7-13 Supply Chain Security

7-13.1 General

The Postal Service has proprietary assets that contribute to its competitiveness and success as a business. Protecting these assets is critical; however, in order to effectively meet the demands of a secure supply chain in today’s environment, a comprehensive and integrated security focus is required, extending beyond asset protection and preventing the introduction of unauthorized contraband, people, and products into the supply chain.

The protection of goods and commodities as they travel through the supply chain poses unique challenges. Not only must the Postal Service be concerned about security procedures within our own processes and those of first-tier suppliers, but they are also dependent on the security procedures throughout the entire supply chain. Comprehensive supply chain security requires communication and collaboration involving the Postal Service, suppliers and other government agencies. The purchase/SCM team is responsible for complying with Postal Service security policies and procedures outlined in Administrative Support Manual (ASM) 27 Security, and ensuring that suppliers and supplier personnel are included when complying with security requirements.

In addition, protecting Postal Service information and information resources as defined in Section 8-4.1, Definitions, (including customer and employee Personally Identifiable Information (PII)) is an essential element of supply chain security, specifically when the Postal Service purchases IT or other information processing and information gathering services or when the Postal Service makes purchases that involve the collection or generation of PII. This includes incorporating adequate safeguards to protect the Postal Service’s IT systems and to prevent misuse or improper disclosure of customer and employee’s personal information. Therefore, purchase/SCM teams within all Supply Management Category Management Centers (CMCs) where information and information resources are being procured, must ensure that specifications or SOWs for IT purchases and associated RFPs and contracts address information security requirements. Handbook AS–805-I, USPS Information Security Requirements for Suppliers is a guide issued by Postal Service Corporate Information Security Office (CISO) and is to be included within solicitations, as applicable. Additional details on the protection of Postal Service information and purchases of IT or other information processing and information gathering services is found in Section 8-4, Information Technology. Suppliers that have access to customer or employee data, or operate a customer Web site, may also be subject to the Postal Service’s privacy requirements implementing the Privacy Act. Additional details on privacy considerations can be found in Section 7-14, Privacy Considerations.