CTPAT Breakdown: 9.8

Item 9.8

Members who rely on security technology for physical security must have written policies and procedures governing the use, maintenance, and protection of this technology.
At a minimum, these policies and procedures must stipulate:
• That access to the locations where the technology is controlled or
managed is limited to authorized personnel;
• The procedures that have been implemented to test/inspect the technology on a regular basis;
• That the inspections include verifications that all of the equipment is
working properly, and if applicable, that the equipment is positioned
• That the results of the inspections and performance testing is documented;
• That if corrective actions are necessary, they are to be implemented as
soon as possible and the corrective actions are documented;
• That the documented results of these inspections be maintained for a
sufficient time for audit purposes.

If a third party central monitoring station (off-site) is used, the CTPAT
Member must have written procedures stipulating critical systems
functionality and authentication protocols such as (but not limited to)
security code changes, adding or subtracting authorized personnel,
password revisions, and systems access or denials.

Security technology policies and procedures must be reviewed and
updated annually, or more frequently, as risk or circumstances dictate

Implementation Guidelines

Security technology needs to be tested on a regular basis to ensure it is working properly. There are general guidelines to follow:
• Test security systems after any service work and during
and after major repairs, modifications, or additions to a
building or facility. A system’s component may have been
compromised, either intentionally or unintentionally.
• Test security systems after any major changes to phone
or internet services. Anything that might affect the
system’s ability to communicate with the monitoring center should be double-checked.
• Make sure video settings such as motion activated
recording; motion detection alerts; images per second
(IPS), and quality level, have been set up properly.
• Make sure camera lenses (or domes that protect the
cameras) are clean and lenses are focused. Visibility
should not be limited by obstacles or bright lights.
• Test to make sure security cameras are positioned
correctly and remain in the proper position (cameras may
have been deliberately or accidentally moved).

This item is only required if item 9.7 is applied.

For management you have to have policies and procedures in place to use and maintain the security technology. Auditable records of changes are required. Policies and procedures are to be reviewed regularly.

If security cameras are being used then you have to make sure they are functional and capturing the desired areas.

You have to test everything after changes are made.

Bookmark the permalink.

Comments are closed.