Is the amount of risk in supply
chains documented? Has an
overall risk assessment (RA)
been conducted to identify
where security vulnerabilities
may exist? Does the RA
identify threats, assess risks,
and incorporate sustainable
measures to mitigate
vulnerabilities. Are CTPAT
requirements specific to the
role in supply chain taken into
account? These are
requirements.
Carrier Mexico agreed to apply for the benefits that arise from the
secure chain programs on a voluntary basis, therefore, it also
undertakes to comply with the provisions of the profiles that were
documented, that is why the obligation will be to show the
suggested evidence, this is based on the scope of the ISO 31000 and
31010 standards regarding the management and preparation of risk
analysis respectively.
The risk analysis in the supply chain is carried out once a year, in a
way that identifies risks or threats throughout the supply chain, that
is to say, from suppliers to the final customer, this in order to
determine and detect any possible risk in the operations in which all
the commercial partners participating in our chain are involved.
The secure chain committee identified as critical business partners
those directly involved in the supply chain, such as: transport lines,
logistics operator, warehouse and shipping personnel, security
personnel and customs agents. They must meet the minimum
requirements and / or secure chain certifications (CTPAT/OEA) as
well as keeping updated and in compliance with the new
requirements of these programs.
The criteria to be considered for the risk analysis of business
partners will be only in the specific points that may represent an
impact on their operations and therefore ours, the following being
recommended; security training and awareness, documentation,
personnel security, physical security and access controls, security
procedures for suppliers (when applicable), information technology
and container security (when applicable).
In the same way, the personnel employed by the organization must
be determined whose critical positions should be periodically
evaluated, as well as the consideration of all the routes used for the
transportation of materials and products, review of containers for
the prevention of contamination of shipments and integration of
electronic security systems and their correct placement in critical
areas.
Risk Evaluation (RE)
To carry out the risk analysis, the FMEA (Failure Mode and Effect
Analysis) methodology will be used, this procedure will allow us to
identify failures, evaluate and objectively classify their effects,
causes and identification elements, in order to avoid its occurrence
and have a documented prevention method.
The risk assessment will be carried out based on the formula of the
following parameters considered in the attached matrix
• Severity
• Occurrence
• Detection
* The "Repeated" incidents they should be considered more
seriously if they represent a pattern of failures in internal controls or
other more serious matters.
They should be established through the FMEA methodology and in
 agreement between the participants of the safety committee in the
supply chain of Carrier Mexico materials all the possible risks along
the chain in order to be classified according to the severity of the
consequence described within the matrix.
To obtain the PRN: Priority Risk Number is calculated based on the
information obtained regarding the multiplication of:
Severity x Occurrence x Detection = PRN

Within the scope of the FMEA, this can have a range from 1 to
1,000, considering that the severity, occurrence and detection
classification scale can be evaluated with a score of 1 to 10.
This result (PRN) being the final value or magnitude of risk,
classifying its final result as follows:
High: From 376 to 1000
Medium: from 201 to 375
Low: from 0 to 200
Map Supply Chain (9) - Foreign Manufacturer
Does the international portion he international part of the risk assessment documents and maps
of the risk assessment the load movement throughout the supply chain from point of origin
document or map the until distribution center, this mapping includes all trading partners
movement of cargo directly and indirectly involved in the export / asset’s movement,
throughout the supply chain also includes how load moves in and out of transportation facilities
from the point of origin to the and load centers it can be seen if the load is "at rest" in one of these
distribution center? Does the locations for an extended period of time.
mapping include all business
partners involved both directly
and indirectly in the
exportation/movement of the
goods? As applicable, does
mapping include documenting
how cargo moves in and out of
transport facilities/cargo hubs
and noting if the cargo is “at
rest” at one of these locations
for an extended period of
time? Cargo is more
vulnerable when “at rest,”
waiting to move to the next
leg of its journey.
Annual Review of RA (10) - Foreign Manufacturer
Are risk assessments reviewed Carrier Mexico has a procedure (SEG-P-PAT-24) Risk analysis in the
annually, or more frequently supply chain, in which it is established that the risk analysis will be
as risk factors dictate? This is a carried out once a year, in a way that identifies risks or threats
requirement. throughout the supply chain, that is to say, from suppliers to the

Business Resumption (11) - Foreign Manufacturer
Are written procedures in
place that address crisis
management, business
continuity, security recovery
plans, and business
resumption?
final customer, this in order to determine and detect any possible
risk in the operations in which all the commercial partners
participating in our chain are involved.
The risk analysis will be prepared, reviewed and updated by the
secure chain committee confirmed by property security personnel
leaders of Import & Export and foreign trade
They should be established through the FMEA methodology (Failure
Mode and Effect Analysis), this procedure will allow us to identify
failures, evaluate and objectively classify their effects, causes and
identification elements, in order to avoid their occurrence and have
a documented prevention method.
Must be established in agreement between the participants of the
safety committee in the supply chain of Carrier Mexico materials all
the possible risks along the chain in order to be classified according
to the severity of the consequence described within the matrix
There is a contingency plan in the supply chain documented in the
procedure SEG-P-PAT-32 Contingency plan shipments. The objective
of this procedure is to establish security and contingency measures
in cases of claims, factors or causes of force majeure, affecting the
supply chain of materials, as well as actions for the restoration of
operations.
The procedure includes the steps to follow in the event of any of the
following situations:
1. Natural disasters.
2. Accident on the way.
3. Theft of load.
4. Blockages.
5. Closure of customs, etc.