US flag Official website of the Department of Homeland Security

CTPAT MSC Announcements



April 28, 2020

Dear CTPAT member:

As you are aware, CTPAT’s new Minimum Security Criteria (MSC) was finalized and published in May of last year. Following several major maritime security incidents in 2019, however, and at the direction of the CBP senior leadership, CTPAT developed two additional criteria requirements that apply to its entire membership – having a Code of Conduct in place and for Members to conduct their own internal analysis of a security incident as soon as the CTPAT Member is aware of the incident.

These two new criteria were included in the January 2020 version of the MSC that was shared with the membership via the CTPAT Portal –the MSC Guides. After further consulting with the trade community, CTPAT recently arrived at updated versions of these two new requirements:

1. Procedural Security – Initiate a post incident analysis as soon as feasible – Criteria 7.37

Criteria: Following a significant security incident, Members must initiate a post-incident analysis immediately after becoming aware of the incident and in order to determine where the supply chain may have been compromised. This analysis must not impede/interfere with any known investigations conducted by a government law enforcement agency. The company’s post-incident analysis findings must be documented, completed as soon as feasibly possible, and, if allowed by law enforcement authorities, made available to the SCSS upon request.

Implementation Guidance: A security incident is a breach in which security measures have been circumvented, eluded, or violated, and have resulted or will result in a criminal act. Security incidents include acts of terrorism, smuggling (narcotics, human, etc.), and the presence of stowaways.

2. Personnel Security – Employee Code of Conduct – Criteria 11.5

Criteria: CTPAT Members must have an Employee Code of Conduct that includes expectations and defines acceptable behaviors. Penalties and disciplinary procedures must be included in the Code of Conduct. Employees/contractors must acknowledge that they have read and understood the Code of Conduct by signing it, and this acknowledgement must be kept in the employee’s file for documentation.

Implementation Guidance: A Code of Conduct helps protect your business and informs employees of expectations. Its purpose is to develop and maintain a standard of conduct that is acceptable to the company. It helps companies develop a professional image and establish a strong ethical culture. Even a small company needs to have a Code of Conduct; however, it does not need to be elaborate in design or contain complex information.

The updated version of the criteria is dated March 2020. All 12 Guides –one for each entity eligible for CTPAT membership – have been uploaded to the CTPAT Website. Please ensure that these are the versions that your company follows moving forward. All previous versions should be discarded. Please note that for our sea carrier Members, the criteria underwent additional changes. The program worked with some of the key maritime associations such as the World Shipping Council and BIMCO, to arrive at the updated sea carrier criteria, and they have in turn shared the new criteria with the membership.

Updated versions of the MSC Booklets –also dated March 2020, will be uploaded in the near future – once the program has received the all clear from our Office of Public Affairs. 

Thank you for your patience and your understanding as we make CTPAT more viable than ever. Please contact your assigned Supply Chain Security Specialist should you have any questions.



JANUARY 22, 2020

Dear CTPAT members:

As you are aware, CTPAT’s new Minimum Security Criteria (MSC) goes into effect Jan. 1, 2020. All members of the CTPAT program need to document compliance with the program’s new MSC by updating their respective security profile in the CTPAT portal.

Please note, however, that the security profile section of the portal will be frozen from March to June in order to allow the IT personnel to upgrade the security profile questions in the portal to reflect the new MSC. We expect the Portal’s new security profile to be ready by June 1, 2020.

Given the necessary IT work that is taking place, the time and type of security profile that a member will need complete (current vs. new security profile), will depend on when your security profile is due.

Please follow the following guidelines:

  1. If your security profile is due in January or February of 2020 – Please ensure completion/submission of your security profile in the portal by the due date. These members will not have to answer the new security profile questions until January or February of 2021. They also will not need to answer the new security profile questions in June of 2020. They will, however, have to answer the new security profile questions in January or February of 2021 –when their security profiles are once again due. Put it simply, for those members whose security profiles are due in January or February, it is business as usual during 2020.
  2. If your security profile is due during the months of March, April or May – You will ignore the due date and complete/submit the security profile after June 1, 2020, when the new security profile in the portal is ready. These members will need to answer the new security profile questions.
  3. If your security profile is due after June 2020 – You will need to update your security profile on its regular schedule. Since we expect the Portal’s new security profile to be ready by June 1, 2020, you will need to answer the new security profile questions in the portal.

The program put together Excel-based spreadsheets with the security profile questions to facilitate your eventual submission of your security profile. These spreadsheets were first uploaded to the portal’s Public Library on Dec. 20, 2019. On January 21, 2020, these worksheets were replaced with new versions. The new versions have an MSC ID Number column which we hope will make it easier for Members to clearly identify the security profile question with its corresponding MSC ID Number. You may use these documents to familiarize yourselves with the new security profile questions and prepare your company for the updated security profile.

It is not mandatory to answer the questions on the Excel spreadsheets; there is also no need to upload a completed Excel spreadsheet to your portal page. The Excel sheets are there simply to give you a preview of the future security profile questions to be released on June 1, 2020. As you look at these spreadsheets, please be aware that a single MSC criterion may generate more than one question in the security profile.

Important to emphasize that all CTPAT members are now expected to comply with the new MSC regardless of when their security profile is due.

You will continue to receive updated correspondence as it becomes available. Please contact your assigned SCSS with any questions. Thank you.


Last modified: 
April 28, 2020