AEO iPASS

Customs offences are offences committed under the following Ordinances:
- List of Ordinances

1. Implementing procedures to systematically maintain and safe keep your commercial records, and to regulate the identification, storage, protection, retrieval, retention, and disposal of commercial records including electronic records.
2. Devising mechanism to ensure that information on your commercial records is legible, complete, and accurate.

Conducting internal audit on systems and records at planned intervals

Formulating procedures to dispose obsolete records (e.g. Over 7 years document as obsolete record) and keep the disposal record safely.

Please provide procedures of cargo processing and related information.

Hong Kong Customs will assess applicant's financial soundness against predefined benchmarks.

List out all addresses of premises, floor size, number of employees, normal operating hours etc.

1. All premises shall have sufficient security systems (i.e. CCTV, security devices, locking devices) and personnel (i.e. Security guard post) in place to protect the cargo and staff security.
2. Formulating procedures to ensure mechanism for reporting to responsible supervisors is carried out if accidental incidents happened.
3. Setting out corporate policy to require staff to wear their Staff ID Cards or wearing the company uniform for identification within the company premises and formulating procedures for managing and recording the issuing, returning, and reporting loss Staff ID Cards and company uniforms by designated staff.

Adequate security devices are required inside and outside the entire premises. List out the location of CCTV, security guard post, and other security devices on the layout plan.

Security guards shall be provided with operating procedures for carrying out their duties. These include (but not limited to) frequency of patrol and inspection, locations of security checkpoints, mechanism for reporting and recording patrol outcome and irregularities found, and procedures for handling suspicious items and irregularities found.

1. Assigning designated staff to manage all access control devices and maintain a register to keep record.
2. Formulating procedures for differentiating the access control on employees and visitors. For example: Differentiate the access control of visitors and employees.

Adequate lighting is provided inside and outside the entire premises; as well as setting up emergency lighting system at entrances / exits.

1. Regularly patrol the premises to ensure the integrity and proper functioning of all facilities and security devices.
2. Logging the person, the date, time and venue (including (but not limited to): Emergency door, toilet, Mezzanine floor, empty rooms, warehouses) while patrol. Signature is required for certifying the information.

Require staff to wear Staff ID cards or company uniform for identification within the company premise, and record the issuing, returning and reporting loss Staff ID Cards and company uniforms.

1. Registering the identity and relevant information on visitors and vehicles attending the premises, i.e. name of the visitors, in-out time etc. to prevent unidentified persons form hanging around in the premises.
2. Formulating procedures for staff to report any suspicious incidents or unauthorized access to the premises.

Registering the identity and relevant information of the deliverymen and vehicles attending the premises, i.e. name of the visitors, in-out time etc.

Enabling prospective staff to report their previous convictions of the offences involving fraudulence, corruption, and dishonesty; and any Customs offences in Job Application Form.

1. Implementing policy and mechanism for existing staff to report their previous convictions of the offences involving fraudulence, corruption, and dishonesty; and any Customs offences (including cases under investigation) annually.
2. Formulating procedures and manuals to manage employee work manual and employee benefits; and to guide your follow-up actions and handling methods upon receipt of the aforesaid report.

Timely report to company if current staff is convicted of the aforesaid offences.

1. Devising mechanism and appointing designated staff to ensure the timely cancellation of access rights of terminated staff, and the proper return of Staff ID Card, company uniform, company keys etc.
2. Retain records on cancellation of access rights and receipt of aforesaid items, including details of relevant effective date, time and parties informed.

Termination Checklist include (but not limited to): Staff Card, company uniform, locker keys, company stationary, medical card etc.

1. Having a security policy manual to control the general cargo operation and uphold cargo integrity.
2. Formulating procedures to restrict detect and report unauthorized access, and to report and hand irregularities found.

Please refer to sample

List of business partners (e.g. freight forwarders / logistics service providers / warehouse operators etc) in the process of cargo handling and illustrate their roles (e.g. cargo pickup / delivery / storage etc) in the Cargo Flow Process Map as described in Question 21

Please provide the Import and export procedures regarding Air, Land and Sea.

Devising mechanism to manage and record details of goods in stock.

List out the prohibited articles that your company will encounter during Import and export procedures.

List out the Valid licence, permit or certification covered for prohibited and controlled article.

1. Formulating procedures to audit / stock-take goods in stock on regular basis. Report the incident to responsible staff immediately if discrepancies or irregularities found.
2. Formulating procedures to supervise the audit / stock-take goods in stock on regular basis by designated staff.

Please provide the latest cycle-count record.

Please provide the latest Annual stock-take report.

1. Formulating procedures to handle and report irregularities in cargoes. Irregularities in cargoes include (but not limited to): suspicious or illegal consignments, discrepancy and damage consignments or shortage / exceed consignments found etc.
2. Report irregularities in cargoes to supervisors immediately.

1. Devising mechanism to confirm and record the identity of persons who received the cargo in each transaction. Reconciling all cargoes against relevant shipping documents, and retain check records.
2. Devising mechanism to monitor all outstanding inbound orders and regulate cargo receiving outside office hours.

Please provide a set of purchase order, logistics arrangement correspondance and shipping document.

Formulating procedures to record the identity of the staff who received the cargo in each transaction.

Formulating procedures to reconcile all incoming and outgoing cargoes aginst relevant shipping documents and retain check records.

1. Devising mechanism to confirm and record the identity of persons who released the cargo in each transaction. Reconciling all cargoes against relevant shipping documents, and retain check records.
2. Devising mechanism to monitor all outstanding inbound orders and regulate cargo receiving outside office hours.

Please provide a set of sales order, packing list, logistics arrangement correspondance and shipping document.

Formulating procedures to record the identity of the staff who released the cargo in each transaction.

Formulating procedures to reconcile all incoming and outgoing cargoes aginst relevant shipping documents and retain check records.

1. Formulating procedures to checks the integrity of the container, seal, and conveyance before loading and unloading. Report any irregularities found.
2. Formulating procedures to monitor and record the purchase, safekeeping, release, and application of company seals.

Record the unused, applied and damaged company seals in the seal register.

Apply "7-Point Inspection" or equivalent approach in inspecting the exterior and interior structures of conveyances, and record inspection results.

Report irregularities on seal usage to supervisors immediately.

Formulating procedures to manage company trucks, conveyances and conveyances operations.

Conveyances include trucks or vessels

All conveyances (including contracted trucks) shall be kept at secure locations. The parking area shall be protected by security devices (such as CCTV, motion detector, etc.) and access control measures (such as gate and security guards), i.e. car park with security devices.

1. Formulating procedures to regularly inspect your conveyances and containers to ensure that their physical structures and locking facilities are kept in good condition without being tampered with, and retain inspection records. Guidelines / procedure for inspection on conveyance include (but not limited to): body of conveyances, inside and outside of container, operation of conveyance.
2. Report any irregularities and damage of conveyances and containers to supervisors immediately.

1. Devising mechanism to track and monitor the activities of conveyances and cargo throughout the local transportation process.
2. Formulating procedures for securing and controlling cargoes throughout the course of delivery.

Formulating procedures for reporting irregularities and security incidents concerning the conveyances to responsible supervisors.

Conveyance incident report include (but not limited to): Type of incident, details of incident, current status, contact person etc.

1. Business partners include freight forwarders, conveyance operators, warehouse operators, etc.
2. Formulating procedures to screen, select, and approve contractors as your supply chain business partners.

Based on selection criteria select business partners and keep the record properly.

List of approved contractors shall include warehouse, conveyance and casual labour services providers, forwarders, etc.

1. Providing security rules, procedures, or guidelines to your supply chain business partners to maintain the security of storage locations, conveyances, and cargoes in relevant process at all times; and obtain the confirmation with undersign.
2. The security requirement / guideline shall include the security and management requirement under relevant AEO accreditation criteria.

Please provide Security declarations by your business partners if you cannot provide Contracts / agreements with your business partners with security terms.

1. Providing security rules, procedures, or guidelines to your supply chain business partners to maintain the security of storage locations, conveyances, and cargoes in relevant process at all times; and obtain the confirmation with undersign.
2. The security requirement / guideline shall include the security and management requirement under relevant AEO accreditation criteria.

Devising mechanism to regularly review the practices with your business partners and retain relevant records.

Devising mechanism to monitor and regularly assess your business partners to ensure their fulfilment to your selection criteria and continuous compliance with the security requirements stated in the contracts or guidelines.

1. Training to staff include (but not limited to): IT security, document management, premises security, cargo security, human resources management, staff integrity, existing law etc.
2. Assign designated staff for organizing internal seminars and training sessions.

Training include (but not limited to): warehouse security guidance & procedures, cargo security and conveyance security etc.

Setting out schedule for conducting international supply chain security training on regular basis, and retain relevant attendance records.

1. Establishing effective communication channels to keep your staff well aware of the corporate policies and standard operating procedures (SOPs) of the company.
2. Ways of Internal communications on corporate security include (but not limited to): email, notice, intranet, company publication etc.

Implementing control measures to protect your network, information systems, and data against unauthorized access.

1. Implementing control measures to protect your network, information systems, and data against unauthorized access.
2. Implementing measures to protect your network, information systems, and workstations against intrusion to prevent your commercial records from being accessed by unauthorized persons.
3. If the domain of file, mail, database or web server is out of Hong Kong, the IT Security Policy of the service provider has to reach the AEO standard.

Change password at a fixed interval.

Conduct vulnerability scan regularly.

Devising mechanism to identify and detect cyber attacks and any attempted breaches of information security policy; and report security breach incidents immediately.

Devising mechanism to identify and detect cyber attacks and any attempted breaches of information security policy.

Designating staff to monitor the security of your network and systems. Incidents can be dealt immediately.

1. Implementing backup mechanism to safeguard company data against corruption and being deleted accidentally. Conduct backup drill regularly.
2. Formulating procedures to regulate the approval and processes of retrieving achieved data and restoring information systems.

Implementing resilience to secure business operations under system failures.

1. Setting out contingency plans to guide your staff on responses and actions to be taken in crisis, disasters, and other security incidents.
2. Security incidents include (but not limited to): Intrusion, Unlawful control of an asset, Smuggling, Breach of cargo integrity, Breach of information security etc.
3. Contingency plans shall cover (but not limited to) following procedures: Timely report an incident or a risk situation to the appropriate law enforcement agencies and reactivate the entire security system.

1. Formulating procedures to appoint designated staff to investigate the incident, and compiling detailed incident report including making recommendations on remedial measures and preventive measures.
2. Devising workflow to report the outcome of investigation to the appropriate managerial staff, and to make recommendations to the senior management to rectify the problem. Ensure the remedial measures and preventive measures to be implemented until completion.

Conducting drills on disaster and security incidents on regular basis to acquaint your staff with details of the procedures in the contingency plans.

Retain drill reports and attendance records on relevant trainings.

1. Formulate countermeasures to tackle the identified risks. Possible types of potential risks that may occurred, include (but not limited to): Accidents, employee issue, infectious disease, natural disaster, financial crisis, information system failure etc.
2. Implement an incident reporting mechanism and alert the designated person of the incident.

Regularly review the risk assessment procedure and properly keep the record.

Designating qualified staff for the identification and assessment of security risks in business operation.

1. Assigned designated staff for reviewing the security policy and practices including financial report, internal control, business process etc. Ensured the designated staff are well acquainted with the responsibilities and relevant procedures.
2. Formulate procedures to regulate the scope, frequency, and methodology employed of the security review. Follow up on nonconformities detected in security reviews afterwards.

Designating qualified staff for reviewing the security policy and practices of your company.

Properly keep the security review reports or checklists for inspection.

Devising mechanism to document recommendations and improvement plans, and monitor their implementation progress until the completion.