Factories & Suppliers

A SCAN‑audited factory is any manufacturing facility or production site anywhere in the world that undergoes a SCAN security audit but does not qualify for membership status within the SCAN Association.

Benefits of being a SCAN audited factory or supplier:

• Visibility with Key Global Partners: As a SCAN audited facility, your factory will be assigned a SCAN ID, an identifier of trust to SCAN importers and U.S. Customs and Border Protection.
• Elimination of Audit Fatigue: Less frequency of supply chain security audit requests.
• Efficiencies: Reduced overall audit costs due to fewer audit requests so your factory can concentrate on operations.
• Global Supply Chain Security Standard: Your factory will be audited under a globally recognized set of supply chain security standards.
• Corrective Action Integration: Standardized approach for Corrective Actions with guided support from the SCAN Program Management Team to address gaps identified during the audit process.
• Training Access: Access to the SCAN Factory and Supplier Training plus additional specialized training sessions covering topics directly extracted from factory feedback.
• Addressing Climate Change: SCAN factories can demonstrate to government agencies, customers, and sustainability partners that they are proactively addressing climate change by adopting SCAN’s virtual or immersive audits, thereby reducing greenhouse‑gas emissions while maintaining high standards of supply‑chain security and compliance.

Audit Fees:

The factory audit fee will depend on whether your factory is currently associated with a SCAN Executive Member.

• Sponsored Audits are those that are associated with a SCAN Executive Member (importer).
• Non-Sponsored Audits are those that are self-initiated by a location that would like to be audited by SCAN independently.

There will be a registration fee of $250 for Sponsored Audits and a $1000 fee for Non-Sponsored Audits.

Order a SCAN Audit

SCAN Security Audit Cadence and Report Validity

The SCAN onsite/immersive audit is valid for one year. To qualify for a 2-year audit cadence, a facility must meet all of the following criteria:

• Be associated with a SCAN Member in good standing at time of the original audit.
• Achieve an audit compliance score of 95% or higher, with all Corrective Actions fully addressed and approved by SCAN.
• Or: achieve an audit compliance score between 85% and 94%, provided the country security risk level is Low, Guarded, or Elevated, and all Corrective Actions are fully addressed and approved by SCAN.
• In addition to the above requirements,12 months after the onsite/immersive audit was conducted, the facility must complete a SCAN Supply Chain Security Audit (Year 2 Self Audit) assigned by the SCAN Program Management Team. Failure to complete the Year 2 Self-Audit within the designated timeframe will result in an immediate assignment of an onsite/immersive audit, which will replace the self-audit.

Important Note: Regardless of the criteria above, the Year 2 Self Audit may change to an onsite/immersive audit based on the Country Security Threat Index at time of annual review, and vice versa.

Under any circumstance listed below, the facility will not be eligible for the 2-year audit cadence, and the audit will be valid for 1 year only:

• CAPAs are not completed or submitted, the report will be tagged “CAPAs: No response – Closed“.
• CAPA rejected due to the audited facility not submitting sufficient response based on SCAN requirements after 3 CAPA rounds. Your score for this question will remain unchanged and the report will be tagged “CAPAs: Partially addressed – Closed“.
• Selecting the option “Will not implement/will not comply with corrective action request” as this indicates acknowledgement of the non-compliance. Your score for this question will remain unchanged and your report will be tagged “CAPAs: Recommendations Rejected – Closed“.

SCAN Audit & CAPA Process:

Before the Audit:

• Please arrange with the assigned Audit Service Provider to pay and set a date for your SCAN Security Audit as soon as possible. Payment must be completed to secure the audit date.
• Audit must be completed on or prior to the assigned audit due date.
• The assigned Audit Service Provider will provide you with a SCAN Pre-Audit Checklist for you to prepare for the audit. Make sure your team reviews the Pre-Audit Checklist prior to the audit date.
• You will be notified via email to complete the following REQUIRED training prior to the audit day: SCAN Factory and Supplier Training Course.
• The SCAN Factory and Supplier Training Course must be completed prior to your audit date. If you are unable to show the auditor the training certificate indicating that you have completed the training by the time of the audit, a critical corrective action will be assigned after the audit.

After the Audit: Next Steps & Corrective Actions

Following the audit completion, the completed audit is provided to the SCAN Program Management Team for processing.

• SCAN’s Program Management Team (PMT) will review the report and will assign Corrective Actions as appropriate.
• Corrective Actions will be assigned to all non-compliances found during the audit.
• You will be notified of all Corrective Actions via email within 17 days after the audit.
• You are expected to respond to all Corrective Actions within 60 days from the date you are notified.
• After you respond to Corrective Actions, SCAN PMT will review your responses and will follow up with you if further clarification or documentation is needed.
• If additional clarification or documentation is needed, the audit reviewer will provide you an updated due date for response.
• If/When all responses are received and meet criteria, the report will be marked as “Reviewed” and you will be notified via email.

It is very important that all concerns regarding the corrective action process or audit- related timeline should be directed to the SCAN PMT. You can reach the team at scan@scrisksolutions.com

Audit Cancellation, Denied Entry, Rescheduling, Integrity Issues

The audit company may retain payment in these situations:

• When the audit is cancelled by the facility being audited within 14 calendar days of the audit scheduled date.
• An audit rescheduled within 3 days of the scheduled date is considered the same as cancelled. The audit company will retain the audit fee already collected, and an additional fee may be charged for the new audit date.
• When a facility re-schedules an audit within 14 days of the actual schedule audit date, the audit company may collect any expenses paid from the facility that cannot be reimbursed due to the audit change.
• When an auditor is at the facility on the scheduled date and is denied entry.
• Any violation of SCAN’s integrity program will result in the facility’s audit results being flagged, blocking all distribution of audit results until the facility has provided SCAN with sufficient proof that the issue has been fully remediated. A required remedy will be that the facility will need to undergo an immediate follow up audit.