C-TPAT Validation Process
The Customs-Trade Partnership Against Terrorism (C-TPAT) program is U.S. Customs and Border Protection’s (CBP) premier trade security program. The purpose of C-TPAT is to partner with the trade community for the purpose of securing the U.S. and international supply chains from possible intrusion by terrorist organizations. C-TPAT requires the trade company participant to document and validate their supply chain security procedures in relation to existing CBP C-TPAT criteria or guidelines as applicable. CBP requires that C-TPAT company participants develop an internal validation process to ensure the existence of security measures documented in their Supply Chain Security Profile and in any supplemental information provided to CBP. As a part of the C-TPAT process, CBP C-TPAT Supply Chain Security Specialists (SCSS) and the C-TPAT participant will jointly conduct a validation of the company’s supply chain security procedures. The validation process is essential to verifying the company’s commitment to C-TPAT.
The purpose of the validation is to ensure that the C-TPAT participant’s international supply chain security measures contained in the C-TPAT participant’s security profile have been implemented and are being followed in accordance with established C-TPAT criteria or guidelines. The validation team evaluates the status and effectiveness of key security measures in the participant’s profile to make recommendations and recognize best practices where appropriate.
The guiding principle of the C-TPAT program is enhancing and ensuring supply chain security though a government-industry partnership. The C-TPAT program is voluntary and designed to share information that will protect the supply chain from being compromised by terrorists and terrorist organizations. The validation process will enable CBP and the C-TPAT participant to jointly review the participant’s C-TPAT security profile to ensure that security actions in the profile are being effectively executed. Throughout the process there will also be the opportunity to discuss security issues and to share “best practices” with the ultimate goal of securing the international supply chain.
C-TPAT validations are not audits. In addition, they will be focused, concise, and will last not longer than ten working days.
Based on the participant’s C-TPAT security profile and the recommendations of the validation team, Headquarters will also oversee the specific security elements to be validated.
Conducting a Validation
Validation Selection Process
To ensure accuracy, the security profiles of C-TPAT participants will be validated. The C-TPAT participant’s security profile will be selected for validation based on the company’s import supply chain risk. Validations may be initiated based on many factors including: security related anomalies, strategic threat posed by geographic regions, other risk related information, or strategic import volume. Unannounced validations will not be conducted. C-TPAT participants will be given approximately thirty days advance written notice along with a request for any supporting documentation that is needed.
A validation team consisting of C-TPAT SCSS and a representative(s) of the C-TPAT participant will conduct the C-TPAT validation visits.
SCSS on a validation team is composed of trained CBP specialists knowledgeable in international supply chain security matters. SCSS receive supply chain security training to assist them in working with industry representatives to promote effective supply chain security programs.
Generally, the lead SCSS performing the validation will be the company’s assigned C-TPAT representative responsible for the reviewing and assessing the company’s security profile and other accessible information to determine the scope of the validation. This will help ensure that the validation is effective, focused, and limited in duration.
The SCSS validation team leader will provide the company with a written notification of the scheduled validation. The notice will be issued at least thirty days prior to the start of the validation and will include a request for supporting documentation or materials, if any. The validation team leader will also contact the C-TPAT participant to establish a single point of contact at the corporate level.
Prior to the commencement of the validation, the C-TPAT SCSS team will review the participant’s C-TPAT security profile, any supplemental information received from the company, and any CBP headquarters instructions, to determine the intended scope of the validation.
In preparation for the validation, the validation team may also consider specific C-TPAT security criteria and guidelines. The security criteria and guidelines are used to determine the sufficiency of specific aspects of a participant’s C-TPAT security profile. It is understood that the criteria and guidelines are not inclusive with respect to effective security practices.
Under normal circumstances, the validation will begin with a briefing of C-TPAT participant company officials via phone or at the company’s primary U.S. office location. The validation team will discuss the participant’s role in the C-TPAT program. The validation team will also focus on the scope of the validation including validation visit locations throughout the companies international supply chain. If additional information is required to validate a portion of a CTPAT participant’s supply chain, the validation team will coordinate the required request with the company officials.
A validation visit is a detailed review of the participant’s import supply chain security procedures to determine if sufficient security procedures are in place to meet current C-TPAT guidelines or criteria. The specific sites of the validation visits will be determined based on the C-TPAT SCSS validation risk analysis and coordinated with the C-TPAT participant representative. A validation may require multiple visits at foreign locations. The visits are usually performed in no more than a day per visit location.
Validation visit findings are documented in a Validation report and forwarded to the C-TPAT participant. The report findings will identify supply chain security recommendations or best practices. If significant supply chain security weaknesses or recommendations are found, a participant’s C-TPAT benefits may be suspended or removed depending on the circumstances. If a company has their C-TPAT benefits suspended, C-TPAT will recommend that the company implement an action plan containing corrective actions to address specific supply chain security weaknesses.