Instructions on How to Update Your Security Profile
June 1, 2020
Dear CTPAT Member,
All partners are aware that CTPAT implemented the new Minimum Security Criteria (MSC) in 2020. The CTPAT security profile was taken offline for several months in order to update the security profile with the new MSC. The security profile is now back online and open for new submissions. Per the CTPAT partnership agreement, partners must complete and submit an updated security profile once a year. The CTPAT anniversary date is used as the security profile due date. The anniversary date is located on the main login screen once you log into your CTPAT account. All security profile questions were uploaded to the Public Library several months ago in order for each company to prepare for this transition. In addition, each company has a security profile PDF document in the Partner Document Exchange section of the portal for easy reference to the last profile that was completed.
Below are instructions on how to proceed according to your anniversary date:
Security Profile Anniversary date:
- January/February 2020:
- If your security profile was submitted and approved during January or February of 2020 you are in compliance and your next security profile update is due in 2021 by your anniversary date.
- March/April/May 2020:
- If your security profile was due during the months of March, April or May, you must now log in and complete the security profile and submit for approval. Your previous security profile information is uploaded in a PDF format in the Partner Document Exchange. In addition, all of the security profile questions are in the Public Library section of the portal for reference. If you have questions or need assistance, please reach out to your assigned SCSS.
- June through December 2020:
- If your security profile is due during the months of June through December, please keep with your anniversary date for submission. The security profile opens for updates 90 days before your anniversary date. This is when you will complete the security profile. Please ensure the security profile is completed and submitted before the anniversary date in order to be in compliance with the CTPAT partner agreement and to prevent suspension from the CTPAT program. Your previous security profile information is uploaded in a PDF format in the Partner Document Exchange. In addition, all of the security profile questions are in the Public Library section of the portal for reference. If you have questions or need assistance, please reach out to your assigned SCSS.
**Please note that CTPAT remains open and all SCSSs are working during this pandemic. CTPAT fully understands that each company is handling their operations differently during this difficult time. If you are unable to complete the security profile by the anniversary date and need an extension, please contact your assigned SCSS. CTPAT has and will continue to support each partner and provide guidance and accommodations where it is necessary.**
Final Version of the Minimum Security Criteria
April 28, 2020
Dear CTPAT member:
As you are aware, CTPAT’s new Minimum Security Criteria (MSC) was finalized and published in May of last year. Following several major maritime security incidents in 2019, however, and at the direction of the CBP senior leadership, CTPAT developed two additional criteria requirements that apply to its entire membership – having a Code of Conduct in place and for Members to conduct their own internal analysis of a security incident as soon as the CTPAT Member is aware of the incident.
These two new criteria were included in the January 2020 version of the MSC that was shared with the membership via the CTPAT Portal –the MSC Guides. After further consulting with the trade community, CTPAT recently arrived at updated versions of these two new requirements:
Procedural Security – Initiate a post incident analysis as soon as feasible – Criteria 7.37
Criteria: Following a significant security incident, Members must initiate a post-incident analysis immediately after becoming aware of the incident and in order to determine where the supply chain may have been compromised. This analysis must not impede/interfere with any known investigations conducted by a government law enforcement agency. The company’s post-incident analysis findings must be documented, completed as soon as feasibly possible, and, if allowed by law enforcement authorities, made available to the SCSS upon request.
Implementation Guidance: A security incident is a breach in which security measures have been circumvented, eluded, or violated, and have resulted or will result in a criminal act. Security incidents include acts of terrorism, smuggling (narcotics, human, etc.), and the presence of stowaways.
Personnel Security – Employee Code of Conduct – Criteria 11.5
Criteria: CTPAT Members must have an Employee Code of Conduct that includes expectations and defines acceptable behaviors. Penalties and disciplinary procedures must be included in the Code of Conduct. Employees/contractors must acknowledge that they have read and understood the Code of Conduct by signing it, and this acknowledgement must be kept in the employee’s file for documentation.
Implementation Guidance: A Code of Conduct helps protect your business and informs employees of expectations. Its purpose is to develop and maintain a standard of conduct that is acceptable to the company. It helps companies develop a professional image and establish a strong ethical culture. Even a small company needs to have a Code of Conduct; however, it does not need to be elaborate in design or contain complex information.
The updated version of the criteria is dated March 2020. All 12 Guides –one for each entity eligible for CTPAT membership – have been uploaded to the CTPAT Website. Please ensure that these are the versions that your company follows moving forward. All previous versions should be discarded. Please note that for our sea carrier Members, the criteria underwent additional changes. The program worked with some of the key maritime associations such as the World Shipping Council and BIMCO, to arrive at the updated sea carrier criteria, and they have in turn shared the new criteria with the membership.
Updated versions of the MSC Booklets –also dated March 2020, will be uploaded in the near future – once the program has received the all clear from our Office of Public Affairs.
Thank you for your patience and your understanding as we make CTPAT more viable than ever. Please contact your assigned Supply Chain Security Specialist should you have any questions.