What is C-TAPT?
C-TAPT, the Customs-Trade Partnership Against Terrorism (See: http://www.cbp.gov/border-security/ports-entry/cargo-security/c-tpat-customs-trade-partnership-against-terrorism ) is the U S Customs & Border Protection Bureau’s “voluntary” program for international inbound (to the United States) supply chain security program. Regarding the voluntary nature of the program, you might want to review the considered remarks of my colleague, Peter Quinter, quoted in the January 28th, 2014 edition of Forbes Magazine http://www.forbes.com/sites/robertbowman/2014/01/28/10-predictions-for-u-s-customs-and-border-protection-in-2014/.
Given the unrest in the world and the need for government to do more with less, in spite of slight increases in funding (not commensurate with the increases in trade volumes by any means), a prudent US importer very well may wish to embark on the journey of participating in this program, not only for the profile US Customs will hold of said importer, but for its own supply chain security’s sake.
The program is designed to have US Importers lock down the movement of their international inbound cargo such that breaches in security are minimized, in efforts to stop or prevent dangers to the US both big and small, like… adulterated products inadvertently getting to US markets; illegal immigrants entering in compromised containers and being smuggled in to the country; or, possibly the worst scenario, unmanifested weapons. The idea, as another colleague, Pete Mento, says, is to stop the bullet coming at us before it leaves the (foreign origin) barrel.
C-TPAT had its origins in a post-9/11 landscape, when U S Customs, after being an agency of the Treasury since 1789 was re-organized under the newly formed Department of Homeland Security (DHS). In that nervous time, the government thought long and hard on how to get participation from the importing community and thus the C-TPAT program was born in 2001 – 2002. As of 2010, it has enjoyed a limited adoption rate by US Importers but tangible and non-tangible benefits abound. If you are C-TPAT certified, read below to make sure you have what you need to support your program if being validated. If not yet a member, please consider joining. While there are costs to implementing and administering the program, keeping America safe is, how do they say it?
Understanding the Specifics of C-TPAT
If you are already a certified C-TPAT US Importer, you will have your C-TPAT “Certificate” issued by US Customs. Frame it and display it proudly. Add the C-TPAT logo to your stationery to tell all your business partners that you are taking global supply chain security seriously and are doing your part to keep us all safe
But to have become certified, you would have had to prove that you merit the designation. If you’re not, there are things to be done and Customs will work with you to help get you from your current state to an adequate state of supply chain security.
These steps entail ensuring security measures across many areas of your enterprise, including but not necessarily limited to: (see also: http://www.cbp.gov/linkhandler/cgov/trade/cargo_security/ctpat/ctpat_program_information/ctpat_strat_plan.ctt/ctpat_strat_plan.pdf ) and http://www.cbp.gov/linkhandler/cgov/trade/cargo_security/ctpat/ctpat_application_material/ctpat_security_guidelines/importers/importer_security_criteria.ctt/importer_security_criteria.pdf
- Personnel – background checks across the arc of your supply chain. This is consistent with US Export Control (US Title 15 & 22 of the Code of Federal Regulations) requirements which can be leveraged.
- Business Partners like Suppliers, Vendors, of parts and services, Agents (forwarders/brokers), etc. Ditto on the Export Control piece.
- Carriers – all major carriers are now US C-TPAT certified to help support you. They want to be secure too.
- Technology and Access to Info – lock-down on computers, smart phones, servers, wireless communications, etc. This is typically consistent with other internal controls to protect proprietary information.
- Physical Access Restrictions – fencing, gates, card-swipe for approved folks, container security measures such as approved seals with chain of custody procedures. Keep your cargo secure from the time it is identified as moving towards you until it arrives and is accounted for in your facility.
What Documentation Do I Need to be C-TPAT Compliant?
For each measure, it’s not good enough to do the work and have the procedures in place, but, as always with any regulatory program: if there is no documentary evidence, from the government’s perspective, it didn’t happen. Sooooo…
For Personnel – have contract with any employment agencies that include background screenings, not only the usual, but the Export Control DPL/RPL checks as well. For your own screenings, perform the usual (DMV, FBI, etc.) plus the export control screenings. If these are done in a bolt-on (to your ERP system), find a way to prove that the screening was done and keep that proof for the statutory period, generally five years. Remember to screen visitors as well.
For Business Partners — review/screen your Customer Database, your Vendor/Supplier Database, transactional partners, service providers, etc., the same process and record retention. It’s primary and essential that your foreign suppliers complete and submit their C-TPAT questionnaire to you and that you identify any weaknesses, have an improvement plan, and retain all such documents.
For Carriers — seek and retain *their* C-TPAT certification, even if it’s available upon request or on their marketing information. Showing due diligence by retaining your own files is important at the time of validation to retain your C-TPAT status.
For IT and Technology Access — you can point your C-TPAT Manual/Standard Operating procedures to your standard IT/technology controls alongside any Technology Control Plan(s) (“TCPs”) you may have for Export Control purposes. Keep all documents, including a wide-aisle tour Plan to avoid the sharing of controlled technology with unauthorized individuals. But always keep proof of internal audits and reviews that assure your procedures are not only in place but being followed.
For Physical Access — keep the card swipe records with or accessible by your C-TPAT records; keep photos of physical security and barriers, copies of truck drivers’ licenses, videos of validation of those granted access to your facilities, visitor procedures (see above also – that includes screenings and only wide-aisle tour plans). Keep the records proving that seals placed on sealed containers at origin are one and the same as those received with no loss of integrity…and so on.
- First – THINK – How would someone contaminate my supply chain?
- Next – THINK – What am I doing to prevent it?
- Last – THINK – What proof do I have that I’ve identified the risks in my supply chain, addressed them and can show with tangible evidence that it’s been done? Remember, if there isn’t any documentary evidence, “it didn’t happen”! And remember the statute of limitations – keep those documents for at least five years. Thanks for helping keep us all safe!