Notice to CSX Current and Potential Suppliers: Security of Supply Chains

CSX is a participant in the Customs-Trade Partnership Against Terrorism (C-TPAT) program of U.S. Customs and Border Protection (CBP). This voluntary public-private partnership program is focused on improving the security of international and domestic supply chains against terrorism, illicit entry into or misuse of facilities, cargo and means of transportation and communications, and other threats. C-TPAT allows companies to be considered lower risk, resulting in expedited processing of their cargo and generally facilitating the free flow of trade.

Participating in C-TPAT protects CSX, its facilities, employees and the communities CSX serves from the risks of terrorist attacks and other illegal activities by promoting and maintaining the security of CSX’s supply chains. CSX puts safety first, including security as an essential element of safety.

CSX’s C-TPAT participation requires promulgation and enforcement of a documented process for determining and mitigating risks throughout CSX’s various supply chains. By reviewing relevant factors, CSX assesses its potential and current suppliers to determine the level of review CSX should exercise to ensure those suppliers meet and maintain acceptable security standards. CSX elicits from such suppliers information deemed necessary for this purpose, with the ultimate goal of minimizing risks inherent in the receipt, storage, handling and movement of commodities on CSX’s several means of transportation. Results of CSX’s assessment guide the nature, amount and frequency of information elicited. CSX protects the privacy of all such information, but CSX nevertheless must comply with applicable laws and regulations requiring disclosure to appropriate authorities.

Each supplier will be required to demonstrate to the reasonable satisfaction of CSX that the supplier: (1) is a currently certified participant in C-TPAT or Canada’s analogous Partners in Protection (PIP) program; (2) meets the minimum security requirements of C-TPAT or PIP; or (3) meets other minimum security requirements appropriate for the goods or services the supplier provides to CSX and the manner in which the supplier so provides such goods or services. If a supplier is C-TPAT or PIP certified, no further review is necessary other than periodic confirmation of the supplier’s continuing certification status. If a supplier is not C-TPAT or PIP certified, CSX will elicit information about the supplier and its business to permit CSX’s assessment of any risks involved in doing business with that supplier. The number, degree and type of risk factors may result in CSX’s defining action programs designed to compensate for the risk level and to promote safe and secure operations throughout CSX’s supply chains.

Suppliers on the U.S. General Services Administration’s “List of Parties Excluded from Federal Procurement and Nonprocurement Programs”, the Treasury’s Office of Foreign Assets Control “Specially Designated Nationals” list, or any other sanctioned or denied party list cannot be CSX business partners.

All suppliers’ cooperation with the principles outlined above will help CSX support the United States and Canada in protecting our safety and maintaining the security of the international supply chain.