Customs Trade Partnership Against Terrorism (CTPAT)
As a voluntary supply chain security program based on trust, CTPAT is open to members of the trade community who can demonstrate excellence in supply chain security practices and who have had no significant security related events. While each application to the CTPAT program is considered on an individual basis, applicants need to take into account that if issues of concern do exist, they may result in CBP determining the applicant to be ineligible for participation in the program.
Importer Eligibility Requirements
- Be an active U.S. Importer or Non-Resident Canadian Importer. Active is defined as having imported goods into the U.S. within the past 12 months.
- Have and maintain an active U.S. Importer of record (IOR) number in one of the following formats: U.S. Social Security Number, Internal Revenue Service assigned ID(s), or CBP assigned Importer ID.
- Have and maintain a valid continuous import bond registered with CBP and operate a business office staffed in the United States or Canada.
- Designate a company officer that will be the primary cargo security officer responsible for CTPAT.
- Sign the “CTPAT-Partner Agreement to Voluntarily Participate” and demonstrate commitment to the obligations outlined in this Agreement. This document is signed by a Company officer when the company applies for CTPAT membership via the CTPAT Portal.
- Complete a supply chain security profile in the CTPAT Portal, identifying how the company meets and maintains the Program’s MSC for U.S. Importers.
- Maintain no evidence of financial debt to CBP for which the responsible party has exhausted all administrative and judicial remedies for relief, a final judgment or administrative disposition has been rendered, and the final bill or debt remains unpaid at the time of the initial application or annual renewal.
Remember that participation in C-TPAT is voluntary, but the benefits can significantly improve your trade operations.
The Customs-Trade Partnership Against Terrorism (C-TPAT) offers several benefits to participating companies:
- Supply Chain Security: C-TPAT helps enhance the security of your supply chain by implementing best practices and risk-based security measures. This reduces the vulnerability to theft, tampering, and other security threats.
- Expedited Processing: C-TPAT members enjoy faster processing times at ports of entry. This means reduced wait times for inspections, quicker cargo release, and improved efficiency.
- Reduced Inspections: CBP (Customs and Border Protection) conducts fewer physical inspections on C-TPAT shipments, saving time and resources for both importers and CBP.
- Priority Access: C-TPAT participants receive priority access to certain CBP programs and initiatives, such as the Free and Secure Trade (FAST) program for expedited border crossings.
- Risk Mitigation: By implementing security measures, companies can better protect their goods from theft, damage, and unauthorized access. This leads to reduced financial losses and business disruptions.
- Global Recognition: Being part of C-TPAT demonstrates your commitment to supply chain security, which can enhance your reputation with international partners and customers.
- Eligibility Check: Ensure that your company meets the eligibility criteria. Generally, importers, carriers, brokers, and other supply chain partners can participate. Visit the CBP website for specific eligibility details.
For eligibility of the C-TPAT program the following needs to occur:
Risk Assessment:
- CBP will review your application and conduct a risk assessment.
- They may request additional documentation or clarification.
Validation Process:
- If your application is approved, CBP will schedule a validation visit.
- During the visit, CBP officers will assess your security practices, procedures, and physical facilities.
- Address any findings or recommendations from the validation process.
Agreement and Certification:
- Sign the C-TPAT agreement, committing to maintaining security standards.
- Receive your C-TPAT certification upon successful validation.
Maintain Compliance:
- Continuously adhere to C-TPAT security criteria.
- Participate in annual security reviews and self-assessments.
- Remember that C-TPAT is a voluntary program, but it offers significant benefits for supply chain security and trade facilitation.
The Customs-Trade Partnership Against Terrorism (C-TPAT) has specific security criteria that participating companies must meet. Here are the key areas:
- Business Partner Requirements: Ensure your business partners (suppliers, vendors, etc.) also follow security best practices.
- Procedural Security: Implement documented security procedures for handling cargo, personnel, and information.
- Physical Security: Secure your facilities, including access controls, perimeter protection, and surveillance.
- Personnel Security: Screen employees, provide security training, and manage access to sensitive areas.
- Education and Training: Regularly train staff on security protocols and threat awareness.
- Access Controls: Limit access to authorized personnel and maintain visitor logs.
- Manifest Procedures: Accurately document cargo information for tracking and security purposes.
- Information Security: Safeguard sensitive data, including cybersecurity measures.
Regularly reviewing and updating your security procedures is crucial for maintaining a robust supply chain security program. Here are some guidelines:
Scheduled Reviews:
- Conduct formal reviews at least annually. Set a specific date or timeframe to assess your procedures comprehensively.
- Consider additional reviews after significant changes (e.g., expansion, new partners, regulatory updates).
Risk-Based Approach:
- Evaluate risks associated with your supply chain. Focus on high-risk areas or processes.
- Prioritize updates based on risk assessments.
Incident-Driven Updates:
- After security incidents (e.g., theft, breach), review and enhance relevant procedures promptly.
- Learn from incidents to prevent recurrence.
Personnel Training:
- Regularly train employees on security protocols.
- Update procedures if there are changes in personnel responsibilities.
Industry Changes:
- Stay informed about industry best practices, regulations, and emerging threats.
- Adjust procedures accordingly.
- Reviews
Personnel Training:
- Regularly train employees on security protocols.
- Update procedures if there are changes in personnel responsibilities.
Industry Changes:
- Stay informed about industry best practices, regulations, and emerging threats.
- Adjust procedures accordingly.
To become CTPAT certified, your company must meet specific security requirements. Here are the eligibility criteria for different types of partners:
- Importers:
- Be an active U.S. importer or non-resident Canadian importer with recent imports into the U.S. within the past 12 months.
- Have an active U.S. Importer of Record (IOR) number.
- Maintain a valid continuous import bond registered with CBP.
- Operate a business office staffed in the U.S. or Canada.
- Exporters:
- Be an active U.S. exporter with a documentable Employee Identification Number (EIN) or Dun & Bradstreet (DUNS) number.
Maintain a business office staffed in the U.S.
Other partners (such as carriers, customs brokers, and manufacturers):
Demonstrate excellence in supply chain security practices.
Have no significant security-related events.
Meet industry-specific security requirements.
Remember, each application is considered individually, and CBP assesses eligibility based on trust and security practices. If your company qualifies, you can actively participate in the CTPAT program!
Process
The certification process for CTPAT varies based on several factors, but here’s a general overview:
- Application Submission: After submitting your application, CBP reviews it for completeness and eligibility. This initial step typically takes a few weeks.
- Validation Process: If your application is accepted, CBP schedules an on-site validation visit. The duration depends on your company’s size, complexity, and location. It can range from a few days to several weeks.
- Corrective Actions: If any security gaps are identified during the validation, you’ll need to address them. The time required depends on the specific issues found.
- Final Approval: Once all requirements are met, CBP grants certification. This step usually takes a few weeks.
Overall, the process can take several months from application to certification. Remember that maintaining consistent security practices is essential to remain certified.
During the validation visit, CBP representatives visit your company’s facilities to assess your supply chain security practices. Here’s what typically occurs:
Interviews: CBP interviews key personnel, including security coordinators, managers, and employees. They discuss security procedures, documentation, and compliance.
Physical Inspection: Inspectors examine your facilities, cargo handling areas, storage spaces, and security measures. They verify compliance with CTPAT security criteria.
- Document Review: CBP reviews your security-related documents, such as security plans, training records, and incident reports.
- Security Assessment: Inspectors evaluate your security practices against CTPAT’s minimum security criteria. They may ask for evidence of specific security measures.
- Corrective Actions: If any deficiencies are found, you’ll receive recommendations for corrective actions. Address these promptly to maintain certification.
Remember, the validation visit is an opportunity to demonstrate your commitment to supply chain security.
Procedure:
CTPAT Trade Compliance Handbook:
Refer to the CTPAT Trade Compliance Handbook provided by the U.S. Customs and Border Protection (CBP).
- It offers detailed guidance on modernized trade compliance within the program.
- Understand the requirements and best practices outlined in the handbook.
Written Cybersecurity Policies:
- Develop comprehensive written cybersecurity policies and procedures based on industry standards
- Ensure they cover data protection, access controls, incident response, and risk management.
Regular Training:
- Train employees on C-TPAT security protocols.
- Reinforce the importance of compliance and vigilance.
Risk Assessments:
Conduct regular risk assessments of your supply chain.
Address vulnerabilities promptly and adjust procedures as needed.
Internal Audits:
- Regularly audit your security practices.
- Identify gaps and implement corrective actions.
Remember, consistent compliance strengthens your supply chain security and facilitates smoother processing by CBP
Validation
During the CTPAT validation process, there are several common reasons why companies may fail:
- Inadequate Documentation: If your security-related documents (such as security plans, training records, or incident reports) are incomplete, outdated, or don’t align with CTPAT requirements, it can lead to a failed validation.
- Lack of Employee Training: Insufficient training for employees regarding security protocols and procedures can be a red flag. Regular training ensures everyone understands their roles in maintaining security.
- Physical Security Gaps: Any physical vulnerabilities, such as unsecured access points, inadequate fencing, or poorly monitored areas, can result in a failed validation.
- Non-Compliance with Security Measures: If your company doesn’t consistently implement the security measures outlined in your security plan, it can jeopardize certification.
- Insufficient Supply Chain Partners’ Cooperation: CTPAT encourages collaboration across the supply chain. If your partners (e.g., carriers, suppliers) don’t meet security expectations, it can impact your validation.
If a company fails CTPAT validation, CBP provides guidance on addressing the identified deficiencies. The company must promptly implement corrective actions to meet security requirements. Failing validation doesn’t automatically result in removal from the program, but consistent non-compliance may lead to suspension or removal. It’s crucial to maintain robust security practices and address any gaps promptly.
The timeframe for addressing deficiencies identified during CTPAT validation varies. CBP typically provides a reasonable period for corrective actions, considering the specific issues found. It’s essential to promptly address any gaps and demonstrate commitment to supply chain security.
If you find it challenging to address the deficiencies within the specified timeframe, communication is key. Reach out to CBP promptly and explain the situation. They understand that unexpected obstacles can arise. By maintaining open communication and demonstrating your commitment to resolving the issues, you can work collaboratively toward a solution.
CBP conducts revalidations for CTPAT partners on a three-year cycle. During the revalidation process, CBP reviews your security practices, documentation, and compliance to ensure ongoing adherence to CTPAT requirements. It’s essential to maintain consistent security measures throughout the certification period.
Preparing for a successful CTPAT revalidation involves several key steps:
- Review Your Security Measures: Assess your existing security practices against CTPAT criteria. Ensure that all required measures are consistently implemented.
- Update Documentation: Review and update security-related documents, including security plans, training records, and incident reports. Make sure they reflect any changes or improvements since the last validation.
- Employee Training: Conduct refresher training for employees on security protocols. Reinforce their understanding of their roles in maintaining supply chain security.
- Incident Reporting: Ensure that your incident reporting procedures are effective. Promptly document and address any security incidents.
- Collaborate with Partners: Engage with supply chain partners (carriers, suppliers, etc.) to verify their compliance with security requirements. Collaboration is essential.
- Physical Security: Inspect your facilities for any physical vulnerabilities. Address gaps related to access points, fencing, and monitoring.
Stay Informed: Keep up-to-date with any changes in CTPAT requirements or guidelines.
Consistent security practices
Maintaining consistent security practices across global supply chains can be challenging due to various factors:
Diverse Regulations:
- Different countries have varying security regulations and standards.
- Harmonizing practices across borders can be complex.
Cultural Differences:
- Cultural norms affect how security measures are perceived and implemented.
- Bridging cultural gaps is essential for uniform compliance.
Language Barriers:
- Communication challenges arise when dealing with multilingual partners.
- Misunderstandings can impact security procedures.
Supply Chain Complexity:
- Global supply chains involve multiple stakeholders (suppliers, carriers, warehouses).
- Coordinating security efforts across this complexity is demanding.
Third-Party Risk:
- Outsourcing parts of the supply chain introduces risk.
- Ensuring third parties adhere to security standards is critical.
Technological Advancements:
- Cybersecurity threats evolve rapidly.
- Keeping up with technology and securing digital aspects is a challenge.
Resource Constraints:
- Smaller companies may lack resources for robust security practices.
- Balancing cost and effectiveness is crucial.
DHS/CBP/PIA–013 Customs-Trade Partnership Against Terrorism (C-TPAT)
Customs-Trade Partnership Against Terrorism (C-TPAT) is a U.S. Customs and Border Protection (CBP) voluntary trade partnership program in which CBP and members of the trade community work together to secure and facilitate the movement of legitimate international trade. The program focuses on improving security throughout the supply chain, beginning at the point of origin (including manufacturer, supplier, or vendor) through a point of distribution to the destination. C-TPAT member companies, called partners, agree to implement certain security procedures throughout their supply chains to protect those supply chains from terrorist infiltration and other illegal activities that threaten the security of the United States. C-TPAT partners who undertake these protections receive facilitated processing by CBP. As a result, the program helps CBP achieve its twin goals of improving security while facilitating the flow of global trade. In the course of enrolling, certifying, and validating C-TPAT applicants/partners and their supply chains, the C-TPAT system will receive personally identifiable information and confidential business information from the applicant/partner, as well as sensitive law enforcement information from existing law enforcement systems. February 2021
As of now, there are over 11,400 certified partners in the Customs Trade Partnership Against Terrorism (CTPAT) program. These partners span various sectors within the trade community, including U.S. importers/exporters, carriers, customs brokers, and more. CTPAT aims to enhance supply chain security and mitigate risks by fostering collaboration between partners and U.S. Customs and Border Protection (CBP). By participating in CTPAT, companies can take an active role in safeguarding supply chains against potential threats while enjoying benefits like reduced CBP examinations, priority consideration, and access to specialized programs 1. If you’re interested in joining CTPAT, the application process is voluntary and straightforward.
CTPAT Highlights
- CTPAT Global Presence Map
- CTPAT 2023 Impact Report
- CTPAT Introductory Video
- CBP CTPAT 20th Anniversary Video
- CTPAT University of Houston Study Results
- CTPAT Workshops and Events
The World BASC Organization and U.S. Customs and Border Protection
U.S. Customs and Border Protection’s (CBP) Deputy Commissioner Robert E. Perez tasked the Customs-Trade Partnership Against Terrorism (CTPAT) program to lead a CBP wide effort to further strengthen the working relationship between the World BASC Organization (WBO) and CBP. CTPAT worked diligently with the leadership of the WBO on a strategy that culminated in the CBP-WBO Action Plan. Under such a plan, both organizations identified nine objectives or areas of cooperation, including:
- The establishment of a Maritime Security Committee – a forum of Government and international organization representatives, as well as private sector experts, where challenges to the maritime environment are discussed so that we can better coordinate our collective approach in making sure that the global supply chain remains secured.
- The recognition of a BASC Supply Chain Partner – When a CTPAT Member has a BASC certified company as part of its supply chain, the CTPAT member only needs to document that this business partner is BASC certified in order to meet its CTPAT business partner monitoring and oversight obligations.
- CTPAT Access to the World BASC Databases – The WBO agreed to provide CBP personnel with access to both of its web-based databases – Global BASC and SIBASC.
- Sharing of intelligence between the two organizations to institutionalize information-sharing arrangements.
- The creation of a Supply Chain Security Committee – An expert group where supply chain security issues are discussed with organizations from the private sector that mirror what CTPAT does in the Public sector.
- The objectives under the CBP-WBO Action Plan will yield benefits to both organizations and to the trade at large –including CTPAT Members. Today, more than ever, with limited resources in both government and business, CBP must foster a global supply chain system that is prepared for, and can withstand, evolving threats.
Our approach with the WBO integrates and spurs efforts across the United States Government, as well as with the private sector and the international community. BASC Background – www.wbasco.org The Business Anti-Smuggling Coalition was created as a program in 1996 by legacy U. S. Customs Service. Teams of Customs enforcement officers travelled regularly to Latin America to promote the program and engage the business community in combating drugs destined for the United States. In 2002, after the creation of the CTPAT program, U.S. Customs passed the “BASC” baton to the private sector where it was formally established as a nonprofit organization named the World BASC Organization (WBO). Today, the WBO has grown to 3,500 member companies, with 25 chapters in 11 countries, protecting all sectors of the international supply chain, including exporters, importers, customs brokers, highway carriers, warehouse operators, logistics providers, and terminal operators. Considering that a typical BASC company has an average of 5 business partners, almost 20,000 companies in Latin America, Mexico and the Caribbean are committed to international supply chain security standards, with almost 3 million workers and their families similarly sensitized to the threats of narcotics, contraband and illicit commerce. Over 60% of the BASC companies are small to medium size enterprises, proving that having the resources of a large company is not a perquisite for a successful supply chain security program.
BASC is also the leading private sector organization in the Americas driving the adoption of supply chain security practices and standards, playing a major role in helping protect the U.S. border and international supply chain by maintaining the safety and security of shipments destined to the U.S. from traditionally high-risk regions. BASC standards and audit process were harmonized in 2008 with CTPAT security criteria and validations. This was done to ensure that CTPAT companies with overseas BASC business partners could count on knowing that a BASC certification was based on the same security criteria as those of CTPAT. A BASC certification requires a company to implement a comprehensive management security system, focusing on two pillars: (a) integrity, ethics and reputation; and (b) physical and procedural controls over the operations and business partners, throughout its supply chain.
The BASC management system also requires the implementation of the BASC security Norms and Standards. Most importantly, the BASC certification requires a mandatory annual audit conducted by BASC certified auditors, assuring that a BASC certification reflects current compliance with the BASC Norm and Standards. In order to become BASC certified, a prospective company not only has to undergo an intensive audit by certified BASC auditors, but must also first undergo a thorough vetting process, including an investigation of the integrity, ethics and reputation of its owners and principals. BASC is a founding member of the World Customs Organization’s (WCO) Private Sector Consultative Group (PSCG). Through this membership, BASC is able to take the concerns of business and customs administrations in the Americas directly to the WCO senior management in Brussels.
BASC is also a standing member of the trade facilitation committees in Colombia and the Dominican Republic, which were established to advise trade ministers and customs administrations on the implementation of the Trade Facilitation Agreement (TFA). BASC has mutual cooperation agreements with customs administrations, NGOs, and international organizations throughout the world, including the World Customs Organization, the International Chamber of Commerce, and the United Nations (UNODC)
Training Videos
- CTPAT MSC Cybersecurity - User Authentication Links
- CTPAT MSC Cybersecurity - Social Engineering
- CTPAT Container Inspection Video
Growing partnership
From its inception in November 2001, CTPAT continued to grow. Today, more than 11,400 certified partners spanning the gamut of the trade community, have been accepted into the program. The partners include U.S. importers/exporters, U.S./Canada highway carriers; U.S./Mexico highway carriers; rail and sea carriers; licensed U.S. Customs brokers; U.S. marine port authority/terminal operators; U.S. freight consolidators; ocean transportation intermediaries and non‐operating common carriers; Mexican and Canadian manufacturers; and Mexican long‐haul carriers, all of whom account for over 52 percent (by value) of cargo imported into the U.S.
How CTPAT works
When an entity joins CTPAT, an agreement is made to work with CBP to protect the supply chain, identify security gaps, and implement specific security measures and best practices. Applicants must address a broad range of security topics and present security profiles that list action plans to align security throughout the supply chain.
CTPAT members are considered to be of low risk, and are therefore less likely to be examined at a U.S. port of entry.
Benefits
CTPAT Partners enjoy a variety of benefits, including taking an active role in working closer with the U.S. Government in its war against terrorism. As they do this, Partners are able to better identify their own security vulnerabilities and take corrective actions to mitigate risks. Some of the benefits of the program include:
- Reduced number of CBP examinations
- Front of the line inspections
- Possible exemption from Stratified Exams
- Shorter wait times at the border
- Assignment of a Supply Chain Security Specialist to the company
- Access to the Free and Secure Trade (FAST) Lanes at the land borders
- Access to the CTPAT web-based Portal system and a library of training materials
- Possibility of enjoying additional benefits by being recognized as a trusted trade Partner by foreign Customs administrations that have signed Mutual Recognition with the United States
- Eligibility for other U.S. Government pilot programs, such as the Food and Drug Administration’s Secure Supply Chain program
- Business resumption priority following a natural disaster or terrorist attack
- Importer eligibility to participate in the Importer Self-Assessment Program (ISA)
- Priority consideration at CBP’s industry-focused Centers of Excellence and Expertise
Partnership
Participation in CTPAT is voluntary and there are no costs associated with joining the program. Moreover, a company does not need an intermediary in order to apply to the program and work with CBP; the application process is easy and it is done online. The first step is for the company to review the CTPAT Minimum Security Criteria for their business entity to determine eligibility for the program. The second step is for the company to submit a basic application via the CTPAT Portal system and to agree to voluntarily participate. The third step is for the company to complete a supply chain security profile. The security profile explains how the company is meeting CTPAT’s minimum security criteria. In order to do this, the company should have already conducted a risk assessment. Upon satisfactory completion of the application and supply chain security profile, the applicant company is assigned a CTPAT Supply Chain Security Specialist to review the submitted materials and to provide program guidance on an on-going basis. The CTPAT program will then have up to 90 days to certify the company into the program or to reject the application. If certified, the company will be validated within a year of certification.
If you have CTPAT issues or questions, please contact your Supply Chain Security Specialist or one of the six
CTPAT Field Offices by email at:
- Buffalo, New York [email protected]
- Houston, Texas [email protected]
- Los Angeles, California [email protected]
- Miami, Florida [email protected]
- New York, New York [email protected]
- Newark, New Jersey [email protected]