Back

Establish, implement, and maintain a chain of custody or traceability system over the entire supply chain.


CONTROL ID
08878
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Third Party and supply chain oversight, CC ID: 08807

This Control has the following implementation support Control(s):
  • Establish, implement, and maintain a system of transparency and controls over the entire supply chain., CC ID: 08879
  • Collect and disclose payments to purchasers., CC ID: 08880
  • Collect and disclose ownership information to purchasers., CC ID: 08881
  • Collect and disclose mine locations to purchasers., CC ID: 08882
  • Collect and disclose extraction information to purchasers., CC ID: 08883
  • Provide products per customer requests., CC ID: 08893
  • Collect and disclose facility locations to purchasers., CC ID: 08884
  • Provide product information to purchasers., CC ID: 08894
  • Collect and disclose supply chain members to purchasers., CC ID: 08885
  • Define the traceability documentation required for chain of custody certification., CC ID: 08895
  • Collect and disclose transportation routes to purchasers., CC ID: 08886
  • Implement chain of custody procedures., CC ID: 08896
  • Collect and disclose documentation of security forces to purchasers., CC ID: 08887
  • Validate the mine of origin for sourcing of materials against independent data., CC ID: 08897
  • Collect and disclose all local exporters to purchasers., CC ID: 08888
  • Trace materials to their origin., CC ID: 08898
  • Collect and disclose information provided by local exporters to purchasers., CC ID: 08889
  • Review documentation that justifies the sourcing and chain of custody., CC ID: 08899
  • Employ digital information sharing systems to assess supply chain due diligence., CC ID: 08918
  • Receive and follow up on supply chain grievances., CC ID: 08901
  • Establish, implement, and maintain supply chain onsite investigation procedures., CC ID: 08919
  • Establish, implement, and maintain a community-monitoring network to provide information about the supply chain., CC ID: 08922


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The organization should establish a chain of custody or traceability system over the mineral supply chain. (Annex I ¶ 1(C), OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • Upstream companies should have a chain of custody or traceability system that generates the mine the mineral originated from on a disaggregated basis for minerals from a "red flag location of mineral origin and transit". (Supplement on Tin, Tantalum, and Tungsten Step 1: C.4(1), OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • Upstream companies should have a chain of custody or traceability system that generates the quantity and dates of extraction on a disaggregated basis for minerals from a "red flag location of mineral origin and transit". (Supplement on Tin, Tantalum, and Tungsten Step 1: C.4(1), OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • Upstream companies should have a chain of custody or traceability system that generates where the minerals are consolidated, processed, or traded on a disaggregated basis for minerals from a "red flag location of mineral origin and transit". (Supplement on Tin, Tantalum, and Tungsten Step 1: C.4(1), OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • Upstream companies should have a chain of custody or traceability system that generates all taxes, fees, royalties, and other payments to governmental officials for extracting, trading, transporting, and exporting minerals on a disaggregated basis for minerals from a "red flag location of mineral or… (Supplement on Tin, Tantalum, and Tungsten Step 1: C.4(1), OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • Upstream companies should have a chain of custody or traceability system that generates all taxes and other payments to public security forces or private security forces on a disaggregated basis for minerals from a "red flag location of mineral origin and transit". (Supplement on Tin, Tantalum, and Tungsten Step 1: C.4(1), OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • Upstream companies should have a chain of custody or traceability system that generates the names of all persons in the upstream supply chain on a disaggregated basis for minerals from a "red flag location of mineral origin and transit". (Supplement on Tin, Tantalum, and Tungsten Step 1: C.4(1), OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • Upstream companies should have a chain of custody or traceability system that generates the transportation routes on a disaggregated basis for minerals from a "red flag location of mineral origin and transit". (Supplement on Tin, Tantalum, and Tungsten Step 1: C.4(1), OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • Upstream companies should establish a chain of custody or traceability system that collects and maintains disaggregated information for all gold input and output from a red flagged supply chain. (Supplement on Gold Step 3: § I.B.1, OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second Edition)
  • The auditor should ensure traceability is established between the receiving smelter and the supplying smelter for all purchases. (§ A(I) Applicable to ¶ 2, Conflict-Free Smelter (CFS) Program Supply Chain Transparency Smelter Audit Protocol for Tin, Tantalum and Tungsten, December 21, 2012)
  • Original manufacturers and distributors should be required to provide acquisition supply chain traceability and certificates of conformance. (App C § C.1, SAE AS 5553: Fraudulent/Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition, Revision A)
  • The manufacturer certification should include the manufacturer, distributor, distributor purchase order number, part number, quantity, and date code. (App C § C.2.2, SAE AS 5553: Fraudulent/Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition, Revision A)
  • The manufacturer certification must accompany parts shipped to the end user. (App C § C.2.2, SAE AS 5553: Fraudulent/Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition, Revision A)
  • Military parts bought through authorized distributors must include a certificate of conformance that shows the full supply chain traceability. (App C § C.2.2, SAE AS 5553: Fraudulent/Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition, Revision A)
  • The seller should able to provide full supply chain traceability for the purchased parts, to include the names and addresses of prior sources. (App D § D.1.1.a, SAE AS 5553: Fraudulent/Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition, Revision A)
  • Tracks, documents, and disseminates to relevant supply ICT chain participants changes to the provenance; (PV-2c., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)