The company shall provide an organizational chart which shows its structure, its legal status and the possession of the authorizations required by applicable current law. The organization chart shall include all the associated operating facilities (e.g. independent warehouses, storage areas and other logistics hubs, vehicles ownership, etc.).

In this case, both the company structure and management should be intended in a broad sense. All the parties involved and all other national and international businesses linked to the company under evaluation shall therefore be considered. As for the organization, it is essential to analyse all the transport and logistics processes, with special attention to third parties’ interventions (e.g. sub-carriers).

The Management must define and implement a company policy in accordance with the requirements of this document. Company policy must be communicated to all employees and interested parties.

The company shall implement a proper risk management system. In the food industry, a HACCP system based on the principles of the Codex Alimentarius must be adopted. The risk management or HACCP system shall cover all product groups and all process related to goods (from the receipt of goods to shipment and delivery).

The risk management or HACCP system shall highlight the differences in logistics management between packaged and unpackaged product and between controlled temperature and ambient temperature. The company monitoring system shall comply with the existing risk of the product. Furthermore, all the procedures that guarantee the physical protection of the goods (enterprise perimeters, gateways and transport phases procedures included) should be implemented and documented.

Appropriate procedures the hygiene of the staff, facilities, equipment and infrastructures shall be implemented and documented.

The visitors policy shall also provide product protection. Freight forwarders and loading/unloading operators that come in contact with the product shall be identified and they shall comply with the access rules defined by the company. Visitors and external service providers shall be identified and their access to the product storage areas must be registered. They shall be informed about the workplace policies and their visit shall be continuously monitored.

A proper maintenance schedule shall be planned, documented and maintained. It shall cover all the equipment to check its compliance with the product safety requirements. Environmental control requirements (e.g. temperature and humidity), which may influence the product quality and safety, shall be defined and implemented.

All vehicles and cargo transport units used for intermodal freight transport shall always have proper conditions. When a company relies on a third-party transport service provider, all the specific requirements shall be met on a regular basis.

The company shall establish, implement and maintain one or more processes to identify the possible risks and dangers. They shall take into consideration the following issues:

a) how the work is laid out, social factors (including workload, working hours, vexation, harassment and intimidation), leadership and organization culture;

b) both common and uncommon activities and situations, such as risks arising from:

• infrastructure, equipment, materials, substances and workplaces physical conditions;
• products and services design, research, development, testing, production, assembly, construction, service delivery, maintenance and disposal;
• human factors;
• working methodologies;

c) Major accidents occurred in the company, including emergencies and their causes

d) potential emergency situations;

e) people, meaning:

• those who have access to the workplace and their activities, including workers, contractors, visitors and others;
• those who may be influenced by the company activities by living in the proximity of the workplace;
• workers being in a place under the direct control of the company;

f) other factors, which should also consider:

• the design of workplaces, processes, installations, machinery/equipment, operating procedures and work organization and their adaptation to the workers’ needs and abilities;
• situations that occur close to the workplace caused the company activities;
• situations not under the control of the company and that occur close to the working area, which may cause injuries or illness to workers;

g) Changes in the organization, in its activities, in its processes and in the OH&S Management System

h) Changes in the perception of the risks and acquisition of new information about the issue

The company shall determine the environmental aspects of its activities, products and services that it can keep under control or exert an influence on. It shall also define the environmental impacts of these elements in a long-term perspective.

In the determination of the environmental aspects, the company shall also consider:

a) planned changes or new developments and new or updated activities, products and services;

b) any possible abnormal condition and any foreseeable emergency situation

The company shall:

a) identify compliance obligations in relation to its own environmental aspects;

b) determine how to apply these obligations to the company;

c) take these obligations into account when establishing, implementing, maintaining and continuously improving its environmental management system.
The company shall keep documented information concerning its compliance obligations.

The company should consider the below aspects required by the international road safety regulations in order to reduce the number of road accidents:

• Road design and relative speed;
• Choice of routes suited to the vehicle type;
• Use of equipment for staff safety;
• Maintenance of the correct speed in regards to vehicle type, traffic and weather conditions;
• Drivers’ health status, with special attention for fatigue, distractions, alcohol and drugs abuse;
• Safe route planning, which should consider the assessment of the travel necessity;
• Amount and means of travel;
• Route, vehicle and driver selection;
• Vehicle security, which should focus on the protection of its occupants;
• Protection of the other road users, road accidents reduction, technical inspections;
• Vehicle load capacity and security of internal and external loads;
• Proper authorization to drive a particular vehicle class;
• Avoidance of the use of vehicles and drivers unsuited to the road network;
• Post-accident response and first aid response, emergency preparedness;
• Post-accident recovery and rehabilitation.

The company shall prove that it has implemented proper training programs to the staff, which shall comply with the current regulations.

The company shall prove that it has taken out all the insurances to carry out its activities. The insurances selection is based on the risk assessment. The company shall regularly verify the adequacy of the chosen insurance products making comparisons with the reference market.

The company shall verify that the intermediaries (e.g. insurance intermediary, reinsurance intermediary, broker, etc.) meets all the legal requirements.

An adequate use of technology and a proper information system allow an effective flow of information. They facilitate a rapid reaction to any unexpected event which may happen in a typical working day, both in terms of security and business continuity.

Beside the performance aspects linked to the technological progress, particular attention shall be payed to the protection of information. The company shall indeed define and implement a risk management process for information security in order to:

a) identify proper actions to reduce risks associated to the security of information, in accordance with the results of the risk assessment;

b) determine all the controls needed to implement the identified actions to reduce the risks associated to information security.

The company shall clearly describe its values, principles, rules of conduct and implemented standards to show how it supports and directs the reputational aspects and its ethical behaviour towards the concerned parties, also from a communication and business image perspective.

The company shall give clear evidence about how it avoids any kind of discrimination, abuse and harassment and how it complies with labour laws.

The company shall implement a procedure for assessing the risk of corruption, which should also include the criteria used for the risk assessment.

The organization shall give the possibility to report unethical or illegal behaviour without the risk of retaliation against those who do so. The company shall track and record all the measures taken against the firm itself by control authorities and judicial bodies.