3.III.4.3 Trade standards and certifications

1. Certified according to ISO 27001

   ISO 27001 is a global standard published by ISO (International Organization for Standardization) relating to information technology security and the protection of electronic information systems. The standard includes provisions on information technology and security, as well as requirements applicable to information security management systems. It also specifies the requirements for the development, introduction, monitoring, maintenance, and improvement of documented information security management systems. In this sense, an ISO 27001 certification is applicable to different sectors; For example, the formulation of information security requirements and objectives and cost-effective security risk management ensure compliance with laws and regulations.

2. ISO 9001:2015 (where applicable, combined with ISO 14001:2009)

   The ISO 9001 standard, created by ISO, includes significant proposals for improving quality management in companies. Its objective is to strengthen the efficiency of companies and enhance quality assurance. In this sense, customer requirements must be met through a specific quality management process. Ultimately, customer satisfaction will increase.

   Regarding the application process for AEO status, ISO 9001:2015 certification can be useful, for example, to assess the internal control system.

3. ISO 28000:2007

   Under ISO 28000:2007, companies can receive certification for having an adequate security management system in place for international supply chain security. ISO 28000:2007 is the framework standard, and the safety and security requirements of this specific standard are very general.

   However, another ISO standard in the 28000 series, ISO 28001:2007, includes much more specific requirements for supply chain security and is proposed to be compatible with the WCO SAFE AEO criteria. Therefore, compliance with ISO 28001, pursuant to Article 28(2) of the AE CAU, must be considered by customs authorities in the context of authorization as an AEO.

4. TAPA Certificates

   TAPA is an association of people responsible for safety and logistics in the fields of production and logistics. The goal of this international association is to protect your particularly expensive goods from theft and loss during storage, transshipment, and transportation. TAPA certificates are issued in accordance with the cargo safety regulations developed by this organization. Under these regulations, controls relating to compliance with the standards are carried out by a neutral certification body (TAPA A or B certificates) or are carried out through self-assessment by the company concerned (TAPA C certificate). TAPA's cargo security regulations include instructions on the safety of buildings, equipment, and processes during the storage and transportation of goods.

   The granting of certification (A and B certificates) in accordance with the requirements of the cargo security standards established by TAPA requires a high degree of compliance with physical security standards by the certificate holder.

   In any case, it is still important to note that TAPA certificates are issued to each business center individually, and not to the entire company.