info
Tier 1Tier 2
Personal Information Collection Statement

Purpose of Collection

The personal data provided in this questionnaire will be used by the Customs and Excise Department for one or more of the following purposes:

  • Considering and processing applications for the Hong Kong Authorized Economic Operator Programme;
  • Discharging various duties and functions of the Customs and Excise Department; and
  • Facilitating communications between you / your company and staff members of the Customs and Excise Department.

Access to and Correction of Personal Data

  • Under the Personal Data (Privacy) Ordinance, you have a right of access to and correction of your personal data. Your right of access includes the right to obtain a copy of your personal data provided in this questionnaire. In accordance with the terms of the Ordinance, we have the right to charge a reasonable fee for the processing of any data access request.
  • Enquiries concerning the personal data collected by this questionnaire, including the request for access to and correction of personal data, should be addressed to:
    Mail: Customs and Excise Department
    Office of Departmental Administration
    Executive Officer (Personnel)3
    31/F, Customs Headquarters Building
    222 Java Road, North Point,
    Hong Kong
    Telephone: (852) 3759 3841
    Fax: (852) 3108 2305

Declaration

Start

AEO status is granted to qualified companies in two tiers to allow flexibility to take part in the Hong Kong AEO Programme. To have a preliminary assessment on the readiness and relevant security standards of your company, you can choose to perform the assessment on Tier 1 or Tier 2 status.

Important Notes:
The assessment will take about 15-20 minutes to complete. You must answer all questions in order to get the final result.

You have chosen to answer the question set for Tier 1 status, which covers 10 security criteria (A to J).

You must answer all questions in order to get the final result.
You have chosen to answer the question set for Tier 2 status, which covers 12 security criteria (A to L).

You must answer all questions in order to get the final result.
Start
Disclaimer:
The score generated upon completion of assessment is for reference only. Subsequent application result is not guaranteed.

Criterion (A): Customs Compliance

This criterion requires a company and its person in charge to possess good reputation, and strictly abide by the law. They shall have a clear record of Customs offences or other offences involving fraudulence, corruption or dishonesty in the past two years.

Have your company and / or the directors / partners / sole proprietor / persons in charge of the applicant"s business been convicted of or summonsed for any Customs offences or other offences involving fraudulence, corruption or dishonesty in the past two years?details

Customs offences are offences committed under the following Ordinances:
- List of Ordinances

You have completed all questions under Criterion (A), please click "Next" to proceed to Criterion (B).
Please answer all questions.
Next

Criterion (B): Maintenance of Commercial Records

This criterion requires a company to manage important commercial records securely and systematically, and guarantee the completeness and accuracy of records, especially those relating to the importation or exportation of goods, licenses, permits, etc.

1. Documents and records management procedures (mainly applies to shipping documents) details
  1. Implementing procedures to systematically maintain and safe keep your commercial records, and to regulate the identification, storage, protection, retrieval, retention, and disposal of commercial records including electronic records.
  2. Devising mechanism to ensure that information on your commercial records is legible, complete, and accurate.
2. Records on internal audit on commercial records (mainly applies to shipping documents)details

Conducting internal audit on systems and records at planned intervals

3. Disposal record of obsolete recordsdetails

Formulating procedures to dispose obsolete records (e.g. Over 7 years document as obsolete record) and keep the disposal record safely.

4. User Guide of Enterprise Resource Planning (ERP) systemdetails

Please provide procedures of cargo processing and related information.

You have completed all questions under Criterion (B), please click "Next" to proceed to Criterion (C).
Please answer all questions.
Next

Criterion (C): Financial Soundness

This criterion requires a company to have its financial status sound and strong enough to withstand external risks, demonstrate resilience during global crisis and maintain the security of supply chain at all times.

Do you have a copy of the Auditor"s Reports, or any other documents that can show the financial status of your company, for the last two financial years? details

Hong Kong Customs will assess applicant's financial soundness against predefined benchmarks.

You have completed all questions under Criterion (C), please click "Next" to proceed to Criterion (D).
Please answer all questions.
Next

Criterion (D): Premises Security and Access Control

This criterion aims to ensure the security of premises and prevent unauthorized entry. A company shall have security procedures and install security devices to safeguard its premises such as offices, warehouses, customer service centres, etc.

5. Basic information of office(s) & warehouse(s) details

List out all addresses of premises, floor size, number of employees, normal operating hours etc.

6. Premises security policydetails
  1. All premises shall have sufficient security systems (i.e. CCTV, security devices, locking devices) and personnel (i.e. Security guard post) in place to protect the cargo and staff security.
  2. Formulating procedures to ensure mechanism for reporting to responsible supervisors is carried out if accidental incidents happened.
  3. Setting out corporate policy to require staff to wear their Staff ID Cards or wearing the company uniform for identification within the company premises and formulating procedures for managing and recording the issuing, returning, and reporting loss Staff ID Cards and company uniforms by designated staff.
7. Layout plan showing the location of CCTV, security guard post, and other security devicesdetails

Adequate security devices are required inside and outside the entire premises. List out the location of CCTV, security guard post, and other security devices on the layout plan.

8. Operating procedures of security guardsdetails

Security guards shall be provided with operating procedures for carrying out their duties. These include (but not limited to) frequency of patrol and inspection, locations of security checkpoints, mechanism for reporting and recording patrol outcome and irregularities found, and procedures for handling suspicious items and irregularities found.

9. Access control proceduredetails
  1. Assigning designated staff to manage all access control devices and maintain a register to keep record.
  2. Formulating procedures for differentiating the access control on employees and visitors. For example: Differentiate the access control of visitors and employees.
10. Adequate lighting and emergency lighting system inside and outside the premisesdetails

Adequate lighting is provided inside and outside the entire premises; as well as setting up emergency lighting system at entrances / exits.

11. Patrol / inspection proceduredetails
  1. Regularly patrol the premises to ensure the integrity and proper functioning of all facilities and security devices.
  2. Logging the person, the date, time and venue (including (but not limited to): Emergency door, toilet, Mezzanine floor, empty rooms, warehouses) while patrol. Signature is required for certifying the information.
12. Record on staff ID badge and company uniformdetails

Require staff to wear Staff ID cards or company uniform for identification within the company premise, and record the issuing, returning and reporting loss Staff ID Cards and company uniforms.

13. Visitor registration proceduredetails
  1. Registering the identity and relevant information on visitors and vehicles attending the premises, i.e. name of the visitors, in-out time etc. to prevent unidentified persons form hanging around in the premises.
  2. Formulating procedures for staff to report any suspicious incidents or unauthorized access to the premises.
14. Deliverymen registration proceduredetails

Registering the identity and relevant information of the deliverymen and vehicles attending the premises, i.e. name of the visitors, in-out time etc.

You have completed all questions under Criterion (D), please click "Next" to proceed to Criterion (E).
Please answer all questions.
Next

Criterion (E): Personnel Security

This criterion requires a company to have an effective employee management system ensuring various policies and procedures of the company are thoroughly carried out, the standards of internal management and the security of the supply chain are alleviated.

15. Job Application Form (Including conviction record declaration)details

Enabling prospective staff to report their previous convictions of the offences involving fraudulence, corruption, and dishonesty; and any Customs offences in Job Application Form.

16. Procedures for annual reporting of conviction records for existing employeesdetails
  1. Implementing policy and mechanism for existing staff to report their previous convictions of the offences involving fraudulence, corruption, and dishonesty; and any Customs offences (including cases under investigation) annually.
  2. Formulating procedures and manuals to manage employee work manual and employee benefits; and to guide your follow-up actions and handling methods upon receipt of the aforesaid report.
17. Way to notify existing employees to make annual conviction records reporting (e.g. via email notification)details

Timely report to company if current staff is convicted of the aforesaid offences.

18. Procedure for termination of employmentdetails
  1. Devising mechanism and appointing designated staff to ensure the timely cancellation of access rights of terminated staff, and the proper return of Staff ID Card, company uniform, company keys etc.
  2. Retain records on cancellation of access rights and receipt of aforesaid items, including details of relevant effective date, time and parties informed.
19. Termination Checklistdetails

Termination Checklist include (but not limited to): Staff Card, company uniform, locker keys, company stationary, medical card etc.

You have completed all questions under Criterion (E), please click "Next" to proceed to Criterion (F).
Please answer all questions.
Next

Criterion (F): Cargo Security

This criterion aims to ensure the integrity and security of cargo. To prevent cargo from being tampered, a company shall devise security procedures on cargo related aspects, such as cargo handling, on-site supervision, and regular audit. Alternatively, it can add these cargo security elements within its existing cargo handling guidelines.

20. Cargo Security Guidelinesdetails
  1. Having a security policy manual to control the general cargo operation and uphold cargo integrity.
  2. Formulating procedures to restrict detect and report unauthorized access, and to report and hand irregularities found.
21. Cargo Flow Process Mapdetails

Please refer to sample

22. Cargo Flow Summarydetails

List of business partners (e.g. freight forwarders / logistics service providers / warehouse operators etc) in the process of cargo handling and illustrate their roles (e.g. cargo pickup / delivery / storage etc) in the Cargo Flow Process Map as described in Question 21

23. Import and export proceduresdetails

Please provide the Import and export procedures regarding Air, Land and Sea.

24. User Guide of Warehouse Management System (WMS)details

Devising mechanism to manage and record details of goods in stock.

25. Database for screening of prohibited articlesdetails

List out the prohibited articles that your company will encounter during Import and export procedures.

26. Valid licence, permit or certification covered for prohibited and controlled articledetails

List out the Valid licence, permit or certification covered for prohibited and controlled article.

27. Cycle-count and inventory stock-take proceduresdetails
  1. Formulating procedures to audit / stock-take goods in stock on regular basis. Report the incident to responsible staff immediately if discrepancies or irregularities found.
  2. Formulating procedures to supervise the audit / stock-take goods in stock on regular basis by designated staff.
28. Cycle-count recorddetails

Please provide the latest cycle-count record.

29. Annual stock-take reportdetails

Please provide the latest Annual stock-take report.

30. Procedure for handling irregularities in cargoesdetails
  1. Formulating procedures to handle and report irregularities in cargoes. Irregularities in cargoes include (but not limited to): suspicious or illegal consignments, discrepancy and damage consignments or shortage / exceed consignments found etc.
  2. Report irregularities in cargoes to supervisors immediately.
31. Cargo receiving proceduredetails
  1. Devising mechanism to confirm and record the identity of persons who received the cargo in each transaction. Reconciling all cargoes against relevant shipping documents, and retain check records.
  2. Devising mechanism to monitor all outstanding inbound orders and regulate cargo receiving outside office hours.
32. Sample of cargo receiving documentsdetails

Please provide a set of purchase order, logistics arrangement correspondance and shipping document.

33. Cargo receiving recordsdetails

Formulating procedures to record the identity of the staff who received the cargo in each transaction.

34. Inbound cargo check recordsdetails

Formulating procedures to reconcile all incoming and outgoing cargoes aginst relevant shipping documents and retain check records.

35. Cargo releasing proceduredetails
  1. Devising mechanism to confirm and record the identity of persons who released the cargo in each transaction. Reconciling all cargoes against relevant shipping documents, and retain check records.
  2. Devising mechanism to monitor all outstanding inbound orders and regulate cargo receiving outside office hours.
36. Sample of pick-pack and delivery documentsdetails

Please provide a set of sales order, packing list, logistics arrangement correspondance and shipping document.

37. Cargo releasing recordsdetails

Formulating procedures to record the identity of the staff who released the cargo in each transaction.

38. Outbound cargo check recordsdetails

Formulating procedures to reconcile all incoming and outgoing cargoes aginst relevant shipping documents and retain check records.

39. Seal management and application proceduresdetails
  1. Formulating procedures to checks the integrity of the container, seal, and conveyance before loading and unloading. Report any irregularities found.
  2. Formulating procedures to monitor and record the purchase, safekeeping, release, and application of company seals.
40. Seal Registerdetails

Record the unused, applied and damaged company seals in the seal register.

41. Container, seal, and conveyance inspection recorddetails

Apply "7-Point Inspection" or equivalent approach in inspecting the exterior and interior structures of conveyances, and record inspection results.

42. Irregularities on seal usage reportdetails

Report irregularities on seal usage to supervisors immediately.

You have completed all questions under Criterion (F), please click "Next" to proceed to Criterion (G).
Please answer all questions.
Next

Criterion (G): Conveyance Security

This criterion aims to prevent cargo from being tampered during transportation through management, inspection, and training.

43. Conveyance management and operations proceduresdetails

Formulating procedures to manage company trucks, conveyances and conveyances operations.

44. Conveyance Listdetails

Conveyances include trucks or vessels

45. Parking location(s) photosdetails

All conveyances (including contracted trucks) shall be kept at secure locations. The parking area shall be protected by security devices (such as CCTV, motion detector, etc.) and access control measures (such as gate and security guards), i.e. car park with security devices.

46. Guidelines / procedure for inspection on conveyancedetails
  1. Formulating procedures to regularly inspect your conveyances and containers to ensure that their physical structures and locking facilities are kept in good condition without being tampered with, and retain inspection records. Guidelines / procedure for inspection on conveyance include (but not limited to): body of conveyances, inside and outside of container, operation of conveyance.
  2. Report any irregularities and damage of conveyances and containers to supervisors immediately.
47. Conveyance Security Guidelinesdetails
  1. Devising mechanism to track and monitor the activities of conveyances and cargo throughout the local transportation process.
  2. Formulating procedures for securing and controlling cargoes throughout the course of delivery.
48. Procedure for handling irregularities concerning conveyancedetails

Formulating procedures for reporting irregularities and security incidents concerning the conveyances to responsible supervisors.

49. Conveyance incident reportdetails

Conveyance incident report include (but not limited to): Type of incident, details of incident, current status, contact person etc.

You have completed all questions under Criterion (G), please click "Next" to proceed to Criterion (H).
Please answer all questions.
Next

Criterion (H): Business Partner Security

This criterion aims to strengthen the international supply chain security through the commitments of business partners. A company shall select business partners through screening, require business partners to agree on security terms and review performance of business partners regularly. These requirements shall be laid down as written procedures. Business partners include conveyance contractors, warehouse contractors, freight forwarders or other contractors related to the supply chain.

50. Business partners selection proceduredetails
  1. Business partners include freight forwarders, conveyance operators, warehouse operators, etc.
  2. Formulating procedures to screen, select, and approve contractors as your supply chain business partners.
51. Business partners Assessment Formdetails

Based on selection criteria select business partners and keep the record properly.

52. List of contractorsdetails

List of approved contractors shall include warehouse, conveyance and casual labour services providers, forwarders, etc.

53. Contracts / agreements with your business partners with security termsdetails
  1. Providing security rules, procedures, or guidelines to your supply chain business partners to maintain the security of storage locations, conveyances, and cargoes in relevant process at all times; and obtain the confirmation with undersign.
  2. The security requirement / guideline shall include the security and management requirement under relevant AEO accreditation criteria.
54. Security declarations by your business partnersdetails

Please provide Security declarations by your business partners if you cannot provide Contracts / agreements with your business partners with security terms.

  1. Providing security rules, procedures, or guidelines to your supply chain business partners to maintain the security of storage locations, conveyances, and cargoes in relevant process at all times; and obtain the confirmation with undersign.
  2. The security requirement / guideline shall include the security and management requirement under relevant AEO accreditation criteria.
55. Contractor management and performance evaluation proceduresdetails

Devising mechanism to regularly review the practices with your business partners and retain relevant records.

56. Latest annual records on operations reviews with contractorsdetails

Devising mechanism to monitor and regularly assess your business partners to ensure their fulfilment to your selection criteria and continuous compliance with the security requirements stated in the contracts or guidelines.

You have completed all questions under Criterion (H), please click "Next" to proceed to Criterion (I).
Please answer all questions.
Next

Criterion (I): Security Education and Training

This criterion aims to ensure that staff are aware of a company"s security policies through a training system and thus guarantee the effective execution of the policies.

57. Annual training to staffdetails
  1. Training to staff include (but not limited to): IT security, document management, premises security, cargo security, human resources management, staff integrity, existing law etc.
  2. Assign designated staff for organizing internal seminars and training sessions.
58. Relevant warehouse cargo security and conveyance security training materials for sub-contracted warehouse operators or logistic service providersdetails

Training include (but not limited to): warehouse security guidance & procedures, cargo security and conveyance security etc.

59. Training recordsdetails

Setting out schedule for conducting international supply chain security training on regular basis, and retain relevant attendance records.

60. Ways of Internal communications on corporate security details
  1. Establishing effective communication channels to keep your staff well aware of the corporate policies and standard operating procedures (SOPs) of the company.
  2. Ways of Internal communications on corporate security include (but not limited to): email, notice, intranet, company publication etc.
You have completed all questions under Criterion (I), please click "Next" to proceed to Criterion (J).
Please answer all questions.
Next

Criterion (J): Information Exchange, Access and Confidentiality

This criterion aims to ensure that important information is protected from misuse, unauthorized access or alternation. A company shall have security policies on its information systems and protect its information through different security measures, data backup and routine monitoring.

61. Network Diagramdetails

Implementing control measures to protect your network, information systems, and data against unauthorized access.

62. IT Security Policydetails
  1. Implementing control measures to protect your network, information systems, and data against unauthorized access.
  2. Implementing measures to protect your network, information systems, and workstations against intrusion to prevent your commercial records from being accessed by unauthorized persons.
  3. If the domain of file, mail, database or web server is out of Hong Kong, the IT Security Policy of the service provider has to reach the AEO standard.
63. Screen captures on domain account password policy settingdetails

Change password at a fixed interval.

64. Record on vulnerability scandetails

Conduct vulnerability scan regularly.

65. Previous report on security breach incidentsdetails

Devising mechanism to identify and detect cyber attacks and any attempted breaches of information security policy; and report security breach incidents immediately.

66. Screen captures of firewall settingsdetails

Devising mechanism to identify and detect cyber attacks and any attempted breaches of information security policy.

67. List of the staff that responsible for monitoring the security of your network and systemsdetails

Designating staff to monitor the security of your network and systems. Incidents can be dealt immediately.

68. SOP for System Backupdetails
  1. Implementing backup mechanism to safeguard company data against corruption and being deleted accidentally. Conduct backup drill regularly.
  2. Formulating procedures to regulate the approval and processes of retrieving achieved data and restoring information systems.
69. Latest yearly backup and recovery drill recordsdetails

Implementing resilience to secure business operations under system failures.

You have completed all questions under Criterion (J), please click "Next" to proceed to Criterion (K).
Please answer all questions.
Submit Next

Criterion (K): Crisis Management and Incident Recovery

This criterion aims to minimize the impact created by disasters or security incidents through managing crisis and recovery, and requires a company to set up a complete contingency plan.

70. Contingency plans for disasters and security incidentsdetails
  1. Setting out contingency plans to guide your staff on responses and actions to be taken in crisis, disasters, and other security incidents.
  2. Security incidents include (but not limited to): Intrusion, Unlawful control of an asset, Smuggling, Breach of cargo integrity, Breach of information security etc.
  3. Contingency plans shall cover (but not limited to) following procedures: Timely report an incident or a risk situation to the appropriate law enforcement agencies and reactivate the entire security system.
71. Reports on disasters / security incidentsdetails
  1. Formulating procedures to appoint designated staff to investigate the incident, and compiling detailed incident report including making recommendations on remedial measures and preventive measures.
  2. Devising workflow to report the outcome of investigation to the appropriate managerial staff, and to make recommendations to the senior management to rectify the problem. Ensure the remedial measures and preventive measures to be implemented until completion.
72. Latest yearly drill schedule for contingency plansdetails

Conducting drills on disaster and security incidents on regular basis to acquaint your staff with details of the procedures in the contingency plans.

73. Latest yearly drill reports and attendance recordsdetails

Retain drill reports and attendance records on relevant trainings.

You have completed all questions under Criterion (K), please click "Next" to proceed to Criterion (L).
Please answer all questions.
Next

Criterion (L): Measurement, Analysis and Improvement

This criterion aims to improve a company"s security policies and practices, and reduce potential risks through implementing a security management system.

74. Risk assessment proceduredetails
  1. Formulate countermeasures to tackle the identified risks. Possible types of potential risks that may occurred, include (but not limited to): Accidents, employee issue, infectious disease, natural disaster, financial crisis, information system failure etc.
  2. Implement an incident reporting mechanism and alert the designated person of the incident.
75. Latest yearly record on risk assessmentdetails

Regularly review the risk assessment procedure and properly keep the record.

76. List of the staff that responsible for risk assessmentdetails

Designating qualified staff for the identification and assessment of security risks in business operation.

77. SOP for Internal Auditdetails
  1. Assigned designated staff for reviewing the security policy and practices including financial report, internal control, business process etc. Ensured the designated staff are well acquainted with the responsibilities and relevant procedures.
  2. Formulate procedures to regulate the scope, frequency, and methodology employed of the security review. Follow up on nonconformities detected in security reviews afterwards.
78. List of internal auditorsdetails

Designating qualified staff for reviewing the security policy and practices of your company.

79. Latest yearly record on Internal Auditdetails

Properly keep the security review reports or checklists for inspection.

80. Latest report on recommendations and progress of implementationdetails

Devising mechanism to document recommendations and improvement plans, and monitor their implementation progress until the completion.

Please answer all questions.
Submit

If you are interested in participating in the Hong Kong AEO Programme and learn more about the application procedures, please click here "Application Procedures".

You are also welcome to contact us, the Office of Supply Chain Security Management, by email at aeo@customs.gov.hk or by calling (852) 3759 2153 for further enquiries.

Your Result:

YourScore

Thank you. You have completed the self-assessment.

Send Result to Us Print Result Exit

Want to learn more about accreditation procedures and criteria of the HKAEO Programme?

Online Self-Learning Kit