|
Supplying Principles and Practices > USPS Supplying Practices General Practices > Supply Chain Security
Supply Chain Security
The Postal Service has proprietary assets that contribute to its
competitiveness and success as a business. Protecting these assets is
critical; however, in order to effectively meet the demands of a secure supply
chain in today's environment, a comprehensive and integrated security focus
is required, extending beyond asset protection and preventing the
introduction of unauthorized contraband, people, and weapons of mass
destruction into the supply chain.
The protection of goods and commodities as they travel through the supply
chain poses unique challenges. Not only must the Postal Service be
concerned about security procedures within our own processes and those of
first-tier suppliers, but also they are dependent on the security procedures
throughout the entire supply chain. Comprehensive supply chain security
requires a partnership involving the Postal Service, supply chain partners,
and other government agencies. The Purchase/SCM Team is responsible for
complying with Postal Service security policies and procedures outlined in
Administrative Support Manual (ASM) 2.7.2, Security, and ensuring that
suppliers and supplier personnel are included when complying with security
requirements.
In addition, protecting Postal Service information resources and sensitive
information (including customer and employee personally-identified
information (PII)) is an essential element of supply chain security, specifically
when the Postal Service purchases IT or other information processing and
information gathering services or when we make purchases that involve the
collection or generation of PII. This includes incorporating adequate
safeguards to protect the Postal Service's information technology assets and
to prevent misuse or improper disclosure of clients and employee's personal
information. Therefore, purchase/SCM teams must ensure that specifications
or statements of work for IT purchases and associated RFPs and contracts
address information security requirements. Additional information on the
protection of PII and purchases of IT or other information processing and
information gathering services is found in the Information Technology topic of
the Commodity Specific Practice. Suppliers that have access to customer or
employee data, or operate a customer website, may also be subject to the
Postal Service's privacy requirements implementing the Privacy Act.
Additional details on privacy considerations can be found in the Privacy
Considerations topic of the General Practices.
Material and Property Accountability topic, General Practices
Information Technology topic, General Practices
Privacy Considerations topic, General Practices
|
