SECURITY VULNERABILITY ASSESSMENT Created by ChecklistGuro (https://checklistguro.com) --- PHYSICAL SECURITY OF WAREHOUSES & DISTRIBUTION CENTERS --- [ ] Perimeter Fencing Condition (Excellent, Good, Fair, Poor, N/A) [ ] Number of Security Cameras [ ] Camera System Coverage (Full Perimeter, Key Areas Only, Limited Coverage, None) [ ] Access Control System Type (e.g., Keypad, Biometric) (Keypad, Biometric, Card Reader, Manual (Key), None) [ ] Description of Warehouse Lighting Adequacy [ ] Visitor Management Process (Formal Log and Escort, Sign-in Sheet, Limited Oversight, No Formal Process) [ ] Number of Security Guards (if applicable) [ ] Details about loading dock security measures (e.g., barriers, visibility) [ ] Upload photos of perimeter security (e.g., fencing, gates) --- TRANSPORTATION SECURITY --- [ ] Vehicle Tracking System in Use? (GPS Tracking, RFID Tracking, Manual Log, None) [ ] Security Measures in Vehicles? (Alarm System, Cameras (Interior/Exterior), Driver Background Checks, Secure Compartments, Vehicle Immobilizers, Tamper-Evident Seals) [ ] Number of Vehicles with Dash Cams? [ ] Driver Training Program? (Yes, Comprehensive Program, Yes, Basic Security Awareness, No Formal Program) [ ] Describe Vehicle Route Security Protocols [ ] Last Vehicle Security Audit Date [ ] Primary Vehicle Dispatch Location --- DATA SECURITY & PRIVACY --- [ ] Data Encryption at Rest (Fully Encrypted, Partially Encrypted, Not Encrypted) [ ] Data Encryption in Transit (TLS 1.3 or higher, TLS 1.2, SSL or earlier, No Encryption) [ ] Data Retention Period (in days) [ ] Data Access Control Policy [ ] Sensitive Data Types Collected (Customer Addresses, Shipping Manifests, Payment Information, Inventory Levels, Tracking IDs, Employee Data) [ ] Data Subject Access Request (DSAR) Process (Formal process in place, Informal process, No process in place) [ ] Data Breach Notification Plan [ ] Last Data Privacy Policy Review Date --- NETWORK & SYSTEM SECURITY --- [ ] Number of Wireless Access Points (WAPs) in each warehouse [ ] Firewall Type(s) in use (select all that apply) (Next-Generation Firewall, Traditional Firewall, Web Application Firewall (WAF), Cloud-Based Firewall, None) [ ] Network Segmentation Implemented? (select all that apply) (VLANs, Microsegmentation, Firewall Rules, No Segmentation) [ ] VPN Configuration for Remote Access (Always On, On-Demand, Not Configured, Other (Specify in Long Text)) [ ] Description of Intrusion Detection/Prevention System (IDS/IPS) configuration, if applicable. [ ] Patch Management Process for Servers and Network Devices (Automated, Manual, None) [ ] Last Network Vulnerability Scan Date [ ] Network Diagram (Optional) --- APPLICATION SECURITY (LOGISTICS SOFTWARE) --- [ ] Is the application using a secure coding framework? (Yes, No, Not Applicable) [ ] Are input fields validated to prevent injection attacks? (Yes, No, Partially) [ ] Version of the Application [ ] Does the application implement proper authentication and authorization? (Yes, No, Partially) [ ] Describe authentication mechanisms used (e.g., MFA, SSO) [ ] Application Security Scan Results [ ] Are dependencies regularly updated to address known vulnerabilities? (Yes, No, Semi-Regularly) [ ] Describe any identified vulnerabilities and remediation plans. --- PERSONNEL SECURITY & TRAINING --- [ ] Background Checks Conducted? (Yes - Full Criminal History, Yes - Limited Criminal History, No, Partial/Varying) [ ] Number of Employees Receiving Security Awareness Training (Past 12 Months) [ ] Security Awareness Training Frequency? (Annually, Semi-Annually, Quarterly, Monthly, As Needed) [ ] Briefly describe the content of the security awareness training. [ ] Training Topics Covered (Select all that apply) (Phishing Awareness, Password Security, Data Handling & Privacy, Physical Security Procedures, Supply Chain Security, Incident Reporting, Social Engineering, Insider Threat Awareness) [ ] Role-Based Access Controls Implemented? (Yes - Fully Implemented, Yes - Partially Implemented, No) [ ] Last Security Training Review Date [ ] Describe process for onboarding new contractors related to security requirements --- SUPPLY CHAIN SECURITY --- [ ] Vendor Security Assessment Program Exists? (Yes, No, Not Applicable) [ ] Describe the process for vendor risk assessment (frequency, criteria, etc.) [ ] Upload Vendor Security Questionnaires/Reports [ ] Number of critical suppliers assessed in the last year [ ] Which security standards do suppliers adhere to? (ISO 27001, SOC 2, CSA STAR, Other (Specify in Long Text)) [ ] Is there a contractual requirement for security standards in vendor agreements? (Yes, No, Not Applicable) [ ] Describe the process for ongoing vendor security monitoring --- INCIDENT RESPONSE & DISASTER RECOVERY --- [ ] Describe the current Incident Response Plan (IRP) for logistics-related security events. [ ] What is the Recovery Time Objective (RTO) for critical logistics systems (e.g., warehouse management system)? [ ] What is the Recovery Point Objective (RPO) for critical logistics data? [ ] Date of last Disaster Recovery Drill (for logistics operations). [ ] Which potential disaster scenarios are included in the Disaster Recovery Plan? (Select all that apply) (Natural Disasters (e.g., flood, earthquake), Cyberattacks (e.g., ransomware), System Failures (hardware, software), Supply Chain Disruptions, Human Error, Internal Sabotage) [ ] Who is the designated Incident Response Team Lead for logistics? (Name and Contact Info (to be populated)) [ ] Describe the process for communicating security incidents to stakeholders (internal and external). [ ] Upload copy of Disaster Recovery Plan documentation (if available). --- REGULATORY & COMPLIANCE --- [ ] Is the company compliant with GDPR (if applicable)? (Yes, No, Not Applicable) [ ] Is the company compliant with C-TPAT (if applicable)? (Yes, No, Not Applicable) [ ] Is the company compliant with ISO 28000 (Supply Chain Security)? (Yes, No, Not Applicable) [ ] Last Compliance Audit Date (General Logistics) [ ] Summary of Previous Compliance Audit Findings & Remediation Actions [ ] Number of reported breaches related to regulatory non-compliance in the last year [ ] Upload Relevant Compliance Documentation (e.g., audit reports, certifications) [ ] Does the company maintain records demonstrating compliance with transportation security regulations (e.g., TSA)? (Yes, No, Not Applicable) --- IOT DEVICE SECURITY (E.G., TRACKERS, SENSORS) --- [ ] Device Firmware Update Process (Automated & Regularly Scheduled, Manual & On-Demand, No Formal Process) [ ] Number of Unpatched Devices [ ] Data Transmission Security (HTTPS/TLS Encryption, VPN Tunnel, No Encryption, Proprietary Encryption) [ ] Device Authentication Method (Pre-shared Key, Certificates, Username/Password, None) [ ] Description of Device Access Controls [ ] Device Physical Security (Locked in secure location, Easily accessible, Location is monitored) [ ] Device Configuration File --- END OF TEMPLATE --- Transform this text into a digital, automated, and trackable mobile app! Visit: https://checklistguro.com/templates/logistics/security-vulnerability-assessment (Click "Install Template" to launch your digital inspection tool immediately)