive live data when
hardware are taken by the vendors for servicing / repair.
d) Service Contracts with all service providers including third-party vendors should include:
i. Pricing.
ii. Measurable service/deliverables
iii. Timing/schedules, i.e. service levels
iv. Confidentiality clause
v. Contact person names (on daily operations and relationship levels)
vi. Roles and responsibilities of contracting parties, including an escalation matrix
vii. Renewal period
viii. Modification clause
ix. Frequency of service reporting

x. Termination clause
xi. Warranties, including service suppliers’ employee liabilities, 3rd party liabilities and the
related remedies
xii. Geographical locations covered
xiii. Ownership of hardware and software
xiv. Documentation to be maintained (e.g. logs of changes, records of reviewing event
logs)
xv. Audit rights of access (internal audit, external audit, other audit as may be
appropriate).
7.2 Out Sourcing
Outsourcing activities to be evaluated based on the following practices:
a) The objective behind Outsourcing
b) The economic viability
c) The risks and security concerns
ci) Arrangements for obtaining the source code for the software

Security Policy

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Security Policy

Hochgeladen von

Copyright:

Verfügbare Formate

Introduction

1. The Customs Trade Partnership Against Terrorism (C-TPAT) is a comparative

• Physical Access Controls — Focus on prevention of unauthorized access to the

Information Technology Security

Detailed operation procedure on each process of operation in each working area /

1. Education — Orientation and familiarization of the security plan will be conducted to

5. Inspection— Security Officers nominated is responsible to carry out inspection on

6. Periodical Review — Periodical review on employee’s knowledge and application of

2. All locks/anti-intrusion alarm/security devices are 24 hours well

5. Incoming Vehicles/Containers/Trucks Registration The security guard has to

7. Unidentified/Illegal Object Inspection The security guard has the responsibility

Responsibilities of the Internal Security Guards & Supervisors (If any)

1. Report to the duty, place on time.

1. Restrict unnecessary movement of the workers.

1. Restricting the movement of the unauthorized persons.

Loading and off loading point:

1. Ensure that no unauthorized person enters into the store.

Out Side of the factory:

1. Be vigilant at the post with whistle and baton.

Instructions for Carton Case Security Guards

• Main Gate( Front)

Guards Guards Guards

Security awareness and CTPAT Training program for the employees.

Policy for 7 Point Checking

Procedure for Challenging unauthorized I Unidentified

1. All containers loading or unloading must be operated at a loading area designated by

 The date (year/month/day), time of entry, origin of the container.

 The date (year/month/day) and time of the in-cargo/ex-cargo

5. After the loading/unloading procedures finish, the warehouse supervisor has to

In and out Warehouse

 The issue date

 For the in-cargo receipt, the following details should be included:

 The issue date

The packing department should follow the guidelines below:

• Appoint at least one employee to monitor the whole packing process.

Container Loading and Unloading

• Container inspection When receiving an empty container, a designated employee

• Loading area security

 Loading and Unloading procedure

 The container seal is a very important object, so it should be a high security

 Report Container Information The assigned loading coordinator should submit a

 The responsibility of the shipping department

 The issue date

 Closed Truck inspection Assign a designated employee to inspect the container of

 Loading area security

 Loading and Unloading procedure

(Q In a certain day 5 to 10 workers/employees are picked up while entering or leaving the

Procedure for reporting of lost ID cards

Procedures for Detecting and Reporting Shortages and Overapes

Policy for Security Violations at Transit

Security Code of Conduct for Employee

Guidelines for Security Guards

Monitoring and Training

V. Security Guidelines Notice Specimen for all Departments

Security Guidelines for Personnel Department for background check (Screening)

Workin2 Guidelines for Security Department

Security Guidelines for Entrance Guard

Security Guidelines for Laundry House

2.1 Physical Security Guideline for Server Room 5

2.1.1 Server room Access 5

2.1.3 Fire Protection 6

2.2.3 Fire Prevention 8

2.3 Physical Security Guideline for Other Computers 9