Getting to know the Customs-Trade Partnership Against Terrorism (C-TPAT)

Picture of Geoffroy De Cooman

Added on by

cargo-cargo-container-clouds-1427541

Security. It's a term that's been on our minds more often than we'd like, particularly in the last decade. 

Whether it's consciously or not, most of us are interested to know more about ways we can keep people safer in a world where everything has been greatly changed by technological progress. So maintaining security and preventing breaches is a continuous and complex process, and can get costly without a strategy in place. 

There are more than 800 individual regulators worldwide and every year companies spend more than $100bn on their compliance functions.— Ari Helgason, Index Ventures

Similar to how your business needs to know exactly you're inviting into your premises, governments have developed and implemented a series of procedures and programs intended to keep the bad guys out and every citizen safe and sound.

The C-TPAT is one of them.

What is C-TPAT?

Launched in 2001, the Customs-Trade Partnership Against Terrorism or C-TPAT for short, represents a voluntary logistics and supply chain partnership program led by the U.S. Customs and Border Protection Agency (CBP) with two goals in mind:

  1. strengthening and improving U.S. border security, and
  2. helping businesses grow their supply chains under safe practices

As such, this can only happen by cooperating with the ultimate owners of the international supply chain such as importers, carriers, consolidators, licensed customs brokers, and manufacturers.

When a business joins C-TPAT, an agreement is made with the CBP to protect the supply chain, identify security gaps, and implement specific security measures along with best practices.

Implementing a visitor management system that aids in your regulatory compliance journey is one big step in the right direction.

How can you become a C-TPAT partner?

Participation in the C-TPAT is voluntary and there are no fees for joining the program.But you will have to meet a range of specific and unique requirements centered around four core principles:

  1. Security
  2. Accountability
  3. Increasing transparency
  4. Reducing terrorism risks

C-TPAT-regulatory-compliance-1The application process happens online in four steps.

Step 1

The first step requires a company to review the C-TPAT Minimum Security Criteria for their business entity to determine if they are eligible for this program. 

Step 2

The second step is to submit the application via the C-TPAT Portal. There are two components to the application process:

  1. the company profile, and
  2. the security profile.
Note: The company profile section of the application will ask for basic information such as the name of the company, address, contact information, etc. Once the company profile is complete, an account is created in the C-TPAT Portal. 

Step 3

The next step is for the company to complete a supply chain security profile.

The security profile section of the website requires your company to conduct a comprehensive self-assessment of your supply chain security procedures using the C-TPAT security guidelines.

These guidelines encompass the following areas (more detail on each here): 

  • Business Partner Security

  • Container Security

  • Physical Access Controls 

  • Personnel Security

  • Procedural Security

  • Security Training and Threat Awareness

  • Physical Security

  • Information Technology Security

The answers you provide will be used by a Supply Chain Security Specialist (SCSS) to determine your company’s ability to meet C-TPAT minimum security requirements and also, to provide guidance for program compliance. 

Step 4

Finally, the C-TPAT program officials will have up to 90 days to certify a company into the program or to reject the application. If certified, your company will be validated within a year of certification.

What do the C-TPAT security best practices involve?

Every C-TPAT Partner should comply with the following requirements, as stated in CBP’s documentation (updates to these can be found on the C-TPAT portal). LEt's take a closer look at each requirement:

Business Partner Security

  1. Conduct periodic audits of business partners accompanied by a third-party security firm. In this situation, the firm should provide a written assessment of business partners’ adherence to C-TPAT minimum security requirements. In case of non-compliance, interrupting the business relationship is advised.
  2. Conduct periodic tabletop exercises to address security breacheswithin the supply chain and organize a “quick response team” to investigate suspicious activities discovered during cargo transportation. 

Container Security 

  1. Use tamper-indicative security labels presenting an actual photo of the seal and a serial number, attached to the hinges and between the two doors of the vehicles.
  2. Use multiple ISO/PAS 17712 certified high-security seals on all shipments bound to the U.S. 
  3. Use a dock locking arm to anchor the container chassis to the loading dock. 
  4. In addition to using a bolt seal, attach a cast iron J-bar device to the locking bar.

Physical Access Controls

  1. Ensure that employees’ identity can be easily verified with the help of an electronic access system monitor - the security guard in the area has to establish that the individual entering matches the photo displayed on the monitor.
  2. Issue all visitors thermal-activated visitor ID badges featuring expiration marking/coloring that appears after eight hours. 
  3. Make sure that the exterior doors of buildings are equipped with two-person key systems that require a company manager and security guard to unlock the facility.

Personnel Security 

  1. Use fingerprinting to document the identity of all new employees, and provide an employee list to national authorities on an annual basis for additional screening.
  2. Conduct exit interviews as a routine part of the employee termination process. A counselor should be present to evaluate the likelihood that a terminated employee could pose a retaliation threat. 

Procedural Security 

  1. Use tamper-evident tape with serial numbers to seal cartons, and verify the serial numbers against the packing list when loading and at the final destination.
  2. Schedule all deliveries at distribution centers in advance using an online automated tool, and ensure that upon arrival, drivers provide security guards with shipment-linked delivery numbers for verification.

Security Training and Threat Awareness 

  1. Require new employees to complete a multiple-module security training program. Also, publish security updates via an intranet.
  2. Conduct a semi-annual security awareness training seminar for all U.S. based suppliers, customers, and other business partners.

Physical Security 

  1. Install a double-layered perimeter fence, creating a secure zone between the two fence lines. Ensure that both fences are equipped with electronic monitoring capabilities and that the outer fence incorporates underground concrete to deter tunneling.
  2. Maintain multiple alarm systems that include door contacts, heat and vibration sensors, and seismic movement detectors.
  3. Position security guard view towers at each corner of the facility perimeter with sight-lines that permit views of activity inside and outside the facility. 

Information Technology Security 

  1. Install software on employees’ laptops that allows management to delete information from hard drives from a remote location.
  2. Require computer users to sign an agreement of liability for the use of the company’s information systems and renew these agreements each time a password change is initiated.
  3. Equip computers with biometric retina scanners for authentication and identification purposes.

For example, with Proxyclick, you can easily begin your compliance journey by tracking visitors contractors coming in and moving around your facilities using access control integrations. This way you’ll be able to protect your people and your data with extra layers of security right from the start.

What benefits does the C-TPAT program offer to partner businesses? 

Becoming a C-TPAT Partner gives you access to a variety of benefits, the most important one being the active role you’ll play in working closely with the U.S. Government in its war against terrorism. 

As mentioned by the C-TPAT, some of the main benefits of the program include:

  • Reduced number of CBP examinations
  • Front of the line inspections
  • Reduced border wait times
  • Possible exemption from Stratified Exams
  • Assignment of a Supply Chain Security Specialist to the company
  • Access to FAST lanes at the borders with Canada and Mexico
  • Access to the C-TPAT web-based Portal system and a library of training materials
  • Eligibility for other U.S. Government pilot programs like the Food and Drug Administration’s Secure Supply Chain program
  • Business resumption priority following a natural disaster or terrorist attack
  • Importer eligibility to participate in the Importer Self-Assessment Program (ISA)
  • Priority consideration at CBP’s industry-focused Centers of Excellence and Expertise

Moreover, the process improvements required by the C-TPAT program will ensure your site, personnel, and data security for more business, better security and lower fines. 

How does Proxyclick help you comply with the C-TPAT?

So where does the the right cloud-based visitor management system fit into your compliance objectives? There are a number of things you can do with our solution:
  • Create custom workflows for visitor and contractor management that is documented for continuity of business
  • Enforce mandatory pre-registration of all visitors and contractors for stronger security measures
  • Screen visitors and contractors against global watchlists
  • Send real-time yet discreet security alerts according to your escalation policy
  • Scan government-issued IDs use ID Match facial recognition for identity verification at check-in 
  • Verify countries of origin or citizenship of your visitors and contractors
  • Ask custom check-in questions to determine the purpose of the visitor and level of authorization needed
  • Send automated notifications to hosts to keep everyone aware of visitors' check-ins
  • Screen visitors and contractors against global watchlists
  • Send real-time yet discreet security alerts according to your escalation policy
  • Capture visitors' digital signatures on legal documents and NDAs
  • Print custom visitor badges with photos, QR codes for access, and detailed information for fast identification and authorization
  • Grant and restrict access to areas of your premises with access control integrations
  • Track visitor history and their precise movements for reporting and audit purposes
  • Depend on secure cloud storage of your visitor data
  • Export data for C-TPAT certification preparations

We can all be compliance heroes

Just as the CBP efforts focus on protecting the trade and the U.S. borders, so must businesses ensure that their brand, employees, and customers are protected to the best of their abilities. 

With great business comes great responsibility. 

If you're anything like us then you know the importance of being prepared to defend your customers’ security by never leaving compliance up to chance. 

Check out our regulatory compliance guide for more information on how our visitor management solution helps you in your compliance efforts!

 


Like this article? Spread the word.