An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

CTPAT Validation Process

The Customs Trade Partnership Against Terrorism (CTPAT) program is U.S. Customs and Border Protection’s (CBP) premier trade security program. The purpose of CTPAT is to partner with the trade community for the purpose of securing the U.S. and international supply chains from possible intrusion by terrorist organizations. CTPAT requires the trade company participant to document and validate their supply chain security procedures in relation to existing CBP CTPAT criteria or guidelines as applicable. CBP requires that CTPAT company participants develop an internal validation process to ensure the existence of security measures documented in their Supply Chain Security Profile and in any supplemental information provided to CBP. As a part of the CTPAT process, CBP CTPAT Supply Chain Security Specialists (SCSS) and the CTPAT participant will jointly conduct a validation of the company’s supply chain security procedures. The validation process is essential to verifying the company’s commitment to CTPAT.

Objective

The purpose of the validation is to ensure that the CTPAT participant’s international supply chain security measures contained in the CTPAT participant’s security profile have been implemented and are being followed in accordance with established CTPAT criteria or guidelines. The validation team evaluates the status and effectiveness of key security measures in the participant’s profile to make recommendations and recognize best practices where appropriate.

Validation Principles

The guiding principle of the CTPAT program is enhancing and ensuring supply chain security though a government-industry partnership. The CTPAT program is voluntary and designed to share information that will protect the supply chain from being compromised by terrorists and terrorist organizations. The validation process will enable CBP and the CTPAT participant to jointly review the participant’s CTPAT security profile to ensure that security actions in the profile are being effectively executed. Throughout the process there will also be the opportunity to discuss security issues and to share “best practices” with the ultimate goal of securing the international supply chain.

CTPAT validations are not audits. In addition, they will be focused, concise, and will last not longer than ten working days.

Based on the participant’s CTPAT security profile and the recommendations of the validation team, Headquarters will also oversee the specific security elements to be validated.

Conducting a Validation

Validation Selection Process

To ensure accuracy, the security profiles of CTPAT participants will be validated. The CTPAT participant’s security profile will be selected for validation based on the company’s import supply chain risk. Validations may be initiated based on many factors including: security related anomalies, strategic threat posed by geographic regions, other risk related information, or strategic import volume. Unannounced validations will not be conducted. CTPAT participants will be given approximately thirty days advance written notice along with a request for any supporting documentation that is needed.

Validation Teams

A validation team consisting of CTPAT SCSS and a representative(s) of the CTPAT participant will conduct the CTPAT validation visits.

SCSS on a validation team is composed of trained CBP specialists knowledgeable in international supply chain security matters. SCSS receive supply chain security training to assist them in working with industry representatives to promote effective supply chain security programs.

Generally, the lead SCSS performing the validation will be the company’s assigned CTPAT representative responsible for the reviewing and assessing the company’s security profile and other accessible information to determine the scope of the validation. This will help ensure that the validation is effective, focused, and limited in duration.

Validation Procedures

The SCSS validation team leader will provide the company with a written notification of the scheduled validation. The notice will be issued at least thirty days prior to the start of the validation and will include a request for supporting documentation or materials, if any. The validation team leader will also contact the CTPAT participant to establish a single point of contact at the corporate level.

Prior to the commencement of the validation, the CTPAT SCSS team will review the participant’s CTPAT security profile, any supplemental information received from the company, and any CBP headquarters instructions, to determine the intended scope of the validation.

In preparation for the validation, the validation team may also consider specific CTPAT security criteria and guidelines. The security criteria and guidelines are used to determine the sufficiency of specific aspects of a participant’s CTPAT security profile. It is understood that the criteria and guidelines are not inclusive with respect to effective security practices.

Validation Venue

Under normal circumstances, the validation will begin with a briefing of CTPAT participant company officials via phone or at the company’s primary U.S. office location. The validation team will discuss the participant’s role in the CTPAT program. The validation team will also focus on the scope of the validation including validation visit locations throughout the companies international supply chain. If additional information is required to validate a portion of a CTPAT participant’s supply chain, the validation team will coordinate the required request with the company officials.

Validation Visit

A validation visit is a detailed review of the participant’s import supply chain security procedures to determine if sufficient security procedures are in place to meet current CTPAT guidelines or criteria. The specific sites of the validation visits will be determined based on the CTPAT SCSS validation risk analysis and coordinated with the CTPAT participant representative. A validation may require multiple visits at foreign locations. The visits are usually performed in no more than a day per visit location.

Validation Report

Validation visit findings are documented in a Validation report and forwarded to the CTPAT participant. The report findings will identify supply chain security recommendations or best practices. If significant supply chain security weaknesses or recommendations are found, a participant’s CTPAT benefits may be suspended or removed depending on the circumstances. If a company has their CTPAT benefits suspended, CTPAT will recommend that the company implement an action plan containing corrective actions to address specific supply chain security weaknesses.

Last Modified: Jul 01, 2020