7-13 Supply Chain Security

7-13.1 General

The Postal Service has proprietary assets that contribute to its competitiveness and success as a business. Protecting these assets is critical; however, in order to effectively meet the demands of a secure supply chain in today’s environment, a comprehensive and integrated security focus is required, extending beyond asset protection and preventing the introduction of unauthorized contraband, people, and weapons of mass destruction into the supply chain.

The protection of goods and commodities as they travel through the supply chain poses unique challenges. Not only must the Postal Service be concerned about security procedures within our own processes and those of first-tier suppliers, but also they are dependent on the security procedures throughout the entire supply chain. Comprehensive supply chain security requires a partnership involving the Postal Service, supply chain partners, and other government agencies. The purchase/SCM team is responsible for complying with Postal Service security policies and procedures outlined in Administrative Support Manual (ASM) 2.7.2, Security, and ensuring that suppliers and supplier personnel are included when complying with security requirements.

In addition, protecting Postal Service information resources and sensitive information (including customer and employee PII) is an essential element of supply chain security, specifically when the Postal Service purchases IT or other information processing and information gathering services or when we make purchases that involve the collection or generation of PII. This includes incorporating adequate safeguards to protect the Postal Service’s IT assets and to prevent misuse or improper disclosure of clients and employee’s personal information. Therefore, purchase/SCM teams must ensure that specifications or SOW for IT purchases and associated RFPs and contracts address information security requirements. Additional information on the protection of PII and purchases of IT or other information processing and information gathering services is found in Section 8-4, Information Technology. Suppliers that have access to customer or employee data, or operate a customer Web site, may also be subject to the Postal Service’s privacy requirements implementing the Privacy Act. Additional details on privacy considerations can be found in Section 7-14, Privacy Considerations.