CUSTOMS TRADE PARTNERSHIP AGAINST TERRORISM ( C-TPAT )
Step 1. Prepare a
C-TPAT Supply Chain Security Profile Importers are required to
complete and submit to CBP a Supply Chain Security Profile that addresses each
item in the C-TPAT Security Criteria for Importers. The security profile should
summarize the importer's commitment to ensuring adherence to the following
C-TPAT security criteria for importers:
U,S. CUSTOMS REQUIREMENTS
Step 2. Submission of your application
C-TPAT Security Criteria for Importers
Importers must conduct a comprehensive assessment of their international supply
chains based upon the following C-TPAT security criteria. Where an importer out
sources or contracts elements of their supply chain, such as a foreign
facility, conveyance, domestic warehouse, or other elements, the importer must
work with these business partners to ensure that pertinent security measures
are in place and adhered to throughout their supply chain. The supply chain for
C-TPAT purposes is defined from point of origin (manufacturer/supplier/vendor)
through to point of distribution and recognizes the diverse business models
C-TPAT members employ.
>C-TPAT recognizes the complexity of international supply chains and endorses
the application and implementation of security measures based upon risk
analysis. Therefore, the program allows for flexibility and the customization
of security plans based on the member's business model.
Appropriate security measures, as listed throughout this document, must be
implemented and maintained throughout the importer's supply chains, based on
Business Partner Requirements
Importers must have written and verifiable processes for the selection of
business partners including manufacturers, product suppliers and vendors.
For those business partners eligible for C-TPAT certification (carriers, U.S.
ports, terminals, brokers, consolidators, etc.) the importer must have
documentation (e.g., C-TPAT certificate, SVI number, etc.) indicating whether
these business partners are or are not C-TPAT certified.
For those business partners not eligible for C-TPAT certification, importers
must require business partners to demonstrate that they are meeting C-TPAT
security criteria via written/electronic confirmation (e.g., contractual
obligations via a letter from a senior business partner officer attesting to
compliance; a written statement from the business partner demonstrating their
compliance with C-TPAT security criteria or an equivalent WCO accredited
security program administered by a foreign customs authority; or by providing a
completed importer security questionnaire).Based upon a documented risk
assessment process, non-C-TPAT eligible business partners must be subject to
verification of compliance with C-TPAT security criteria by the importer.
Point of Origin
Importers must ensure business partners develop security processes and
procedures consistent with the C-TPAT security criteria to enhance the
integrity of the shipment at point of origin. Periodic reviews of business
partners' processes and facilities should be conducted based on risk, and
should maintain the security standards required by the importer.
Participation / Certification in Foreign Customs
Administrations Supply Chain Security Programs
Current or prospective business partners who have obtained a certification in a
supply chain security program being administered by foreign Customs
administration should be required to indicate their status of participation to
Other internal criteria for selection
Internal requirements, such as financial soundness, capability of meeting
contractual security requirements, and the ability to identify and correct
security deficiencies as needed, should be addressed by the importer. Internal
requirements should be assessed against a risk-based process as determined by
an internal management team.
Container integrity must be maintained to protect against the introduction of
unauthorized material and/or persons. At point of stuffing, procedures must be
in place to properly seal and maintain the integrity of the shipping
containers. A high security seal must be affixed to all loaded containers bound
for the United States. All seals must meet or exceed the current PAS ISO 17712
standards for high security seals.
Procedures must be in place to verify the physical integrity of the container
structure prior to stuffing, to include the reliability of the locking
mechanisms of the doors. A 7-point inspection process is recommended for all
Written procedures must stipulate how seals are to be controlled and affixed to
loaded containers - to include procedures for recognizing and reporting
compromised seals and/or containers to U.S. Customs and Border Protection or
the appropriate foreign authority. Only designated employees should distribute
container seals for integrity purposes.
Containers must be stored in a secure area to prevent unauthorized access
and/or manipulation. Procedures must be in place for reporting and neutralizing
unauthorized entry into containers or container storage areas.
Physical Access Controls
Access controls prevent unauthorized entry to facilities, maintain control of
employees and visitors, and protect company assets. Access controls must
include the positive identification of all employees, visitors, and vendors at
all points of entry.
An employee identification system must be in place for positive identification
and access control purposes. Employees should only be given access to those
secure areas needed for the performance of their duties. Company management or
security personnel must adequately control the issuance and removal of
employee, visitor and vendor identification badges. Procedures for the
issuance, removal and changing of access devices (e.g. keys, key cards, etc.)
must be documented.
Visitors must present photo identification for documentation purposes upon
arrival. All visitors should be escorted and visibly display temporary
Deliveries (including mail)
Proper vendor identification (ID) and/or photo identification must be presented
for documentation purposes upon arrival by all vendors. Arriving packages and
mail should be periodically screened before being disseminated.
Challenging and Removing Unauthorized Persons
Procedures must be in place to identify, challenge and address
Processes must be in place to screen prospective employees and to periodically
check current employees.
Application information, such as employment history and references must be
verified prior to employment.
Background checks / investigations
Consistent with foreign, federal, state, and local regulations, background
checks and investigations should be conducted for prospective employees. Once
employed, periodic checks and reinvestigations should be performed based on
cause, and/or the sensitivity of the employee's position.
Personnel Termination Procedures
Companies must have procedures in place to remove identification, facility, and
system access for terminated employees.
Security measures must be in place to ensure the integrity and security of
processes relevant to the transportation, handling, and storage of cargo in the
Procedures must be in place to ensure that all information used in the clearing
of merchandise/cargo, is legible, complete, accurate, and protected against the
exchange, loss or introduction of erroneous information. Documentation control
must include safeguarding computer access and information.
To help ensure the integrity of cargo received from abroad, procedures must be
in place to ensure that information received from business partners is reported
accurately and timely.
Shipping & Receiving
Arriving cargo should be reconciled against information on the cargo manifest.
The cargo should be accurately described, and the weights, labels, marks and
piece count indicated and verified. Departing cargo should be verified against
purchase or delivery orders. Drivers delivering or receiving cargo must be
positively identified before cargo is received or released.
All shortages, overages, and other significant discrepancies or anomalies must
be resolved and/or investigated appropriately. CBP and/or other appropriate law
enforcement agencies must be notified if illegal or suspicious activities are
detected, as appropriate.
Security Training and Threat Awareness
A threat awareness program should be established and maintained by security
personnel to recognize and foster awareness of the threat posed by terrorists
at each point in the supply chain. Employees must be made aware of the
procedures the company has in place to address a situation and how to report
it. Additional training should be provided to employees in the shipping and
receiving areas, as well as those receiving and opening mail.
Additionally, specific training should be offered to assist employees in
maintaining cargo integrity, recognizing internal conspiracies, and protecting
access controls. These programs should offer incentives for active employee
Cargo handling and storage facilities in domestic and foreign locations must
have physical barriers and deterrents that guard against unauthorized access.
Importers should incorporate the following C-TPAT physical security criteria
throughout their supply chains as applicable.
Perimeter fencing should enclose the areas around cargo handling and storage
facilities. Interior fencing within a cargo handling structure should be used
to segregate domestic, international, high value, and hazardous cargo. All
fencing must be regularly inspected for integrity and damage.
Gates and Gate Houses
Gates through which vehicles and/or personnel enter or exit must be manned
and/or monitored. The number of gates should be kept to the minimum necessary
for proper access and safety.
Private passenger vehicles should be prohibited from parking in or adjacent to
cargo handling and storage areas.
Buildings must be constructed of materials that resist unlawful entry. The
integrity of structures must be maintained by periodic inspection and repair.
Locking Devices and Key Controls
All external and internal windows, gates and fences must be secured with
locking devices. Management or security personnel must control the issuance of
all locks and keys.
Adequate lighting must be provided inside and outside the facility including
the following areas: entrances and exits, cargo handling and storage areas,
fence lines and parking areas.
Alarms Systems & Video Surveillance Cameras
Alarm systems and video surveillance cameras should be utilized to monitor
premises and prevent unauthorized access to cargo handling and storage areas.
Information Technology Security - Password Protection
Automated systems must use individually assigned accounts that require a
periodic change of password. Information technology (IT) security policies,
procedures and standards must be in place and provided to employees in the form
Information Technology Security - Accountability
A system must be in place to identify the abuse of information technology (IT)
including improper access, tampering or the altering of business data. All
system violators must be subject to appropriate disciplinary actions for abuse.
Back to CUSTOMS TRADE PARTNERSHIP AGAINST TERRORISM ( C-TPAT
Submit your C-TPAT application and other required supplemental information via
the C-TPAT Online Application submission process, located at the application
web link provided. We help you with this process!
or go to our Feedback Form.