C-TPAT

Table of Contents

Overview of C-TPAT
C-TPAT for Importers
C-TPAT for Sea Carriers
C-TPAT for Rail Carriers
C-TPAT for Highway Carriers
C-TPAT for Foreign Manufacturers
C-TPAT for Air Carriers
C-TPAT for Air Freight Consolidators
C-TPAT for Licensed Customs Brokers
C-TPAT for U.S. Marine or Port Terminals

(Affecting United States importers, carriers and international exporters to the U.S.)

What is C-TPAT?

The C-TPAT (Customs-Trade Partnership Against Terrorism) is a voluntary United States Customs and Border Protection (CBP) business initiative designed to build cooperative relationships that strengthen overall supply chain and border security.

The C-TPAT initiative recognizes that CBP can provide the highest level of security to the public and to other stakeholders only through close cooperation with the ultimate owners of the supply chain: importers, carriers, brokers, warehouse operators and manufacturers.

Through this initiative, Customs is asking businesses to ensure the integrity of their security practices and communicate their security guidelines to their business partners within the supply chain.

CBP's Vision for C-TPAT

CBP recognizes that a safe and secure supply chain is the most critical part of its work in keeping the U.S. safe. For this reason, CBP is seeking a strong anti-terrorism partnership with the trade community through C-TPAT. Trade partners will have a commitment to both trade security and trade compliance, which are rooted in the same business practices. CBP wants to work closely with companies whose good business practices ensure supply chain security and compliance with trade laws.

Who is Eligible for C-TPAT?

Currently, open enrollment for C-TPAT is available for the following business types related to the U.S. import supply chain cargo handling and movement:

• U.S. Importers of record
• U.S./Canada Highway Carriers
• U.S./Mexico Highway Carriers
• Rail Carriers
• Sea Carriers
• Air Carriers
• U.S. Marine Port Authority/Terminal Operators
• U.S. Air Freight Consolidators, Ocean Transportation Intermediaries and Non-Vessel Operating Common Carriers (NVOCC)
• Mexican manufacturers
• Certain Invited Foreign Manufacturers
• Licensed U.S. Customs Brokers

Utilizing risk management principles, C-TPAT seeks to enroll compliant low-risk companies who are directly responsible for importing, transporting, and coordinating commercial import cargo into the United States. The goal is to identify compliant trusted import traders who have good supply chain security procedures and controls to reduce screening of their imported cargo. In turn, this enables CBP to focus screening efforts on import cargo transactions involving unknown or high-risk import traders. CBP will be consulting with the trade community to develop the most effective approach for each sector to participate in C-TPAT.

The Application Process

Businesses must apply to participate in C-TPAT. Participants complete an online electronic application on www.cbp.gov that includes submission of corporate information, a supply chain security profile, and an acknowledgement of an agreement to voluntarily participate.

In completing the supply chain security profile, companies must conduct a comprehensive self-assessment of their supply chain security procedures using the C-TPAT security criteria or guidelines jointly developed by CBP and the trade community for their specific enrollment category. The criteria or guidelines, available for review in this section and on the CBP website, encompass the following areas:

• Business Partner Requirements,
• Procedural Security,
• Physical Security,
• Personnel Security,
• Education and Training,
• Access Controls,
• Manifest Procedures,
• Information Security, and
• Conveyance Security.

See C-TPAT Online Application Instructions on the pages that follow.

Upon satisfactory completion of the C-TPAT Online application and supply chain security profile, participants will be assigned a CBP C-TPAT Supply Chain Security Specialist (SCSS). A SCSS will contact the participant to begin the C-TPAT validation process.

The Benefits of Participation in C-TPAT

C-TPAT offers trade-related businesses an opportunity to play an active role in the war against terrorism. By participating in this first worldwide supply chain security initiative, companies will ensure a more secure and expeditious supply chain for their employees, suppliers and customers. Beyond these essential security benefits, CBP will offer benefits to certain certified C-TPAT member categories, including:

• A reduced number of CBP inspections (reduced border delay times).
• Priority processing for CBP inspections. (Front of the Line processing for inspections when possible.)
• Assignment of a C-TPAT Supply Chain Security Specialist (SCSS) who will work with the company to validate and enhance security throughout the company's international supply chain.
• Potential eligibility for CBP Importer Self-Assessment program (ISA) with an emphasis on self-policing, not CBP audits.
• Eligibility to attend C-TPAT supply chain security training seminars.

It is clear that security issues will play an ever more important role in international trade logistics. Today's voluntary programs may become mandatory programs in the future. Many companies recognize that participation in C-TPAT is part of a "best practices" approach to achieving leadership in their industry.

How the Partnership Works

• CBP C-TPAT account managers will contact participants to begin joint work on establishing or updating account action plans to reflect C-TPAT commitments.
• Action plans will track participants' progress in making security improvements, communicating C-TPAT criteria or guidelines to business partners, and establishing improved security relationships with other companies.
• Failure to meet C-TPAT commitments will result in suspension of C-TPAT benefits. Benefits will be reinstated upon correcting deficiencies in compliance and/or security.

CBP Expectations of Participants

CBP expects C-TPAT participants to make a real commitment toward the common goal of creating a more secure and efficient supply chain through partnership. CBP understands that it has entered a new era and requires the assistance of private industry to ensure increased vigilance throughout the supply chain. CBP recognizes that just as it protects the trade and U.S. borders, businesses must ensure that their brands, employees and customers are protected to the best of their abilities.

Confidentiality of Data

CBP has stated that all information on supply chain security submitted by companies applying for the C-TPAT program will be confidential. CBP will not disclose a company's participation in C-TPAT.

C-TPAT Costs of Participation

Firstly, C-TPAT participation is voluntary. Secondly, CBP recognizes that not all companies are in a position to meet C-TPAT minimum security criteria or guidelines.

All eligible companies that import into the U.S. or provide import cargo movement or handling services should assess their supply chain security procedures to determine if they can qualify. CBP intent is to not impose security requirements that will be cost prohibitive. For this reason, CBP has worked in concert with the trade community in developing security criteria and guidelines that reflect a realistic business perspective. Potential C-TPAT participants may find that they already have many of these guidelines in place.

That said, enhanced security and C-TPAT participation will cost money. Also, those firms that have historically had few or no security guidelines in place will find that there will be added costs of getting "up to speed" organizationally.

C-TPAT is also not intended to create any new 'liabilities' for companies beyond existing trade laws and regulations. However, joining C-TPAT will commit companies to follow through on actions specified in the signed agreement. These actions include self-assessing security systems, submitting security questionnaires, developing security enhancement plans, and communicating C-TPAT guidelines to companies in the supply chain. If a company fails to uphold its C-TPAT commitments, CBP would take action to suspend benefits or cancel participation.

Viability for Small- and Medium-Sized Companies

Initially, it was mostly large companies that rely heavily on international supply chains that applied and became active participants in the program.

CBP, however, encourages all companies to take an active role in promoting supply chain and border security. In that regard, C-TPAT is not just a big-company program. Medium and small companies should evaluate the requirements and benefits of C-TPAT carefully in deciding whether to apply for the program. Moreover, even without official participation in C-TPAT, companies should still consider employing C-TPAT guidelines in their security practices.

Must vs. Should

Note that C-TPAT Security Criteria and Security Guidelines use the words "must" and "should" a great deal. These words have specific, yet logical and intuitive meanings. "Must" means that it is a requirement. A business will not achieve program participation status unless the requirement is met. "Should" means that while the procedure is likely considered to be an industry "best practice" it is not necessarily a requirement for program participation. Businesses can anticipate, however, that over time, more "shoulds" will become "musts."

Recommendations vs. Guidelines vs. Criteria

The C-TPAT program has continued to evolve. When the program was first established, CBP issued what were called "Security Recommendations." These "Recommendations" evolved into "Security Guidelines."

In late October 2004, CBP, in discussion with the trade community, began drafting more clearly-defined, minimum-security criteria for businesses wishing to participate in the C-TPAT program. After months of dialogue, CBP developed minimum-security criteria designed to accomplish two important goals: first, to offer flexibility for accommodating the diverse business models represented within the international supply chain; and second, to achieve CBP's twin goals of security and facilitation.

"Security Criteria" are now the established minimum security requirements for participation in the C-TPAT program.

Security Criteria have been established for: Importers, Rail Carriers, Foreign Manufacturers, Highway Carriers and Sea Carriers.

For other groups, the "Security Guidelines" remain in effect.

Supply Chain Security Best Practices Catalog

On March 9, 2006, the U.S. Customs and Border Protection issued its long-awaited "Supply Chain Security Best Practices Catalog." This is a 56-page booklet that is organized based on C-TPAT Security Criteria. The best practices included in the catalog are those that have been identified through more than 1,400 validations and site visits by CBP C-TPAT Supply Chain Security Specialists (SCSS).

"Best Practices" are defined as:

1. Security measures that exceed the C-TPAT Security Criteria,

2. Incorporate management support,

3. Have written policies and practices that govern their use,

4. Employ a system of checks and balances, and

5. Have measures in place to ensure continuity.

The catalog is essentially a statement of what CBP considers to be practices that will meet or exceed its Security Criteria, and has therefore become very popular in the industry.

Available online at: www.cbp.gov/linkhandler/cgov/import/commercial_enforcement/ctpat/ctpat_b....

C-TPAT Security Link Portal

The C-TPAT Security Link Portal is a secure, full-service, Internet web portal that will allow qualifying C-TPAT participants to:

• Enter new applications.
• Instantly submit information updates and add new information.
• Maintain a "living" Supply Chain Security Profile that can be updated as needed and must be updated and re-certified on a yearly basis.
• Communicate directly with CBP C-TPAT and/or their designated C-TPAT Supply Chain Security Specialists using a secure system.
• Receive information directly from CBP to include cargo security alerts and sanitized intelligence information.
• Maintain a list of authorized users.

All C-TPAT participants will be required to use the C-TPAT Security Link Portal to ensure that all company information and Supply Security Profile information is accurate and complete.

C-TPAT participants and certified members will be required to enter, update, and maintain several key fields of information to assist in the verification of program eligibility. This includes the posting of current C-TPAT Supply Chain Security Profile and business profile information.

CBP is using 128 bit Secure Sockets Layer (SSL) encryption. SSL uses a system that uses two keys to encrypt data. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers.

To access the C-TPAT Security Link Portal:

1. Go to: https://ctpat.cbp.dhs.gov/. For information on the C-TPAT Security Link Portal, visit the www.cbp.gov C-TPAT web page at: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/

2. Go to the Status Verification section to Generate an SVI.

3. Read and accept the Consent to Use Company Name terms and conditions that appear on the introductory screen for the SVI. Active acceptance of the Agreement (i.e., selecting the "I Accept" box) will be required to access the SVI.

For more information on the C-TPAT Security Link Portal, go to: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/implement_portal.

C-TPAT Status Verification Interface (SVI)

As stated in the C-TPAT Security Criteria, Certified C-TPAT partners need to verify the participation status of other eligible C-TPAT business partners. To address this need, CBP has created the Status Verification Interface (SVI). The SVI allows consenting certified C-TPAT partners to verify the participation status of other consenting certified C-TPAT partners. Each party must have consented to the release of their company name among the C-TPAT membership. The SVI is the point of electronic access to verify the C-TPAT status of another Status Verification Interface Participant (SVIP).

Access to the C-TPAT SVI is now found in the C-TPAT Security Link Portal. SVI Access is granted to certified C-TPAT partners who meet the specific SVIP criteria.

To qualify as a SVIP, participants must have:

• Access to the Internet C-TPAT Security Link Portal;
• Achieved certification status as a C-TPAT participant;
• Generated an SVI alpha-numeric status identification number (ID) in the C-TPAT Security Link Portal;
• Accepted the terms of the electronic C-TPAT CONSENT TO USE COMPANY NAME form found in the C-TPAT Security Link Portal.

For SVI instructions, frequently asked questions, SVI fact sheet and/or access to the SVI interface go to: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/svi.

For More Information on C-TPAT

For ongoing information and updates on the C-TPAT program, go to the U.S. Customs and Border Protection Web site at www.cbp.gov.

C-TPAT Online Application Instructions

For important instructions for submitting an online C-TPAT application go to: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/online_app/ and select "Instructions for Completing the C-TPAT Online Application.

The Online Application itself can be found at: 
https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

Part 1 Summary

• Complete the Company Profile information
• Read and Agree to the terms of the C-TPAT Agreement to Voluntarily Participate.
• Save your submission.
• Wait for an e-mail confirming your submission and granting C-TPAT Security Link Portal access using a temporary password.

Note: Companies will have 60 days to complete their Online C-TPAT Application using the C-TPAT Security Link Portal.

Part 2 Summary

• Login to the C-TPAT Security Link Portal using your e-mail address and temporary password.
• Change your Temporary Password.
• Complete the structured Online Supply Chain Security Profile
• Save your Security Profile submission.

Note: Companies will have 60 days to complete their Online Application using the C-TPAT Security Link Portal.

Part 1

1. Select/verify your C-TPAT Business Type and click Next.

The Application Exception Token field is reserved for future use and does not apply to most applicants.

2. Enter/verify your C-TPAT Business Code and click Next.

You may select Cancel Profile at any point in the process to stop your application submission.

3. Enter/verify your Company Name, and click Next.

4. Enter/verify your complete Company Physical Address and Mailing Address if applicable, and click Next.

5. Select the term that best describes Company's Ownership Type, Years in Business range, and Number of Employees range, and click Next.

6. Select Add Contact to enter Company Points of Contact (POC).

7. Enter Company Points of Contact (POC).

You must enter at least one (1) company officer as a contact. They do not have to be the primary POC.

Consultants/Contractors may be entered as an alternate POC with additional information required.

The Primary POC must be a Company Employee and is designated by checking the POC field.

Select the contact type.

8 Use Add Contact to enter additional company Points of Contact (POC).

You may add an unlimited number of POC.

Select the contact type.

Warning: Each POC you add will have access to your C-TPAT Security Link web portal information and can change information.

Be sure to limit your C-TPAT Security Link Portal POC access to those personnel that are part of your company's C-TPAT program management team.

9 Enter Company Identification (ID) numbers.

The ID fields vary according to your Business Type.

10. Review/verify the summary of company information.

11. Read/review the Online C-TPAT Agreement for your Business Type.

12. If you accept the Online C-TPAT Agreement and wish to continue with your application, Click "I Agree".

13. You will receive an e-mail with instructions on how to Login and continue with your application.

Part 2

Initial Portal Login, Change Password

1. The "User Name" is the user's e-mail address that was provided to the C-TPAT program.

The Password will be the Temporary Password that is sent to you via e-mail after successful completion of Part 1 of the C-TPAT Online Application.

2. First time Users will be required to Change their Temporary password.

Users with Expired Passwords will be required to Change their old password.

Passwords will expire every 90 days.

3. If the User is designated as a Company Contact for more than one company, a list of companies will appear.

The User must select the company name and click continue to proceed.

4. Review Home Screen Fields.

Security Profile Completion

1. Place the Cursor on the Partner Menu and Select Security Profile.

2. The C-TPAT Supply Chain Security Profile is now required to be maintained in the structured template found in their C-TPAT Security Link Web Portal Security Profile section.

Participants must provide a narrative description of the procedures they use to ensure adherence to C-TPAT Security Criteria or Guidelines as applicable for their C-TPAT enrollment category.

For information on C-TPAT Security Criteria or Guidelines, refer to the C-TPAT web page located at http://www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/.

3. In the Text Box for each section, C-TPAT participants must provide a narrative description of the security procedures in place. Give examples.

Any back-up documentation may be uploaded in the Documents section via the C-TPAT Partner Document Exchange function.

Answers such as Non-Applicable or Does Not Apply are NOT acceptable. If you feel that a section does not apply to your situation, give a succinct explanation of why you feel this does not apply to your company.

4. Participants navigate through the Supply Chain Security Profile Sections selecting the "Next" button or by clicking on the blue hyperlink for the section.

Clicking "Save" will ensure all work is updated.

5. After all Security Profile Sections have been completed, you will be able to Submit your Security Profile for review.

6. If any of the Supply Chain Security Profile sections are BLANK, an error message will be generated.

7. Your completed Security Profile will be assigned to and reviewed by a C-TPAT Supply Chain Security Specialist.

For each section of the Security Profile, any comments made by the C-TPAT Supply Chain Security Specialist reviewer will appear in the Comment section.

The block also indicates whether the section is Critical and whether the section is Approved or Rejected.

Section Approval/Rejection is also designated by a Green "Check" (Approval) or a Red "X" (Rejected).

8. Rejected sections must be corrected and sufficient information provided.

C-TPAT Validation Process

Validation Basics

C-TPAT Validation

C-TPAT validation is a process through which U.S. Customs and Border Protection (CBP) meets with program participant representatives, and visits selected domestic and foreign sites, to verify that the supply chain security measures contained in the C-TPAT participant's security profile are accurate and being followed.

Goals of C-TPAT Validation

Since the decision to provide expedited release of cargo, and/or a reduced number of examinations, may be directly linked to a company's C-TPAT documentation, the principal goal of a validation is to ensure that the company's C-TPAT security profile is reliable, accurate and effective.

CBP expects, however, that validations will also provide a forum through which CBP and a C-TPAT participant can build a stronger partnership by discussing supply chain security issues, sharing "best practices," and cooperatively developing solutions to address potential vulnerabilities. The face-to-face nature of a validation encourages both CBP and the C-TPAT participant to better understand the role each plays in securing U.S. borders against international terrorism.

Validation vs. Audit

A C-TPAT validation is not a CBP audit. Whereas CBP routinely performs audits in a variety of operational areas (e.g. trade compliance, NAFTA), C-TPAT validations do not measure a company's adherence to existing government rules and regulations. Instead, the validation is focused on the verification of supply chain security processes and procedures that a company voluntarily agrees to verify or perform under the auspices of the C-TPAT program.

Validations are meant to be focused and concise. Although they may extend beyond two weeks on some occasions due to CBP planning and travel, CBP maintains that they will not involve more than ten working days of a company's time.

Which Participants Will Get a Validation?

CBP plans on validating the security profiles of all C-TPAT participants. Normally a company's initial validation will occur within three years of becoming a certified member of C-TPAT.

Validation Scheduling

The order in which a C-TPAT participant's profile will be selected for validation will be based on risk management principles. Validations may be initiated based on import volume, security related anomalies, strategic threat posed by geographic regions, or other risk related information. Alternatively, a validation may be performed as a matter of routine program oversight. CBP Headquarters will provide C-TPAT participants with approximately (30) thirty days advance notice prior to the beginning of any validation. The C-TPAT SCSS will work with the company's C-TPAT point of contact to schedule all validation visits.

Reporting of Validation Findings

At the conclusion of a validation, company management will be briefed on the findings of the validation. Additionally, a written Validation Report will be prepared and presented to the company shortly thereafter.

Impact of Validation Findings

If the validation findings are satisfactory, the results will increase the level of benefits provided to importer participants. If the validation findings reveal significant weaknesses in the company's application of C-TPAT guidelines or criteria, some or all of the participant's C-TPAT benefits may be suspended or removed until corrective action is implemented and verified.

Role of Security Criteria or Guidelines

C-TPAT security criteria or guidelines were developed jointly by CBP and the trade community. Participating companies must use these criteria or guidelines to assess their own supply chain security programs. The criteria or guidelines are used to measure the company's overall commitment to C-TPAT and viability in the program. The validation process ensures the company's C-TPAT commitment includes physical and procedural security requirements that enhance and verify supply chain security.

Process Guidelines

I. Introduction

The Customs-Trade Partnership Against Terrorism (C-TPAT) program is U.S. Customs and Border Protection's (CBP) premier trade security program. The purpose of C-TPAT is to partner with the trade community for the purpose of securing the U.S. and international supply chains from possible intrusion by terrorist organizations. C-TPAT requires the trade company participant to document and validate their supply chain security procedures in relation to existing CBP C-TPAT criteria or guidelines as applicable. CBP requires that C-TPAT company participants develop an internal validation process to ensure the existence of security measures documented in their Supply Chain Security Profile and in any supplemental information provided to CBP. As a part of the C-TPAT process, CBP C-TPAT Supply Chain Security Specialists (SCSS) and the C-TPAT participant will jointly conduct a validation of the company's supply chain security procedures. The validation process is essential to verifying the company's commitment to C-TPAT.

II. Objective

The purpose of the validation is to ensure that the C-TPAT participant's international supply chain security measures contained in the C-TPAT participant's security profile have been implemented and are being followed in accordance with established C-TPAT criteria or guidelines. The validation team evaluates the status and effectiveness of key security measures in the participant's profile to make recommendations and recognize best practices where appropriate.

III. Validation Principles

The guiding principle of the C-TPAT program is enhancing and ensuring supply chain security though a government-industry partnership. The C-TPAT program is voluntary and designed to share information that will protect the supply chain from being compromised by terrorists and terrorist organizations. The validation process will enable CBP and the C-TPAT participant to jointly review the participant's C-TPAT security profile to ensure that security actions in the profile are being effectively executed. Throughout the process there will also be the opportunity to discuss security issues and to share "best practices" with the ultimate goal of securing the international supply chain.

C-TPAT validations are not audits. In addition, they will be focused, concise, and will last not longer than ten working days.

Based on the participant's C-TPAT security profile and the recommendations of the validation team, CBP Headquarters will also oversee the specific security elements to be validated.

IV. Conducting a Validation

A. Validation Selection Process

To ensure accuracy, the security profiles of C-TPAT participants will be validated. The C-TPAT participant's security profile will be selected for validation based on the company's import supply chain risk. Validations may be initiated based on many factors including: security related anomalies, strategic threat posed by geographic regions, other risk related information, or strategic import volume. Unannounced validations will not be conducted. C-TPAT participants will be given approximately thirty days advance written notice along with a request for any supporting documentation that is needed.

B. Validation Teams

A validation team consisting of C-TPAT SCSS and a representative(s) of the C-TPAT participant will conduct C-TPAT validation visits.

SCSS on a validation team are composed of trained CBP specialists knowledgeable in international supply chain security matters. SCSS receive supply chain security training to assist them in working with industry representatives to promote effective supply chain security programs.

Generally, the lead SCSS performing the validation will be the company's assigned C-TPAT representative responsible for reviewing and assessing the company's security profile and other accessible information to determine the scope of the validation. This will help ensure that the validation is effective, focused, and limited in duration.

C. Validation Procedures

The SCSS validation team leader will provide the company with a written notification of the scheduled validation. The notice will be issued at least thirty days prior to the start of the validation and will include a request for supporting documentation or materials, if any. The validation team leader will also contact the C-TPAT participant to establish a single point of contact at the corporate level.

Prior to the commencement of the validation, the C-TPAT SCSS team will review the participant's C-TPAT security profile, any supplemental information received from the company, and any CBP headquarters instructions, to determine the intended scope of the validation.

In preparation for the validation, the validation team may also consider specific C-TPAT security criteria and guidelines. The security criteria and guidelines are used to determine the sufficiency of specific aspects of a participant's C-TPAT security profile. It is understood that the criteria and guidelines are not inclusive with respect to effective security practices.

C-TPAT Security Criteria and Guidelines are available for each C-TPAT enrollment category at www.cbp.gov.

D. Validation Venue

Under normal circumstances, the validation will begin with a briefing of C-TPAT participant company officials via phone or at the company's primary U.S. office location. The validation team will discuss the participant's role in the C-TPAT program. The validation team will also focus on the scope of the validation including validation visit locations throughout the company's international supply chain. If additional information is required to validate a portion of a C-TPAT participant's supply chain, the validation team will coordinate the required request with the company officials.

E. Validation Visit

A validation visit is a detailed review of the participant's import supply chain security procedures to determine if sufficient security procedures are in place to meet current C-TPAT guidelines or criteria. The specific sites of the validation visits will be determined based on the C-TPAT SCSS validation risk analysis and coordinated with the C-TPAT participant representative. A validation may require multiple visits at foreign locations. Individual validation visits are usually performed in no more than one day.

F. Validation Report

Validation visit findings are documented in a Validation Report and forwarded to the C-TPAT participant. The report findings will identify supply chain security recommendations or best practices. If significant supply chain security weaknesses or recommendations are found, a participant's C-TPAT benefits may be suspended or removed depending on the circumstances. If a company has their C-TPAT benefits suspended, C-TPAT will recommend that the company implement an action plan containing corrective actions to address specific supply chain security weaknesses.

C-TPAT Security Criteria and Guidelines

The following sections include CBP C-TPAT Security Criteria and Security Guidelines that may be used by the C-TPAT Validation Team in the planning phase of an on-site validation. These Criteria and Guidelines, therefore, will be helpful in the pre-validation review of key aspects of a participant's C-TPAT security profile. Therefore, prior to conducting an on-site validation, the validation team may review and discuss appropriate security recommendations contained in these criteria and guidelines in the context of the participant's C-TPAT security profile. This will assist the team in limiting the scope of the validation and in customizing the validation to the C-TPAT participant involved.

¹C-TPAT requirements are evolving. The information contained in this section was current as of Octboer 2010. For the latest information refer to the U.S. Customs and Border Protection (CBP) Web site at: www.cbp.gov. (The editorial content for this article is based on CBP material.)

C-TPAT for Importers1 
Back to C-TPAT Table of Contents

C-TPAT Security Criteria for Importers²

C-TPAT Security Criteria Importers

Importers must conduct a comprehensive assessment of their international supply chains based upon the following C-TPAT security criteria. Where an importer outsources or contracts elements of their supply chain, such as a foreign facility, conveyance, domestic warehouse, or other elements, the importer must work with these business partners to ensure that pertinent security measures are in place and adhered to throughout their supply chain. The supply chain for C-TPAT purposes is defined from point of origin (manufacturer/supplier/vendor) through to point of distribution - and recognizes the diverse business models C-TPAT members employ.

C-TPAT recognizes the complexity of international supply chains and endorses the application and implementation of security measures based upon risk analysis. Therefore, the program allows for flexibility and the customization of security plans based on the member's business model.

Appropriate security measures, as listed throughout this document, must be implemented and maintained throughout the importer's supply chains - based on risk.

Business Partner Requirement

Importers must have written and verifiable processes for the selection of business partners including manufacturers, product suppliers and vendors.

Security procedures

For those business partners eligible for C-TPAT certification (carriers, ports, terminals, brokers, consolidators, etc.) the importer must have documentation (e.g., C-TPAT certificate, SVI number, etc.) indicating whether these business partners are or are not C-TPAT certified.

For those business partners not eligible for C-TPAT certification, importers must require their business partners to demonstrate that they are meeting C-TPAT security criteria via written/electronic confirmation (e.g., contractual obligations; via a letter from a senior business partner officer attesting to compliance; a written statement from the business partner demonstrating their compliance with C-TPAT security criteria or an equivalent WCO accredited security program administered by a foreign customs authority; or, by providing a completed importer security questionnaire).Based upon a documented risk assessment process, non-C-TPAT eligible business partners must be subject to verification of compliance with C-TPAT security criteria by the importer.

Point of Origin

Importers must ensure business partners develop security processes and procedures consistent with the C-TPAT security criteria to enhance the integrity of the shipment at point of origin. Periodic reviews of business partners' processes and facilities should be conducted based on risk, and should maintain the security standards required by the importer.

Participation / Certification in Foreign Customs Administrations Supply Chain Security Programs

Current or prospective business partners who have obtained a certification in a supply chain security program being administered by foreign Customs Administration should be required to indicate their status of participation to the importer.

Other Internal criteria for selection

Internal requirements, such as financial soundness, capability of meeting contractual security requirements, and the ability to identify and correct security deficiencies as needed, should be addressed by the importer. Internal requirements should be assessed against a risk-based process as determined by an internal management team.

Container Security

Container integrity must be maintained to protect against the introduction of unauthorized material and/or persons. At point of stuffing, procedures must be in place to properly seal and maintain the integrity of the shipping containers. A high security seal must be affixed to all loaded containers bound for the U.S. All seals must meet or exceed the current PAS ISO 17712 standards for high security seals.

Container Inspection

Procedures must be in place to verify the physical integrity of the container structure prior to stuffing, to include the reliability of the locking mechanisms of the doors. A seven-point inspection process is recommended for all containers:

• Front wall
• Left side
• Right side
• Floor
• Ceiling/Roof
• Inside/outside doors
• Outside/Undercarriage

Container Seals

Written procedures must stipulate how seals are to be controlled and affixed to loaded containers - to include procedures for recognizing and reporting compromised seals and/or containers to US Customs and Border Protection or the appropriate foreign authority. Only designated employees should distribute container seals for integrity purposes.

Container Storage

Containers must be stored in a secure area to prevent unauthorized access and/or manipulation. Procedures must be in place for reporting and neutralizing unauthorized entry into containers or container storage areas.

Physical Access Controls

Access controls prevent unauthorized entry to facilities, maintain control of employees and visitors, and protect company assets. Access controls must include the positive identification of all employees, visitors, and vendors at all points of entry.

Employees

An employee identification system must be in place for positive identification and access control purposes. Employees should only be given access to those secure areas needed for the performance of their duties. Company management or security personnel must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g., keys, key cards, etc.) must be documented.

Visitors

Visitors must present photo identification for documentation purposes upon arrival. All visitors should be escorted and visibly display temporary identification.

Deliveries (including mail)

Proper vendor ID and/or photo identification must be presented for documentation purposes upon arrival by all vendors. Arriving packages and mail should be periodically screened before being disseminated.

Challenging and Removing Unauthorized Persons

Procedures must be in place to identify, challenge and address unauthorized/unidentified persons.

Personnel Security

Processes must be in place to screen prospective employees and to periodically check current employees.

Pre-Employment Verification

Application information, such as employment history and references must be verified prior to employment.

Background checks / investigations

Consistent with foreign, federal, state, and local regulations, background checks and investigations should be conducted for prospective employees. Once employed, periodic checks and reinvestigations should be performed based on cause, and/or the sensitivity of the employee's position.

Personnel Termination Procedures

Companies must have procedures in place to remove identification, facility, and system access for terminated employees.

Procedural Security

Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling, and storage of cargo in the supply chain.

Documentation Processing

Procedures must be in place to ensure that all information used in the clearing of merchandise/cargo, is legible, complete, accurate, and protected against the exchange, loss or introduction of erroneous information. Documentation control must include safeguarding computer access and information.

Manifesting Procedures

To help ensure the integrity of cargo received from abroad, procedures must be in place to ensure that information received from business partners is reported accurately and timely.

Shipping & Receiving

Arriving cargo should be reconciled against information on the cargo manifest. The cargo should be accurately described, and the weights, labels, marks and piece count indicated and verified. Departing cargo should be verified against purchase or delivery orders. Drivers delivering or receiving cargo must be positively identified before cargo is received or released.

Cargo Discrepancies

All shortages, overages, and other significant discrepancies or anomalies must be resolved and/or investigated appropriately. Customs and/or other appropriate law enforcement agencies must be notified if illegal or suspicious activities are detected - as appropriate.

Security Training and Threat Awareness

A threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by terrorists at each point in the supply chain. Employees must be made aware of the procedures the company has in place to address a situation and how to report it. Additional training should be provided to employees in the shipping and receiving areas, as well as those receiving and opening mail.

Additionally, specific training should be offered to assist employees in maintaining cargo integrity, recognizing internal conspiracies, and protecting access controls. These programs should offer incentives for active employee participation.

Physical Security

Cargo handling and storage facilities in domestic and foreign locations must have physical barriers and deterrents that guard against unauthorized access. Importers should incorporate the following C-TPAT physical security criteria throughout their supply chains as applicable.

Fencing

Perimeter fencing should enclose the areas around cargo handling and storage facilities. Interior fencing within a cargo handling structure should be used to segregate domestic, international, high value, and hazardous cargo. All fencing must be regularly inspected for integrity and damage.

Gates and Gate Houses

Gates through which vehicles and/or personnel enter or exit must be manned and/or monitored. The number of gates should be kept to the minimum necessary for proper access and safety.

Parking

Private passenger vehicles should be prohibited from parking in or adjacent to cargo handling and storage areas.

Building Structure

Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.

Locking Devices and Key Controls

All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys.

Lighting

Adequate lighting must be provided inside and outside the facility including the following areas: entrances and exits, cargo handling and storage areas, fence lines and parking areas.

Alarms Systems & Video Surveillance Cameras

Alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to cargo handling and storage areas.

Information Technology Security

Password Protection

Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place and provided to employees in the form of training.

Accountability

A system must be in place to identify the abuse of IT including improper access, tampering or the altering of business data. All system violators must be subject to appropriate disciplinary actions for abuse.

Importer - C-TPAT Agreement to Voluntarily Participate

This Agreement is made between _____________________ (hereinafter referred to as "the Importer") and U.S. Customs and Border Protection (hereinafter referred to as "CBP") to participate in the Customs-Trade Partnership Against Terrorism (C-TPAT), a voluntary and cooperative partnership established to achieve the goals of building more secure and more efficient borders.

This Agreement between the Importer and CBP is intended to enhance the joint efforts of the Importer and CBP to protect the supply chain, identify security gaps, and implement specific security measures and best practices.

Specifically, the Importer agrees to:

1. Conduct a comprehensive assessment of the Importer's global supply chain(s) based upon established C-TPAT security criteria to include: Business Partner Requirements, Cargo Security, Container Security, Physical Access Controls, Personnel Security, Procedural Security, Security Training/Threat Awareness, Physical Security, and Information Technology Security. The supply chain is defined from point of origin (manufacturer/supplier/vendor) to point of distribution.

2. Develop a written and verifiable process for determining risk throughout the Importer's global supply chain(s) based upon the Importer's business model (e.g., volume, country of origin, routing, potential terrorist threat, etc.)

3. Implement and maintain appropriate security measures throughout the Importer's global supply chain(s) in a written and verifiable format that is consistent with C-TPAT security criteria and based upon risk analysis as determined by the Importer's business model.

4. Complete and upload the Importer's Supply Chain Security Profile document.

5. Develop and implement a written and verifiable process for the selection of all business partners in the Importer's global supply chain(s) including manufacturers, product suppliers, and vendors based upon C-TPAT security criteria regarding Business Partner Requirements. Where the Importer outsources or contracts elements of their supply chain(s), the Importer must ensure that appropriate security measures are in place, effective, and complied with.

6. Develop and implement a periodic Self-Assessment Program in a written and verifiable format to ensure that appropriate security measures consistent with C-TPAT security criteria are maintained and are sufficient throughout the Importer's global supply chain(s), and implement changes as necessary or needs arise.

7. Notify CBP at [email protected] of all changes and/or modifications to the Importer's information on file including Official Company Name, Street Address, Company Point of Contact, Telephone Number, Fax Number, and E-Mail.

Upon acceptance, review, and/or certification in the C-TPAT, CBP will:

1. Provide feedback and guidance to the Importer on the information provided in the Supply Chain Security Profile within 60 days of receipt.

2. Provide technical assistance and recommendations to the Importer to improve the Importer's supply chain(s) pursuant to C-TPAT security criteria.

3. Provide incentives and benefits to include expedited processing of C-TPAT shipments.

4. Assign a C-TPAT supply chain specialist to serve as the CBP liaison for validations, security issues, procedural updates, communication, and training.

5. Ensure all information provided by the Importer to CBP will remain confidential. CBP will not disclose the Importer's identity as a C-TPAT partner without the Importer's consent.

This Agreement will be administered pursuant to a plan jointly developed by CBP and the Importer.

This Agreement is subject to review and acceptance by CBP and the Importer and may be terminated upon written notice by either party.

This Agreement cannot, by law, exempt the Importer from any statutory or regulatory sanctions in the event that discrepancies are discovered during a physical examination of cargo or the review of documents associated with the Importer's transactions with CBP.

This Agreement does not relieve the Importer of any responsibilities with respect to United States law, including CBP regulations.

General Items

FAQs

For a list of 43 "Frequently Asked Questions and Answers Regarding Minimum Security Criteria for Importers" refer to: http://www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/security_....

C-TPAT Application

Instructions for submitting an online C-TPAT application are at: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/online_app/. Select "Instructions for Completing the C-TPAT Online Application.

The C-TPAT Online Application itself can be found at: 
https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

For More Information

For more information about C-TPAT for importers go to: www.cbp.gov. Search for "C-TPAT for Importers."

¹ C-TPAT requirements are evolving. For the latest information refer to the CBP Web site at: www.cbp.gov.

²These security criteria became effective March 25, 2005 and were current as of October 2010.

C-TPAT for Sea Carriers1 
Back to C-TPAT Table of Contents

C-TPAT Security Criteria for Sea Carriers²

Sea carriers must conduct a comprehensive assessment of their security practices based upon the following C-TPAT minimum-security criteria. Where a sea carrier does not control a specific element of the cargo transportation service it has contracted to provide, such as a marine terminal operator or a time chartered vessel with whom it has contracted, the sea carrier must work with these business partners to seek to ensure that pertinent security measures are in place and adhered to. The sea carrier is responsible for exercising prudent oversight for all cargo loaded on board its vessel, pursuant to applicable law and regulations and the terms of this program.

C-TPAT recognizes the complexity of international supply chains and security practices, and endorses the application and implementation of security measures based upon risk.³ Therefore, the program allows for flexibility and the customization of security plans based on the member's business model. Security measures, as listed throughout this document, must be implemented and maintained as appropriate to the carrier's business model and risk understanding. CBP's C-TPAT validation process shall include a review of the carrier's assessment and program.

C-TPAT recognizes that sea carriers are already subject to defined security mandates created under the International Ship and Port Security Code (ISPS) and the Maritime Transportation Security Act (MTSA). It is not the intention of C-TPAT to duplicate these vessel and facility security requirements, rather, C-TPAT seeks to build upon the ISPS and MTSA foundation and require additional security measures and practices which enhance the overall security throughout the international supply chain.

ISPS and MTSA compliance are a prerequisite for C-TPAT sea carrier membership, and only vessels in compliance with the applicable ISPS code requirements may be utilized by C-TPAT members. Marine terminals operated by C-TPAT members must also comply with ISPS code requirements. The Physical Access Controls and Physical Security provisions of these criteria are satisfied for ISPS regulated vessels and port facilities by those vessels' or facilities' compliance with the ISPS Code and Coast Guard regulations.

Business Partner Requirements

Sea carriers must have written and verifiable procedures for the screening of carrier's agents and service providers contracted to provide transportation services for the carrier. Sea carriers must also have screening procedures for new customers, beyond financial soundness issues to include indicators of whether the customer appears to be a legitimate business and/or posses a security risk. Sea carriers shall also have procedures to review their customer's requests that could affect the safety of the vessel or the cargo or otherwise raise significant security questions, including unusual customer demands, such as specific stowage placement aboard the vessel (beyond a request for below deck or on deck stowage).

Security procedures

Sea carriers must have written or web-based procedures for screening new customers to whom they issue bills of lading, which identify specific factors or practices, the presence of which would trigger additional scrutiny by the sea carrier, up to and including a detailed physical inspection of the exterior of the suspect customer's container prior to loading onto the vessel. These procedures may also include a referral to CBP or other competent authorities for further review. CBP will work in partnership with the sea carriers to identify specific information regarding what factors, practices or risks are relevant.

Sea carriers should ensure that contract vessel services providers commit to C-TPAT security recommendations. Periodic reviews of the security commitments of the service providers should be conducted.⁴

Container Security

For all containers in the sea carrier's custody, container integrity must be maintained to protect against the introduction of unauthorized material and/or persons. Sea carriers must have procedures in place to maintain the integrity of the shipping containers while in their custody. A high security seal must be affixed to all loaded containers bound for the U.S. All seals used or distributed by the sea carrier must meet or exceed the current PAS ISO 17712 standards for high security seals.⁵

Sea carriers and/or their marine terminal operators must have processes in place to comply with seal verification rules and seal anomaly reporting requirements once promulgated and mandated by the U.S. government.

Container Inspection

The requirement to inspect all containers prior to stuffing (to include the reliability of the locking mechanisms of the doors) is placed upon the importers through the C-TPAT Minimum Security Criteria for Importers dated March 25, 2005. Sea carriers must visually inspect all U.S.-bound empty containers, to include the interior of the container, at the foreign port of lading.

Container Seals

Written procedures must stipulate how seals in the sea carrier's possession are to be controlled. Procedures should also exist for recognizing and reporting compromised seals and/or containers to US Customs and Border Protection or the appropriate foreign authority consistent with the seal anomaly reporting requirements once promulgated and mandated by the U.S. government.

Container Storage

The sea carrier must store containers in their custody in a secure area to prevent unauthorized access and/or manipulation. Procedures must be in place for reporting detected, unauthorized entry into containers or container storage areas to appropriate local law enforcement officials.

Physical Access Controls

The sea carrier shall establish access controls to prevent unauthorized entry to its vessels and cargo facilities, maintain control of employees and visitors, and protect company assets. Access controls must include the positive identification of all employees, visitors, service providers, government officials and vendors at all restricted access points of entry. Shore employees and service providers should only have access to those areas of the vessel where they have legitimate business. Vessel and facility access controls are governed by the International Ship and Port Security Code and MTSA. The Physical Access Control provisions of these criteria are satisfied for ISPS regulated vessels and port facilities by those vessels' or facilities' compliance with the ISPS Code and MTSA regulations.

Boarding and Disembarking of Vessels

Consistent with the vessel's ISPS security plan, all crew, employees, vendors and visitors may be subject to a search when boarding or disembarking vessels. A vessel visitor log must be maintained and a temporary visitor pass must be issued as required by the vessel's security plan. All crewmembers, employees, vendors and visitors, including government officials, must display proper identification, as required by the applicable ISPS/MTSA security plan.

Employees

An employee identification system must be in place for positive identification and access control purposes. Employees should only be given access to those secure areas needed for the performance of their duties. Company management or security personnel must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. keys, key cards, etc.) must be documented.

Visitors / Vendors / Service Providers

Visitors, vendors, government officials, and service providers must present photo identification for documentation purposes upon arrival at carrier's vessels or cargo facilities, and a visitor log must be maintained. Measures described by the approved ISPS/MTSA security plan addressing the escort of visitors and service providers, including, when appropriate, the use of temporary identification will be followed.

Challenging and Removing Unauthorized Persons

Procedures must be in place to identify, challenge and address unauthorized/unidentified persons.

Personnel Security

In compliance with applicable laws and regulations for that location, written and verifiable processes must be in place to screen prospective employees and to periodically check current employees.

Pre-Employment Verification

Application information, such as employment history and references must be verified prior to employment.

Background Checks / Investigations

Depending on the sensitivity of the position, background checks and investigations shall be conducted for prospective employees as appropriate and as required by foreign, federal, state and local regulations. Once employed, periodic checks and reinvestigations should be performed based on cause, and/or the sensitivity of the employee's position.

Personnel Termination Procedures

Companies must have procedures in place to remove identification, facility, and system access for terminated employees.

Crewmen Control - Deserter/Absconder Risk

CBP will work with the U.S. Coast Guard and sea carriers to identify specific factors which may indicate when a crewman poses a potential risk of desertion/absconding. When such factors are identified and provided to the carriers, the carrier shall provide this information to its vessel masters and to the vessels under charter to the carrier, and such vessels shall establish procedures to address the potential risk of desertion/absconding. Added security measures appropriate to the risk present should be employed upon arrival into the U.S. port/territories.

Deserter/Absconder Notifications

Vessel masters must account for all crewmen prior to the vessel's departure from a U.S. port. If the vessel master discovers that a crewman has deserted or absconded, the vessel master must report this finding by the most practical means to CBP immediately upon discovery and prior to the vessel's departure.

Procedural Security

Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling, and storage of cargo. Consistent with the carrier's ISPS Code security plan, procedures must be in place to prevent unauthorized personnel from gaining access to the vessel. In those geographic areas where risk assessments warrant checking containers for human concealment in containers, such procedures should be designed to address the particular, identified risk at the load port or the particular port facility. CBP will inform the sea carriers when it is aware of a high risk of human concealment or stowaways at particular ports or geographic regions. Documented procedures must also include pre-departure vessel security sweeps for stowaways at the foreign load port, and during normal watch activity while en route to the United States as warranted by risk conditions at the foreign load port.

Passenger and Crew

Sea carriers must ensure compliance with the U.S. Coast Guard Notice of Arrival and Departure requirements so that accurate, timely and advanced transmission of data associated with international passengers and crew is provided to the U.S. government and CBP.

Bill of Lading / Manifesting Procedures

Procedures must be in place to ensure that the information in the carrier's cargo manifest accurately reflects the information provided to the carrier by the shipper or its agent, and is filed with CBP in a timely manner. Documentation control must include safeguarding computer access and information.

Bill of lading information filed with CBP should show the first foreign port (place) where the sea carrier takes possession of the cargo destined for the United States.

BAPLIEs

At the request of CBP, sea carriers will provide a requested BAPLIE and/or stowage plan, in a format readily available. Such requests will be made on a voyage specific basis when CBP requires additional voyage information and will be honored by the sea carrier in a timely manner. CBP recognizes that these are not regulated documents and that the data included may not always match the manifest filing.

Cargo

Customs and/or other appropriate law enforcement agencies must be notified if illegal or highly suspicious activities are detected - as appropriate.

Security Training and Awareness

A security awareness program should be established and maintained by the carrier to recognize and foster awareness of security vulnerabilities to vessels and maritime cargo. Employees must be made aware of the procedures the sea carrier has in place to report a security concern or incident.

Additionally, specific training should be offered to assist employees in maintaining vessel and cargo integrity, recognizing internal conspiracies, and protecting access controls.

Physical Security

Carriers shall establish written and verifiable procedures to prevent unauthorized personnel from gaining access to its vessels, including concealment in containers, and to prevent tampering with cargo conveyances while they are in the carrier's custody. Such measures are covered by a vessel's and a port facility's ISPS security plan. Physical Security provisions of these criteria are satisfied for ISPS regulated vessels and port facilities by those vessels' or facilities' compliance with the ISPS Code and MTSA regulations. Non-ISPS Code regulated cargo handling and storage facilities and container yards operated by the carrier, in domestic and foreign locations, must have physical barriers and deterrents that guard against unauthorized access. Sea carriers should incorporate the following C-TPAT physical security criteria as applicable.

Fencing

Perimeter fencing should enclose the areas around cargo handling and storage facilities, container yards, and terminals. All fencing must be regularly inspected for integrity and damage.

Gates and Gate Houses

Gates through which vehicles and/or personnel enter or exit must be manned and/or monitored and secured when not in use.

Parking

Private passenger vehicles should be prohibited from parking in or adjacent to cargo handling and storage areas, and vessels.

Building Structure

Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.

Locking Devices and Key Controls

All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys.

Lighting

Adequate lighting must be provided inside and outside the facility including the following areas: entrances and exits, cargo handling and storage areas, fence lines and parking areas. While at port, the pier and waterside of the vessel must be adequately illuminated.

Alarms Systems & Video Surveillance Cameras

At those locations determined appropriate by the carrier's risk assessment, alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to vessels, cargo handling and storage areas.

Information Technology Security

Password Protection

Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place and provided to employees in the form of training.

Accountability

A system must be in place to identify the abuse of IT including improper access, tampering or the altering of business data. All system violators must be subject to appropriate disciplinary actions for abuse.

Security Assessment, Response and Improvement

Carriers and CBP have a mutual interest in security assessments and improvements, and recognize that specific, implemented security procedures may be found in the future to have weaknesses or be subject to circumvention. When a security shortcoming or security incident is identified, the Carrier and CBP officials will meet in an effort to ascertain what led to the breakdown and to formulate mutually agreed remedial measures. If CBP determines that the security incident raises substantial concerns or a security weakness requires substantial remediation, CBP headquarters officials will meet with the carrier's senior management to discuss such concerns and to identify appropriate remedial measures to be taken.

While CBP has the authority to suspend or remove a sea carrier from the C-TPAT program for substantial non-compliance with the security criteria of the program, such authority is exercised only in the most serious circumstances.

Sea Carrier General Items

FAQs

For a list of seven Frequently Asked Questions and Answers Regarding Minimum Security Criteria for Sea Carriers" go to: http://www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/security_....

C-TPAT Application

Instructions for submitting an online C-TPAT application are at: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/online_app/. Select "Instructions for Completing the C-TPAT Online Application."

The C-TPAT Online Application itself can be found at: 
https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

Agreement to Voluntarily Participate

The Sea Carrier Agreement to Voluntarily Participate is similar to the . The Sea Carrier Agreement can be found as part of the C-TPAT Online Application at:

https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

For More Information

For more information about C-TPAT go to: www.cbp.gov. Search for "C-TPAT for Sea Carriers."

¹C-TPAT requirements are evolving. For the latest information refer to the CBP Web site at: www.cbp.gov.

²These security criteria for Sea Carriers became effective March 1, 2006 and are current as of October 2010.

³Sea carriers shall have a documented and verifiable process for assessing security vulnerabilities within their operations based on their business model (i.e., volume, country of origin, routing, security alerts via open source information, ports identified by U.S. Coast Guard as having inadequate security, past security incidents, etc.).

⁴An ISPS regulated vessel operator or port facility is not expected under these criteria to show a carrier or other third party its ship or port security plan. It is recognized that under the ISPS Code relevant portions of an ISPS security plan are not subject to inspection without the contracting government's agreement.

⁵When a container has been affixed with a high security seal that meets or exceeds the current PAS ISO 17712 standards and the shipper or carrier wishes to apply a supplementary, additional seal to the container to provide enhanced level of security, such supplementary seals do not have to meet the PAS ISO 17712 standards.

C-TPAT for Rail Carriers1 
Back to C-TPAT Table of Contents

C-TPAT Security Criteria for Rail Carriers²

Rail carriers must conduct a comprehensive assessment of their security practices based upon the following C-TPAT minimum-security criteria. Recognizing that rail carriers do not control their shippers and have a common carrier obligation to transport goods tendered to them, rail carriers shall work with their shippers on their security practices as set forth in these criteria.

These minimum security criteria are fundamentally designed to be the building blocks for rail carriers to institute effective security practices designed to optimize supply chain performance to mitigate the risk of loss, theft, and contraband smuggling that could potentially introduce terrorists and implements of terrorism into the global supply chain.

Rail carriers should periodically assess their degree of vulnerability to risk and should prescribe security measures to strengthen or adjust their security posture to prevent security breaches and internal conspiracies. The determination and scope of criminal elements targeting world commerce through internal conspiracies requires companies to elevate their security practices.

C-TPAT recognizes the complexity of international supply chains and security practices, and endorses the application and implementation of security measures based upon risk. Therefore, the program allows for flexibility and the customization of security plans based on the member's business model. Security measures, as listed throughout this document, must be implemented and maintained as appropriate to the carrier's business model and risk understanding.

Business Partner Requirements

Rail carriers must have written and verifiable processes for the screening of new business partners, including carrier's agents, sub-contracted rail carriers, and service providers, as well as screening procedures for new customers, beyond financial soundness issues to include security indicators. These processes apply to business partners and service providers not eligible for C-TPAT membership.

Security Procedures³

• Written procedures must exist to address specific factors or practices, the presence of which would trigger additional scrutiny by the rail carrier. U.S. Customs and Border Protection (CBP) will work in partnership with the rail carriers to identify specific information regarding what factors, practices or risks are relevant.
• For those business partners eligible for C-TPAT certification (importers, ports, terminals, brokers, consolidators, etc.) the Rail carrier must have documentation (e.g., C-TPAT certificate, SVI number, etc.) indicating whether these business partners are or are not C-TPAT certified. Non-C-TPAT business partners may be subject to additional scrutiny by the Rail carrier. Rail carriers should institute appropriate security procedures for their contract service providers.
• Rail carriers have a common carrier responsibility for all cargo loaded aboard their rail cars; they must communicate the importance of security to their employees as a fundamental aspect of their security policies.
• Rail carriers should strongly encourage that contract service providers and shippers commit to C-TPAT security recommendations.

Rolling Stock Security

Rail carriers shall have procedures to protect against the introduction of unauthorized personnel and material.⁴

• It is recognized that even though a carrier may not "exercise control" over the loading of rail cars and the contents of the cargo, rail carriers must be vigilant to guard against stowaways, and the smuggling of implements of terrorism and contraband. The rail carrier shall have procedures in place to guard against the loading of contraband while trains are in transit to the border, even in regards to unforeseen train stops.
• Rail carriers must have procedures in place for reporting unauthorized entry into rail cars, and locomotives.
• Rail carriers must maintain inventory information and movement records on each rail car and use the physical rail car tracking technology that is inherent to the North American rail network system.

Inspection Procedures

• Rail personnel should be trained to inspect their rail cars and locomotives for anomalies. Training in conveyance searches should be adopted as part of the company's on-the-job training program. Training that is held should be recorded or documented in a personnel file of the employee that attended the training.
• A systematic inspection must be made prior to reaching the U.S. border.
• During required on-ground safety inspections of rolling stock entering the U.S., conduct security inspections for any apparent signs of tampering, sabotage, attached explosives, contraband, stowaways, and other unusual or prohibited items. It is understood that railroads must comply with the Federal Railroad Safety Act and the Hazardous Materials Transportation Act.
• CBP will work in partnership with the rail carriers to identify specific information regarding what factors, practices or risks are relevant including the use of non-intrusive gamma ray technology or other inspections.

Conveyance Tracking
and Monitoring Procedures

• Rail carriers must maintain, to the extent feasible and practicable, locomotive and rail car integrity while the train is en route to the U.S. border by maintaining inventory information and movement records for each rail car. Rail carriers must record unannounced or unforeseen train stops.
• Rail carriers must utilize existing tracking and monitoring processes to track conveyances while they are en route to the U.S. border. Unannounced or unforeseen train stops shall be documented.
• Railroad supervision must ensure that tracking and monitoring processes are being adhered to.

Seals

The sealing of rail cars, and intermodal maritime containers, along with continuous seal integrity are crucial elements of a secure supply chain, and remain a critical aspect of a rail carrier's commitment to C-TPAT. To the extent practical, a high security seal should be affixed to all loaded rail cars bound for the U.S. All seals must meet or exceed the current PAS ISO 17712 standards for high security seals. Rail carriers crossing the U.S. border must also fully comply with seal verification rules and seal anomaly reporting requirements once promulgated and mandated by the U.S. government.

• Clearly defined written procedures must stipulate how seals in the rail carrier's possession are to be controlled during transit. These written procedures should be briefed to all rail crewmembers and there should be a mechanism to ensure that these procedures are understood and are being followed. These procedures must include:

Physical Access Controls

To the extent practical, rail carriers should institute access controls to prevent unauthorized entry to rail property and rail cars and should maintain control of employees and visitors. Access controls should include the positive identification of employees, visitors, service providers, and vendors. Rail companies should also conduct spot inspections of motor vehicles on railroad property where international shipments are handled.

Employees

An employee identification system must be in place for positive identification and access control purposes. Employees should only be given access to high security areas such as dispatch centers if necessary for the performance of their duties. Railroad supervision or railroad police must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. keys, key cards, etc.) must be documented. Establish employee identification measures for all employees. Conduct spot checks of identification as threat conditions warrant.

Visitors, Vendors and Service Providers

To the extent feasible and practicable, and as threat conditions warrant, restrict the access of contractors and visitors to non-public areas of company-designated critical infrastructure and monitor the activities of visitors in or around such infrastructure.

Challenging and Removing Unauthorized Persons

Procedures must be in place to identify, challenge and address unauthorized/unidentified persons.

Unauthorized Persons

• Implement measures to deter unauthorized entry and increase the probability of detection at company-designated critical infrastructure. Provide safety and security training for employees at facilities where international shipments are handled.
• Establish procedures to detect or deter unmanifested material and unauthorized personnel from gaining access to trains crossing into the United States.
• Reinforce the need for employees to immediately report to the proper authorities all suspicious persons, activities, or objects encountered.
• Focus proactive community safety and security outreach and trespasser abatement programs in areas adjacent to company-designated critical infrastructure to reduce the likelihood of unauthorized individuals on company property and to enhance public awareness of the importance for reporting suspicious activity.

Personnel Security

Written and verifiable processes must be in place to screen prospective rail employees and to periodically check current employees.

Pre-Employment Verification / Background Checks / Investigations

Application information, such as employment history and references must be verified prior to employment.

Background Checks / Investigations

Depending on the sensitivity of the position, background checks and investigations shall be conducted for current and prospective employees as appropriate and as required by foreign, federal, state and local regulations. Conduct background checks on all new railroad employees. Once employed, periodic checks and reinvestigations should be performed based on cause, and/or the sensitivity of the employee's position.

Personnel Termination Procedures

Companies must have procedures in place to remove identification, facility, and system access for terminated employees.

Procedural Security

Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling, and storage of cargo in the supply chain. Procedures must be in place to prevent, detect, or deter unmanifested material and unauthorized personnel from gaining access to rail cars and locomotives.

Security procedures should be implemented that restrict access to the rail car and locomotive and prevent the lading of contraband while en-route from facilities in international locations to the United States.

Procedures must be in place to record and immediately report all anomalies regarding train crew personnel to U.S. Customs and Border Protection. Likewise, rail companies should investigate all suspicious activity and report it to the proper authority.

Bill of Lading/Manifesting Procedures

Procedures must be in place to ensure that the information in the carrier's cargo manifest accurately reflect the information provided to the carrier by the shipper or its agent, and is filed with CBP in a timely manner. Documentation control must include safeguarding computer access and information.

Reporting Train Crew Personnel

Identify all personnel on the train as required by CBP.

Reporting Suspicious Cargo

All instances of suspicious cargo shipments should be reported immediately to the nearest CBP port-of-entry or other nearest appropriate authority.

Physical Security

Procedures must be in place to prevent, detect, or deter unmanifested material and unauthorized personnel from gaining access to conveyance, including concealment in rail cars. Rail carriers should incorporate the following C-TPAT physical security criteria throughout their supply chains as applicable.

Fencing

Perimeter fencing should enclose areas deemed by the rail carrier to be a critical infrastructure.

Parking

Privately owned vehicles should be monitored when parked in close proximity to rolling stock that crosses the international border.

Building Structure

Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.

Lighting

Adequate lighting must be provided where appropriate, for entrances and exits.

Alarms Systems & Video Surveillance Cameras

Where appropriate, alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to rail property.

Security Training and Threat Awareness

A threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by drug smugglers and terrorists. Employees must be made aware of the procedures the rail carrier has in place to address a situation and how to report it.

Additionally, specific training should be offered to assist employees in maintaining rolling stock integrity, recognizing internal conspiracies, and protecting access controls.

• Establish an employee security awareness-training program to include procedures to recognize suspicious activity and report security concerns.
• During required on-ground safety inspections of international shipments inspect for any apparent signs of tampering, sabotage, attached explosives, and other suspicious items. Train employees to recognize suspicious activity and report security concerns found during inspections and in transit.
• Implement a policy to preclude unnecessary disclosure of sensitive information.

Information & Technology Security

Password Protection

Measures should be taken to protect electronic assets, including advising employees of the need to protect passwords and computer access. Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place.

Accountability

IT security policies, procedures, and standards must be in place to address the abuse of IT including improper access, sharing, tampering or the altering of business data. All system violators must be subject to appropriate disciplinary actions for abuse.

Rail Carrier General Items

C-TPAT Application

Instructions for submitting an online C-TPAT application are at: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/online_app/. Select "Instructions for Completing the C-TPAT Online Application."

The C-TPAT Online Application itself can be found at: 
https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

Agreement to Voluntarily Participate

The Rail Carrier Agreement to Voluntarily Participate is similar to the . The Sea Carrier Agreement can be found as part of the C-TPAT Online Application at:

https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

For More Information

For more information about C-TPAT go to: www.cbp.gov. Search for "C-TPAT for Rail Carriers."

¹C-TPAT requirements are evolving. For the latest information refer to the CBP Web site at: www.cbp.gov.

²These Rail Carrier Security Criteria became effective August 28, 2006, and are current as of October 2010.

³C-TPAT recognizes that rail carriers are common carriers and are already subject to defined security mandates created under the Department of Transportation, such as the Federal Railroad Safety Act and the Hazardous Materials Transportation Act, as well as the Customs and Border Patrol (CBP) Trade Act of 2002, Maritime Transportation Security Act, FDA 2002 Bio-Terrorism Act, and other applicable federal requirements of the TSA. It is not the intention of C-TPAT to duplicate these security requirements rather C-TPAT seeks to build upon the government security measures and industry practices already in place.

⁴For purposes of this document, the term rolling stock is used to denote locomotives and rail-cars.

C-TPAT for Highway Carriers1 
Back to C-TPAT Table of Contents

C-TPAT Security Criteria for Highway Carriers²

The supply chain for highway carriers for C-TPAT purposes is defined from point of origin from the yard or where the tractors and trailers are stored, through pickup at the manufacturer/supplier/vendor, through to the point of distribution - and recognizes the diverse business models C-TPAT members employ.

These minimum security criteria are fundamentally designed to be the building blocks for highway carriers to institute effective security practices designed to optimize supply chain performance to mitigate the risk of loss, theft, and contraband smuggling that could potentially introduce dangerous elements into the global supply chain.

On a quarterly basis, or as circumstances dictate such as during periods of heightened alert, security breach or incident, Highway carriers should routinely assess their degree of vulnerability to risk and should prescribe security measures to strengthen or adjust their security posture to prevent security breaches and internal conspiracies. The determination and scope of criminal elements targeting world commerce through internal conspiracies requires companies, and in particular, highway carriers to elevate their security practices, especially if the highway carrier has the exclusive benefit of enrollment in the Free and Secure Trade (FAST) program.

C-TPAT recognizes the complexity of international supply chains and security practices, and endorses the application and implementation of security measures based upon risk. ³ Therefore, the program allows for flexibility and the customization of security plans based on the member's business model.

Appropriate security measures, as listed throughout this document, must be implemented and maintained.

Business Partner Requirements

Highway carriers must have written and verifiable processes for the screening of business partners, including carrier's agents, sub-contracted highway carriers, and service providers, as well as screening procedures for new customers, beyond financial soundness issues to include security indicators, such as business references and professional associations.

Security Procedures

• Written procedures must exist for screening business partners, which identify specific factors or practices, the presence of which would trigger additional scrutiny by the highway carrier.
• For those business partners eligible for C-TPAT certification (importers, ports, terminals, brokers, consolidators, etc.) the highway carrier must have documentation (e.g., C-TPAT certificate, SVI number, etc.) indicating whether these business partners are or are not C-TPAT certified. Non-C-TPAT business partners may be subject to additional scrutiny by the highway carrier.
• Highway carriers should ensure that contract service providers commit to C-TPAT security recommendations through contractual agreements. For U.S. bound shipments, C-TPAT highway carriers that subcontract transportation services to other highway carriers, must use other C-TPAT approved highway carriers or carriers under direct control of the certified C-TPAT carrier through a written contract.
• Likewise, current or prospective business partners who have obtained a certification in a supply chain security program being administered by a foreign Customs Administration should be required to indicate their status of participation to the highway carrier.
• As highway carriers have the ultimate responsibility for all cargo loaded aboard their trailer or conveyance, they must communicate the importance of supply chain security and maintaining chain of custody as fundamental aspects of any company security policy.

Conveyance Security

Conveyance (tractor and trailer) integrity procedures must be maintained to protect against the introduction of unauthorized personnel and material.

Conveyance Inspection Procedures

• Using a checklist, drivers should be trained to inspect their conveyances for natural or hidden compartments. Training in conveyance searches should be adopted as part of the company's on-the-job training program.
• Conveyance inspections must be systematic and should be completed upon entering and departing from the truck yard and at the last point of loading prior to reaching the U.S. border.
• To counter internal conspiracies, supervisory personnel or a security manager, held accountable to senior management for security, should search the conveyance after the driver has conducted a search. These searches should be random, documented, based on risk, and should be conducted at the truck yard and after the truck has been loaded and en route to the U.S. border.
• Written procedures must exist which identify specific factors or practices, which may deem a shipment from a certain shipper of greater risk.
• The following systematic practices should be considered when conducting training on conveyances. Highway carriers must visually inspect all empty trailers, to include the interior of the trailer, at the truck yard and at the point of loading, if possible. The following inspection process is recommended for all trailers and tractors:

Tractors:

• Bumper/tires/rims
• Doors/tool compartments
• Battery box
• Air breather
• Fuel tanks
• Interior cab compartments/sleeper
• Faring/roof

Trailers:

• Fifth wheel area - check natural compartment/skid plate
• Exterior - front/sides
• Rear - bumper/doors
• Front wall
• Left side
• Right side
• Floor
• Ceiling/Roof
• Inside/outside doors
• Outside/Undercarriage

Trailer Security

• For all trailers in the highway carrier's custody, trailer integrity must be maintained, to protect against the introduction of unauthorized material and/or persons. Highway carriers must have procedures in place to maintain the integrity of their trailers at all times.
• It is recognized that even though a carrier may not "exercise control" over the loading of trailers and the contents of the cargo, highway carriers must be vigilant to help ensure that the merchandise is legitimate and that there is no loading of contraband at the loading dock/manufacturing facility. The highway carrier must ensure that while in transit to the border, no loading of contraband has occurred, even in regards to unforeseen vehicle stops.⁴
• Trailers must be stored in a secure area to prevent unauthorized access and/or manipulation. Procedures must be in place for reporting and neutralizing unauthorized entry into trailers, tractors or storage areas.
• The carrier must notify U.S. Customs and Border Protection of any structural changes, such as a hidden compartment, discovered in trailers, tractors or other rolling-stock equipment that crosses the border. Notification should be made immediately to CBP, and in advance of the conveyance crossing the border. Notifications can be telephonically made to CBP's Anti-Terrorism Contraband Enforcement Team (A-TCET) at the port.

Container Security

• When transporting a container or trailer for a C-TPAT importer, a high security seal that meets or exceed the current PAS ISO 17712 standards for high security seals must be utilized.

Conveyance Tracking and Monitoring Procedures

• Highway Carriers must ensure that conveyance and trailer integrity is maintained while the conveyance is en route transporting cargo to the U.S. border by utilizing a tracking and monitoring activity log or equivalent technology. If driver logs are utilized, they must reflect that trailer integrity was verified.
• Predetermined routes should be identified, and procedures should consist of random route checks along with documenting and verifying the length of time between the loading point/trailer pickup, the U.S. border, and the delivery destinations, during peak and non-peak times. Drivers should notify the dispatcher of any route delays due to weather, traffic and/or rerouting.
• Highway Carrier management must perform a documented, periodic, and unannounced verification process to ensure the logs are maintained and conveyance tracking and monitoring procedures are being followed and enforced.
• During Department of Transportation Inspections (DOT) or other physical inspections on the conveyance as required by state, local or federal law, drivers must report and document any anomalies or unusual structural modifications found on the conveyance. In addition, Highway Carrier management should perform a documented, periodic, and unannounced verification process to ensure the logs are maintained and conveyance tracking and monitoring procedures are being followed and enforced.

Trailer Seals

• The sealing of trailers, to include continuous seal integrity, are a crucial element of a secure supply chain, and remains a critical part of a carrier's commitment to C-TPAT. A high security seal must be affixed to all loaded trailers bound for the U.S. All seals must meet or exceed the current PAS ISO 17712 standards for high security seals.
• Based on risk, a high security barrier bolt seal may be applied to the door handle and/or a cable seal must be applied to the two vertical bars on the trailer doors.
• Clearly defined written procedures must stipulate how seals in the highway carrier's possession are to be controlled during transit. These written procedures should be briefed to all drivers and there should be a mechanism to ensure that these procedures are understood and are being followed. These procedures must include:
• Verifying that the seal is intact, and if it exhibits evidence of tampering along the route.
• Properly documenting the original and second seal numbers.
• Verifying that the seal number and location of the seal is the same as stated by the shipper on the shipping documents.
• If the seal is removed in-transit to the border, even by government officials, a second seal must be placed on the trailer, and the seal change must be documented.
• The driver must immediately notify the dispatcher that the seal was broken, by whom; and the number of the second seal that is placed on the trailer.
• The carrier must make immediate notification to the shipper, the customs broker and/or the importer of the placement of the second seal.

Less-than Truck Load (LTL)

• LTL carriers must use a high security padlock or similarly appropriate locking device when picking up local freight in an international LTL environment. LTL carriers must ensure strict controls to limit the access to keys or combinations that can open these padlocks.
• After the freight from the pickup and delivery run is sorted, consolidated and loaded onto a line haul carrier destined to the cross the border into the U.S., the trailer must be sealed with a high security seal which meets or exceeds the current PAS ISO 17712 standard for high security seals.
• In LTL or Pickup and Delivery (P&D) operations that do not use consolidation hubs to sort or consolidate freight prior to crossing the U.S. border, the importer and/or highway carrier must use ISO 17712 high security seals for the trailer at each stop, and to cross the border.
• Written procedures must be established to record the change in seals, as well as stipulate how the seals are controlled and distributed, and how discrepancies are noted and reported. These written procedures should be maintained at the terminal/local level.
• In the LTL and non-LTL environment, procedures should also exist for recognizing and reporting compromised seals and/or trailers to U.S. Customs and Border Protection or the appropriate foreign authority.

Physical Access Controls

Access controls prevent unauthorized entry to trucks, trailers and facilities, maintain control of employees and visitors, and protect company assets. Access controls must include the positive identification of all employees, visitors, service providers, and vendors at all points of entry. Employees and service providers should only have access to those areas of a facility where they have legitimate business.

Employees

An employee identification system must be in place for positive identification and access control purposes. Employees should only be given access to those secure areas needed for the performance of their duties. Company management or security personnel must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. keys, key cards, etc.) must be documented.

Visitors/Vendors/Service Providers

Visitors, vendors, and service providers must present photo identification for documentation purposes upon arrival, and a log must be maintained. All visitors and service providers should visibly display temporary identification.

Challenging and Removing Unauthorized Persons

Procedures must be in place to identify, challenge and address unauthorized/unidentified persons.

Personnel Security

Written and verifiable processes must be in place to screen prospective employees and to periodically check current employees.

Pre-Employment Verification

Application information, such as employment history and references must be verified prior to employment.

Background Checks/Investigations

Consistent with foreign, federal, state, and local regulations, background checks and investigations should be conducted for prospective employees. Once employed, periodic checks and reinvestigations should be performed based on cause, and/or the sensitivity of the employee's position.

Personnel Termination Procedures

Companies must have procedures in place to remove identification, facility, and system access for terminated employees.

Procedural Security

Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling, and storage of cargo in the supply chain. Procedures must be in place to prevent, detect, or deter unmanifested material and unauthorized personnel from gaining access to the conveyance including concealment in trailers.

Security procedures should be implemented that restrict access to the conveyance and prevent the lading of contraband while en-route from facilities in international locations to the United States.

Procedures must be in place to record and immediately report all anomalies regarding truck drivers to U.S. Customs and Border Protection. If local, federal, or state laws and union rules permit, conducting random screening of truck driver luggage and personal effects should occur.

Documentation Processing

Procedures must be in place to ensure that all information used in the clearance of merchandise/cargo, is legible, complete, accurate, and protected against the exchange, loss or introduction of erroneous information. Measures, such as using a locked filing cabinet, should also be taken to secure the storage of unused forms, including manifests, to prevent unauthorized use of such documentation

Document Review

Personnel should be trained to review manifests and other documents in order to identify or recognize suspicious cargo shipments that:

• Originate from or are destined to unusual locations
• Paid by cash or a certified check
• Have unusual routing methods
• Exhibit unusual shipping/receiving practices
• Provide vague, generalized or poor information

All instances of a suspicious cargo shipment should be reported immediately to the nearest U.S. Customs and Border Protection port-of-entry.

Bill of Lading/Manifesting Procedures

Bill of lading information filed with CBP should show the first foreign location/facility where the highway carrier takes possession of the cargo destined for the United States. Additionally, to help ensure the integrity of cargo received from abroad, procedures must be in place to ensure that information received from business partners is reported accurately and timely.

Cargo

Cargo must be properly marked and manifested to include accurate weight and piece count. Customs and/or other appropriate law enforcement agencies must be notified if illegal or suspicious activities are detected - as appropriate.

Physical Security

Procedures must be in place to prevent, detect, or deter unmanifested material and unauthorized personnel from gaining access to conveyance, including concealment in trailers. Cargo handling and storage facilities, trailer yards, etc., must have physical barriers and deterrents that guard against unauthorized access. Highway carriers should incorporate the following C-TPAT physical security criteria throughout their supply chains as applicable.

Fencing

Perimeter fencing should enclose the entire truck yard or terminal, especially areas where tractors, trailers and other rolling stock are parked or stored. All fencing must be regularly inspected for integrity and damage.

Gates and Gate Houses

Gates through which all vehicles and/or personnel enter or exit must be manned and/or monitored. The number of gates should be kept to the minimum necessary for proper access and safety.

Parking

Private passenger vehicles must be prohibited from parking in close proximity to parking and storage areas for tractors, trailers and other rolling stock that cross the international border.

Building Structure

Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.

Locking Devices and Key Controls

All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys, to include the locks and keys for tractors. When parked in the yard, doors to tractors should be locked and the windows should be closed to prevent unauthorized access.

Lighting

Adequate lighting must be provided inside and outside the facility including the following areas: entrances and exits, parking or storage areas for tractors, trailers, rolling stock, and fences.

Alarm Systems & Video Surveillance Cameras

Alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to vessels, cargo handling and storage areas, based on risk.

Security Training and Threat Awareness

A threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by drug smugglers and terrorists at each point in the supply chain. Employees must be made aware of the procedures the highway carrier has in place to address a situation and how to report it.

Additionally, specific training should be offered to assist employees in maintaining trailer and tractor integrity, recognizing internal conspiracies, and protecting access controls. These programs should offer incentives for active employee participation.

Information & Technology Security

Password Protection

Measures should be taken to protect electronic assets, including advising employees of the need to protect passwords and computer access. Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place and provided to employees in the form of training.

Accountability

A system must be in place to identify the abuse of IT including improper access, tampering or the altering of business data. All system violators must be subject to appropriate disciplinary actions for abuse.

FAST Transponder Controls

Transponders or any technology provided to the highway carrier by U.S. Customs and Border Protection to utilize the Free and Secure Trade (FAST) program must be protected against misuse, compromise, theft, tampering, altering or duplication.⁵

C-TPAT highway carriers must have documented procedures in place to manage the ordering, issuance, activation, and deactivation of FAST transponders. C-TPAT highway carriers are prohibited from requesting FAST transponders for any highway carrier company that is not owned and controlled by the C-TPAT approved highway carrier.

C-TPAT highway carriers are also prohibited from requesting FAST transponders for any owner-operator not under written contract to provide exclusive transportation services for the C-TPAT highway carrier.

Highway Carrier General Items

FAQs

For a list of seven Frequently Asked Questions and Answers Regarding Minimum Security Criteria for Highway Carriers" refer to: http://www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/security_....

C-TPAT Application

Instructions for submitting an online C-TPAT application are at: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/online_app/. Select "Instructions for Completing the C-TPAT Online Application."

The C-TPAT Online Application itself can be found at: 
https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

Agreement to Voluntarily Participate

The Highway Carrier Agreement to Voluntarily Participate is similar to the . The Highway Carrier Agreement can be found as part of the C-TPAT Online Application at:

https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

For More Information

For more information about C-TPAT go to: www.cbp.gov. Search for "C-TPAT for Highway Carriers."

¹ C-TPAT requirements are evolving. For the latest information refer to the CBP Web site at: www.cbp.gov.

² These security criteria for highway carriers became effective March 13, 2006 and are current as of October 2010.

³ Truck Carriers shall have a documented and verifiable process for determining risk throughout their supply chains based on their business model (i.e., volume, country of origin, routing, C-TPAT membership, potential terrorist threat via open source information, having inadequate security, past security incidents, etc.).

⁴ C-TPAT recognizes the unique situation of the cross-border cartage industry in the Laredo, Texas corridor and encourages and endorses carriers to work within the supply chain to make a reasonable effort to ensure the integrity of trailers, especially during the cross-border segment.

⁵ Any misuse of FAST technology, to include loaning FAST transponders to external carriers will result in suspension or removal from the FAST Program. FAST is a benefit based on trust and confidence.

C-TPAT for Foreign Manufacturers1 
Back to C-TPAT Table of Contents

C-TPAT Security Criteria for Foreign Manufacturers²

These minimum security criteria are fundamentally designed to be the building blocks for foreign manufacturers to institute effective security practices designed to optimize supply chain performance to mitigate the risk of loss, theft, and contraband smuggling that could potentially introduce terrorists and implements of terrorism into the global supply chain. The determination and scope of criminal elements targeting world commerce through internal conspiracies requires companies, and in particular, foreign manufacturers to elevate their security practices.

At a minimum, on a yearly basis, or as circumstances dictate such as during periods of heightened alert, security breach or incident, foreign manufacturers must conduct a comprehensive assessment of their international supply chains based upon the following C-TPAT security criteria. Where a foreign manufacturer out-sources or contracts elements of their supply chain, such as another foreign facility, warehouse, or other elements, the foreign manufacturer must work with these business partners to ensure that pertinent security measures are in place and are adhered to throughout their supply chain. The supply chain for C-TPAT purposes is defined from point of origin (manufacturer/supplier/vendor) through to point of distribution - and recognizes the diverse business models C-TPAT members employ.

C-TPAT recognizes the complexity of international supply chains and security practices, and endorses the application and implementation of security measures based upon risk.³ Therefore, the program allows for flexibility and the customization of security plans based on the member's business model.

Appropriate security measures, as listed throughout this document, must be implemented and maintained throughout the Foreign manufacturer's supply chains - based on risk.⁴

Business Partner Requirements

Foreign manufacturers must have written and verifiable processes for the selection of business partners including carriers, other manufacturers, product suppliers and vendors (parts and raw material suppliers, etc.).

Security procedures

For those business partners eligible for C-TPAT certification (carriers, importers, ports, terminals, brokers, consolidators, etc.) the foreign manufacturer must have documentation (e.g., C-TPAT certificate, SVI number, etc.) indicating whether these business partners are or are not C-TPAT certified.

For those business partners not eligible for C-TPAT certification, the foreign manufacturer must require that their business partners demonstrate that they are meeting C-TPAT security criteria via written/electronic confirmation (e.g., contractual obligations; via a letter from a senior business partner officer attesting to compliance; a written statement from the business partner demonstrating their compliance with C-TPAT security criteria or an equivalent World Customs Organization (WCO) accredited security program administered by a foreign customs authority; or, by providing a completed foreign manufacturer security questionnaire). Based upon a documented risk assessment process, non-C-TPAT eligible business partners must be subject to verification of compliance with C-TPAT security criteria by the foreign manufacturer.

Point of Origin

Foreign manufacturers must ensure that business partners develop security processes and procedures consistent with the C-TPAT security criteria to enhance the integrity of the shipment at point of origin, assembly or manufacturing. Periodic reviews of business partners' processes and facilities should be conducted based on risk, and should maintain the security standards required by the foreign manufacturer.

Participation/Certification in a Foreign Customs Administration Supply Chain Security Program

Current or prospective business partners who have obtained a certification in a supply chain security program being administered by foreign Customs Administration should be required to indicate their status of participation to the foreign manufacturer.

Security Procedures

On U.S. bound shipments, foreign manufacturers should monitor that C-TPAT carriers that subcontract transportation services to other carriers use other C-TPAT approved carriers, or non-C-TPAT carriers that are meeting the C-TPAT security criteria as outlined in the business partner requirements.

As the foreign manufacturer is responsible for loading trailers and containers, they should work with the carrier to provide reassurance that there are effective security procedures and controls implemented at the point-of-stuffing.

Container and Trailer Security

Container and trailer integrity must be maintained to protect against the introduction of unauthorized material and/or persons. At the point-of-stuffing, procedures must be in place to properly seal and maintain the integrity of the shipping containers and trailers. A high security seal must be affixed to all loaded containers and trailers bound for the U.S. All seals must meet or exceed the current PAS ISO 17712 standard for high security seals.

In those geographic areas where risk assessments warrant checking containers or trailers for human concealment or smuggling, such procedures should be designed to address this risk at the manufacturing facility or point-of-stuffing.

Container Inspection

Procedures must be in place to verify the physical integrity of the container structure prior to stuffing, to include the reliability of the locking mechanisms of the doors. A seven-point inspection process is recommended for all containers:

• Front wall
• Left side
• Right side
• Floor
• Ceiling/Roof
• Inside/outside doors
• Outside/Undercarriage

Trailer Inspection

Procedures must be in place to verify the physical integrity of the trailer structure prior to stuffing, to include the reliability of the locking mechanisms of the doors. The following five-point inspection process is recommended for all trailers:

• Fifth wheel area - check natural compartment/skid plate
• Exterior - front/sides
• Rear - bumper/doors
• Front wall
• Left side

Container and Trailer Seals

The sealing of trailers and containers, to include continuous seal integrity, are crucial elements of a secure supply chain, and remains a critical part of a foreign manufacturers' commitment to C-TPAT. The foreign manufacturer must affix a high security seal to all loaded trailers and containers bound for the U.S. All seals must meet or exceed the current PAS ISO 17712 standards for high security seals.

Written procedures must stipulate how seals are to be controlled and affixed to loaded containers and trailers, to include procedures for recognizing and reporting compromised seals and/or containers/trailers to US Customs and Border Protection or the appropriate foreign authority. Only designated employees should distribute seals for integrity purposes.

Container and Trailer Storage

Containers and trailers under foreign manufacturer control or located in a facility of the foreign manufacturer must be stored in a secure area to prevent unauthorized access and/or manipulation. Procedures must be in place for reporting and neutralizing unauthorized entry into containers/trailers or container/trailer storage areas.

Physical Access Controls

Access controls prevent unauthorized entry to facilities, maintain control of employees and visitors, and protect company assets. Access controls must include the positive identification of all employees, visitors, and vendors at all points of entry.

Employees

An employee identification system must be in place for positive identification and access control purposes. Employees should only be given access to those secure areas needed for the performance of their duties. Company management or security personnel must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. keys, key cards, etc.) must be documented.

Visitors

Visitors must present photo identification for documentation purposes upon arrival. All visitors should be escorted and should visibly display temporary identification.

Deliveries (including mail)

Proper vendor ID and/or photo identification must be presented for documentation purposes upon arrival by all vendors. Arriving packages and mail should be periodically screened before being disseminated.

Challenging and Removing Unauthorized Persons

Procedures must be in place to identify, challenge and address unauthorized/unidentified persons.

Personnel Security

Processes must be in place to screen prospective employees and to periodically check current employees.

Pre-Employment Verification

Application information, such as employment history and references must be verified prior to employment.

Background Checks / Investigations

Consistent with foreign regulations, background checks and investigations should be conducted for prospective employees. Once employed, periodic checks and reinvestigations should be performed based on cause, and/or the sensitivity of the employee's position.

Personnel Termination Procedures

Companies must have procedures in place to remove identification, facility, and system access for terminated employees.

Procedural Security

Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling, and storage of cargo in the supply chain.

Documentation Processing

Procedures must be in place to ensure that all information used in the clearing of merchandise/cargo, is legible, complete, accurate, and protected against the exchange, loss or introduction of erroneous information. Documentation control must include safeguarding computer access and information.

Manifesting Procedures

To help ensure the integrity of cargo, procedures must be in place to ensure that information received from business partners is reported accurately and timely.

Shipping and Receiving

Departing cargo being shipped should be reconciled against information on the cargo manifest. The cargo should be accurately described, and the weights, labels, marks and piece count indicated and verified. Departing cargo should be verified against purchase or delivery orders. Drivers delivering or receiving cargo must be positively identified before cargo is received or released. Procedures should also be established to track the timely movement of incoming and outgoing goods.

Cargo Discrepancies

All shortages, overages, and other significant discrepancies or anomalies must be resolved and/or investigated appropriately. Customs and/or other appropriate law enforcement agencies must be notified if anomalies, illegal or suspicious activities are detected - as appropriate.

Physical Security

Cargo handling and storage facilities in international locations must have physical barriers and deterrents that guard against unauthorized access. Foreign manufacturer should incorporate the following C-TPAT physical security criteria throughout their supply chains as applicable.

Fencing

Perimeter fencing should enclose the areas around cargo handling and storage facilities. Interior fencing within a cargo handling structure should be used to segregate domestic, international, high value, and hazardous cargo. All fencing must be regularly inspected for integrity and damage.

Gates and Gate Houses

Gates through which vehicles and/or personnel enter or exit must be manned and/or monitored. The number of gates should be kept to the minimum necessary for proper access and safety.

Parking

Private passenger vehicles should be prohibited from parking in or adjacent to cargo handling and storage areas.

Building Structure

Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.

Locking Devices and Key Controls

All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys.

Lighting

Adequate lighting must be provided inside and outside the facility including the following areas: entrances and exits, cargo handling and storage areas, fence lines and parking areas.

Alarms Systems and Video Surveillance Cameras

Alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to cargo handling and storage areas.

Information Technology Security

Password Protection

Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place and provided to employees in the form of training.

Accountability

A system must be in place to identify the abuse of IT including improper access, tampering or the altering of business data. All system violators must be subject to appropriate disciplinary actions for abuse.

Security Training and Threat Awareness

A threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by terrorists and contraband smugglers at each point in the supply chain. Employees must be made aware of the procedures the company has in place to address a situation and how to report it. Additional training should be provided to employees in the shipping and receiving areas, as well as those receiving and opening mail.

Additionally, specific training should be offered to assist employees in maintaining cargo integrity, recognizing internal conspiracies, and protecting access controls. These programs should offer incentives for active employee participation.

Foreign Manufacturers General Items

C-TPAT Application

Instructions for submitting an online C-TPAT application are at: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/online_app/. Select "Instructions for Completing the C-TPAT Online Application."

The C-TPAT Online Application itself can be found at: 
https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

Agreement to Voluntarily Participate

The Foreign Manufacturer Agreement to Voluntarily Participate is similar to the . The Sea Carrier Agreement can be found as part of the C-TPAT Online Application at:

https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

For More Information

For more information about C-TPAT go to: www.cbp.gov. Search for "C-TPAT for Foreign Manufacturers."

¹ C-TPAT requirements are evolving. For the latest information refer to the CBP Web site at: www.cbp.gov.

² These security criteria for foreign manufacturers become effective August 29, 2006 and are current as of October 2010.

³ Foreign manufacturers shall have a documented and verifiable process for determining risk throughout their supply chains based on their business model (i.e., volume, country of origin, routing, C-TPAT membership, potential terrorist threat via open source information, having inadequate security, past security incidents, etc.).

⁴Foreign manufacturer shall have a documented and verifiable process for determining risk throughout their supply chains based on their business model (i.e., volume, country of origin, routing, potential terrorist threat via open source information, etc.).

C-TPAT for Air Carriers1 
Back to C-TPAT Table of Contents

C-TPAT Security Guidelines for Air Carriers²

C-TPAT Qualifications for Air Carriers

Active Air Carrier transporting cargo shipments to the U.S.

1. Have an active Airline Code registered with CBP.
2. Possess a valid continuous international carrier bond registered with CBP.
3. Have a designated company officer that will be the primary cargo security officer responsible for C-TPAT.
4. Commit to maintaining C-TPAT Security Guidelines for Air Carriers.
5. Create and provide CBP with a C-TPAT supply chain security profile, which identifies how the Air Carrier will meet, maintain and enhance internal policy to meet the C-TPAT Security Guidelines for Air Carriers.

C-TPAT Security Guidelines for Air Carriers

Air Carriers must conduct a comprehensive assessment of their international supply chains based upon the following C-TPAT security guidelines. Where an Air Carrier outsources or contracts elements of their supply chain, such as a conveyance, foreign facility, domestic warehouse, or other elements, the Air Carrier must work with these business partners to ensure that pertinent security measures are in place and adhered to throughout their supply chain. The supply chain for C-TPAT purposes is defined from point of origin (manufacturer/supplier/vendor) through to point of distribution and recognizes the diverse business models C-TPAT members employ.

C-TPAT recognizes the complexity of international supply chains and endorses the application and implementation of security measures based upon risk analysis. Therefore, the program allows for flexibility and the customization of security plans based on the member's business model.

As listed throughout this document appropriate security measures, based on risk, must be implemented and maintained throughout the Air Carrier's supply chains.

Conveyance Security

Aircraft integrity must be maintained to protect against the introduction of unauthorized personnel and material. Conveyance security procedures must include the physical search of all readily accessible areas, securing all internal/external compartments and panels and reporting cases in which unmanifested materials or signs of tampering are discovered.

Business Partner Requirements

Air Carriers must have written and verifiable processes for the screening and selection of business partners including customers, contractors, and vendors. Ensure that contracted service provider companies who provide security, transportation, and cargo handling services commit to C-TPAT Security Guidelines. Periodically review the performance of the service providers to detect weakness or potential weaknesses in security.

C-TPAT Business Partners

For those business partners eligible for C-TPAT certification (cross border carriers, U.S. ports, terminals, importers, brokers, consolidators, etc.) the C-TPAT Air Carrier must have documentation (e.g., C-TPAT certificate, SVI number, etc.) indicating the business partners are C-TPAT certified.

Business Partners Not Eligible for C-TPAT

For those business partners not eligible for C-TPAT certification, C-TPAT Air Carriers must require their business partners to demonstrate that they are meeting C-TPAT security guidelines via written/electronic confirmation (e.g., contractual obligations; via a letter from a senior business partner officer attesting to compliance; or a written statement demonstrating their compliance with C-TPAT security guidelines or an equivalent World Customs Organization (WCO) accredited security program administered by a foreign customs authority; or, by providing a completed security questionnaire). Based upon a documented risk assessment process, non-C-TPAT eligible business partners must be subject to verification of compliance with C-TPAT security guidelines by the C-TPAT Air Carrier.

Security Procedures

Point of Origin

C-TPAT Air Carriers must ensure business partners develop security processes and procedures consistent with the C-TPAT security guidelines to enhance the integrity of the shipment at point of origin. Periodic reviews of business partners' processes and facilities should be conducted based on risk and should maintain the security standards required by the U.S./Mexico Air Carrier.

Participation/Certification in Foreign Customs Administrations Supply Chain Security Programs

Current or prospective business partners who have obtained a certification in a supply chain security program being administered by foreign Customs Administration should be required to indicate their status of participation to the C-TPAT Air Carrier.

Service Provider Screening and Selection Procedures

The C-TPAT Air carrier should have documented service provider screening and selection procedures to screen the contracted service provider for validity, financial soundness, ability to meet contractual security requirements, and the ability to identify and correct security deficiencies as needed. Service Provider procedures should utilize a risk-based process as determined by an internal management team.

Customer Screening Procedures

The C-TPAT Air Carrier should have documented procedures to screen prospective customers for validity, financial soundness, the ability to meet contractual security requirements, and the ability to identify and correct security deficiencies as needed. Customer screening procedures should utilize a risk-based process as determined by an internal management team.

Container Security

Cargo container integrity must be maintained to protect against the introduction of unauthorized material and/or persons. At point of stuffing, procedures must be in place to verify cargo containers are properly secured.

Container Inspection

Procedures must be in place to verify the physical integrity of the cargo containers prior to stuffing. An inspection process is recommended for all containers:

• Top
• Bottom
• Inside
• Outside

Physical Access Controls

Access controls prevent unauthorized entry to facilities, maintain control of employees and visitors, and protect company assets. Access controls must include the positive identification of all employees, visitors and vendors at all points of entry.

Employees

An employee identification system must be in place for positive identification and access control to its aircraft, both abroad and in the United States. Employees should only be given access to those secure areas needed for the performance of their duties. Company management or security personnel must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. keys, key cards, etc.) must be documented.

Visitors Controls

Visitors must present photo identification for documentation purposes upon arrival. All visitors should be escorted and visibly display temporary identification.

Deliveries (including mail)

Proper vendor ID and/or photo identification must be presented for documentation purposes upon arrival by all vendors. Arriving packages and mail should be periodically screened before being disseminated.

Challenging and Removing Unauthorized Persons

Procedures must be in place to identify, challenge and address unauthorized/unidentified persons.

Personnel Security

Processes must be in place to screen prospective employees and to periodically check current employees. Maintain a current permanent employee list (foreign and domestic), which includes the name, date of birth, national identification number or social security number, position held and submit such information to CBP upon written request, to the extent permitted by law.

Pre-Employment Verification

Application information, such as employment history and references must be verified prior to employment.

Background Checks / Investigations

Consistent with foreign, federal, state and local regulations, background checks and investigations should be conducted for prospective employees. Periodic checks and reinvestigations should be performed based on cause and/or the sensitivity of the employee's position.

Personnel Termination Procedures

Companies must have procedures in place to remove identification; facility and system access for terminated employees.

Procedural Security

Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling and storage of cargo in the supply chain. Implement a Positive Baggage Identification Match (PBIM) program. The Carrier's SOP will describe in detail a plan to ensure that all checked baggage has an accompanying passenger checked in and boarded onto the aircraft. Maintain constant control of all baggage from the check-in point to the aircraft and from the aircraft to the CBP baggage examination area.

Documentation Processing

Procedures must be in place to ensure that all documentation used in the clearing of merchandise/cargo is legible, complete, accurate and protected against the exchange, loss or introduction of erroneous information. Documentation control must include safeguarding computer access and information.

Manifesting Procedures

To help ensure the integrity of cargo received from abroad, procedures must be in place to ensure that information received from business partners is reported accurately and timely. Ensure that all air waybills and other documentation submitted for cargo is complete and a system in place to verify the accuracy of the weight, marks and quantity of the cargo received for shipment. Participate in the Advanced Passenger Information System (APIS) and the air Automated Manifest System (AMS).

Shipping & Receiving

Arriving cargo should be reconciled against information on the cargo manifest. The cargo should be accurately described, weighed, labeled, marked, counted and verified. Departing cargo should be checked against purchase or delivery orders. Drivers delivering or receiving cargo must be positively identified before cargo is received or released.

Cargo Discrepancies

All shortages, overages and other significant discrepancies or anomalies must be resolved and/or investigated appropriately. CBP and/or other appropriate law enforcement agencies must be notified if illegal or suspicious activities are detected.

Security Training and Threat Awareness

A threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by terrorists at each point in the supply chain. Employees must be made aware of the procedures the company has in place to address a situation and how to report it. Additional training should be provided to employees in the shipping and receiving areas, as well as those receiving and opening mail.

Additionally, specific training should be offered to assist employees in maintaining cargo integrity, recognizing internal conspiracies and protecting access controls. These programs should offer incentives for active employee participation. Conduct periodic unannounced security checks to ensure that all procedures are being performed in accordance with defined guidelines.

Physical Security

Cargo handling and storage facilities in domestic and foreign locations must have physical barriers and deterrents that guard against unauthorized access. Air Carriers should incorporate the following C-TPAT physical security guidelines throughout their supply chains as applicable.

Fencing

Perimeter fencing should enclose the areas around cargo handling and storage facilities. Interior fencing within a cargo handling structure should be used to segregate domestic, international, high value and hazardous cargo. All fencing must be regularly inspected for integrity and damage.

Gates and Gate Houses

Gates through which vehicles and/or personnel enter or exit must be manned and/or monitored. The number of gates should be kept to the minimum necessary for proper access and safety.

Parking

Private passenger vehicles should be prohibited from parking in or adjacent to cargo handling and storage areas.

Building Structure

Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.

Locking Devices and Key Controls

All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys.

Lighting

Adequate lighting must be provided inside and outside the facility including the following areas: entrances and exits, cargo handling and storage areas, fence lines and parking areas.

Alarms Systems & Video Surveillance Cameras

Alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to cargo handling and storage areas.

Information Technology Security

Information Technology (IT) integrity must be maintained to protect data from unauthorized access or manipulation.

Password Protection

Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place and provided to employees in the form of training.

Accountability

A system must be in place to identify the abuse of IT including improper access, tampering or the altering of business data. All system violators must be subject to appropriate disciplinary actions for abuse.

Air Carrier General Items

C-TPAT Application

Instructions for submitting an online C-TPAT application are at: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/online_app/. Select "Instructions for Completing the C-TPAT Online Application."

The C-TPAT Online Application itself can be found at: 
https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

Agreement to Voluntarily Participate

The Air Carrier Agreement to Voluntarily Participate is similar to the . The Highway Carrier Agreement can be found as part of the C-TPAT Online Application at:

https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

For More Information

For more information about C-TPAT go to: www.cbp.gov. Search for "C-TPAT for Air Carriers."

¹C-TPAT requirements are evolving. For the latest information refer to the CBP Web site at: www.cbp.gov.

² These security guidelines for Air Carriers became effective April 24, 2006 and are current as of October 2010.

C-TPAT for Air Freight Consolidators2 
Back to C-TPAT Table of Contents

Ocean Transportation Intermediaries and NVOCCs²

C-TPAT Security Guidelines for Air Freigh Consolidators, Ocean Transport Intermediaries and Non_vessel Operating Common Carriers (NVOCC)

C-TPAT Qualifications for Air Freight Consolidators, Ocean Transportation Intermediaries and Non-Vessel Operating Common Carriers (NVOCC)

Be an active Air Freight Consolidator, Ocean Transportation Intermediary or Non-Vessel Operating Common Carrier (NVOCC).

1. Have a business office staffed in the U.S.
2. If applicable, have an active Federal Maritime Commission (FMC) issued Organization Number or an International Air Transport Association (IATA) issued Organization Number in the following format.
3. ###### FMC Organization Number
4. ###### IATA Organization Number
5. Possess a valid continuous international carrier bond and/or in bond/export consolidator bond (IBEC) registered with CBP.
6. Have a designated company officer that will be the primary cargo security officer responsible for C-TPAT.
7. Commit to maintaining C-TPAT supply chain security guidelines as outlined in the C-TPAT consolidator agreement.
8. Create and provide CBP with a C-TPAT supply chain security profile, which identifies how the consolidator will meet, maintain and enhance internal policy to meet the C-TPAT consolidator security guidelines.

C-TPAT Security Guidelines for Consolidators

Consolidators must conduct a comprehensive assessment of their international supply chains based upon the following C-TPAT security guidelines. Where a consolidator out sources or contracts elements of their supply chain, such as a foreign facility, conveyance, domestic warehouse, or other elements, the consolidator must work with these business partners to ensure that pertinent security measures are in place and adhered to throughout their supply chain. The supply chain for C-TPAT purposes is defined from point of origin (manufacturer/supplier/vendor) through to point of distribution and recognizes the diverse business models C-TPAT members employ.

C-TPAT recognizes the complexity of international supply chains and endorses the application and implementation of security measures based upon risk analysis. Therefore, the program allows for flexibility and the customization of security plans based on the member's business model.

Appropriate security measures, as listed throughout this document, must be implemented and maintained throughout the consolidator's supply chains.

Business Partner Requirements

Consolidators must have written and verifiable processes for the screening and selection of business partners including foreign consolidators, customers, contractors, carriers, and vendors. Ensure that contracted service provider companies who provide transportation, cargo handling, and security services commit to C-TPAT Security Guidelines. Periodically review the performance of the service providers to detect weakness or potential weaknesses in security.

Security Procedures

Point of Origin

C-TPAT Consolidators must ensure business partners develop security processes and procedures consistent with the C-TPAT security guidelines to enhance the integrity of the shipment at point of origin. Periodic reviews of business partners' processes and facilities should be conducted based on risk and should maintain the security standards required by the Consolidator.

Participation/Certification in Foreign Customs Administrations Supply Chain Security Programs

Current or prospective business partners who have obtained a certification in a supply chain security program being administered by foreign Customs Administration should be required to indicate their status of participation to the C-TPAT Consolidator.

Service Provider Screening and Selection Procedures

The C-TPAT Consolidator should have documented service provider screening and selection procedures to screen the contracted service provider for validity, financial soundness, ability to meet contractual security requirements, and the ability to identify and correct security deficiencies as needed. Service Provider procedures should utilize a risk-based process as determined by an internal management team.

Customer Screening Procedures

The C-TPAT Consolidator should have documented procedures to screen prospective customers for validity, financial soundness, the ability of meeting contractual security requirements, and the ability to identify and correct security deficiencies as needed. Customer screening procedures should utilize a risk-based process as determined by an internal management team.

Container Security

Consolidators should ensure that all contracted service providers have procedures in place to maintain container integrity. Container integrity must be maintained to protect against the introduction of unauthorized material and/or persons. At point of stuffing, procedures must be in place to properly seal and maintain the integrity of the shipping containers. A high security seal must be affixed to all loaded C-TPAT importer containers bound for the U.S. All seals must meet or exceed the current PAS ISO 17712 standards for high security seals.

Container Inspection

Procedures must be in place to verify the physical integrity of the container structure prior to stuffing, to include the reliability of the locking mechanisms of the doors. A seven-point inspection process is recommended for all containers:

• Front wall
• Left side
• Right side
• Ceiling/Roof
• Inside/Outside doors
• Outside/Undercarriage

Container Seals

Written procedures must stipulate how seals are to be controlled and affixed to loaded containers. Procedures must be in place for recognizing and reporting compromised seals and/or containers to U.S. Customs and Border Protection or the appropriate foreign authority. Only designated employees should distribute container seals for integrity purposes.

Container Storage

Containers must be stored in a secure area to prevent unauthorized access and/or manipulation. Procedures must be in place for reporting and neutralizing unauthorized entry into containers or container storage areas.

Physical Access Controls

Access controls prevent unauthorized entry to facilities, maintain control of employees and visitors and protect company assets. Access controls must include the positive identification of all employees, visitors and vendors at all points of entry.

Employees

An employee identification system must be in place for positive identification and access control purposes. Employees should only be given access to those secure areas needed for the performance of their duties. Company management or security personnel must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. keys, key cards, etc.) must be documented.

Visitors Controls

Visitors must present photo identification for documentation purposes upon arrival. All visitors should be escorted and visibly display temporary identification.

Deliveries (including mail)

Proper vendor ID and/or photo identification must be presented for documentation purposes upon arrival by all vendors. Arriving packages and mail should be periodically screened before being disseminated.

Challenging and Removing Unauthorized Persons

Procedures must be in place to identify, challenge and address unauthorized/unidentified persons.

Personnel Security

Processes must be in place to screen prospective employees and to periodically check current employees. Maintain a current permanent employee list (foreign and domestic), which includes the name, date of birth, national identification number or social security number, position held and submit such information to CBP upon written request, to the extent permitted by law.

Pre-Employment Verification

Application information, such as employment history and references must be verified prior to employment.

Background Checks / Investigations

Consistent with foreign, federal, state and local regulations, background checks and investigations should be conducted for prospective employees. Periodic checks and reinvestigations should be performed based on cause and/or the sensitivity of the employee's position.

Personnel Termination Procedures

Companies must have procedures in place to remove identification; facility and system access for terminated employees.

Procedural Security

Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling and storage of cargo in the supply chain.

Documentation Processing

Procedures must be in place to ensure that all documentation used in the movement of merchandise/cargo is legible, complete, accurate and protected against the exchange, loss or introduction of erroneous information. Documentation control must include safeguarding computer access and information.

Manifesting Procedures

To help ensure the integrity of cargo received from abroad, procedures must be in place to ensure that information received from business partners is reported accurately and timely.

Shipping & Receiving

Arriving cargo should be reconciled against information on the cargo manifest. The cargo should be accurately described, weighed, labeled, marked, counted and verified. Departing cargo should be checked against purchase or delivery orders. Drivers delivering or receiving cargo must be positively identified before cargo is received or released.

Cargo Discrepancies

All shortages, overages and other significant discrepancies or anomalies must be resolved and/or investigated appropriately. CBP and/or other appropriate law enforcement agencies must be notified if illegal or suspicious activities are detected.

Security Training and Threat Awareness

A threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by terrorists at each point in the supply chain. Employees must be made aware of the procedures the company has in place to address a situation and how to report it. Additional training should be provided to employees in the shipping and receiving areas, as well as those receiving and opening mail.

Additionally, specific training should be offered to assist employees in maintaining cargo integrity, recognizing internal conspiracies and protecting access controls. These programs should offer incentives for active employee participation.

Physical Security

Cargo handling and storage facilities in domestic and foreign locations must have physical barriers and deterrents that guard against unauthorized access. Consolidators should incorporate the following C-TPAT physical security guidelines throughout their supply chains as applicable.

Fencing

Perimeter fencing should enclose the areas around cargo handling and storage facilities. Interior fencing within a cargo handling structure should be used to segregate domestic, international, high value and hazardous cargo. All fencing must be regularly inspected for integrity and damage.

Gates Gate Houses

Gates through which vehicles and/or personnel enter or exit must be manned and/or monitored. The number of gates should be kept to the minimum necessary for proper access and safety.

Parking

Private passenger vehicles should be prohibited from parking in or adjacent to cargo handling and storage areas.

Building Structure

Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.

Locking Devices and Key Controls

All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys.

Lighting

Adequate lighting must be provided inside and outside the facility including the following areas: entrances and exits, cargo handling, storage areas, fence lines and parking areas.

Alarms Systems & Video Surveillance Cameras

Alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to cargo handling and storage areas.

Information Technology Security

Information Technology (IT) integrity must be maintained to protect data from unauthorized access or manipulation.

Password Protection

Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place and provided to employees in the form of training.

Accountability

A system must be in place to identify the abuse of IT including improper access, tampering or the altering of business data. All system violators must be subject to appropriate disciplinary actions for abuse.

Air Freight Consolidators General Items

C-TPAT Application

Instructions for submitting an online C-TPAT application are at: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/online_app/. Select "Instructions for Completing the C-TPAT Online Application."

The C-TPAT Online Application itself can be found at: 
https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

Agreement to Voluntarily Participate

The Air Freight Consolidator Agreement to Voluntarily Participate is similar to the . The Highway Carrier Agreement can be found as part of the C-TPAT Online Application at:

https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

For More Information

For more information about C-TPAT go to: www.cbp.gov. Search for "C-TPAT for Air Freight Consolidators."

¹ C-TPAT requirements are evolving. For the latest information refer to the CBP Web site at: www.cbp.gov.

² These security guidelines for Air Freight Consolidators, Ocean Transport Intermediaries and Non-Vessel Operating Common Carriers (NVOCCs) became effective April 24, 2006 and are current as of October 2010.

xxxxxxxxxxx

C-TPAT for Licensed Customs Brokers1 
Back to C-TPAT Table of Contents

C-TPAT Security Guidelines for Licensed U.S. Customs Brokers²

C-TPAT Application Qualifications for Brokers

1. Be an active U.S. Licensed Customs Broker.
2. Have a business office staffed in the US.
3. Have an active U.S. Customs Broker's License and Filer Code of record ID(s) in either of the following formats:

##### Customs Broker's License Serial Number 
### Filer Code

4. Have a designated company officer that will be the primary cargo security officer responsible for C-TPAT.
5. Commit to maintaining CBP's C-TPAT Security Guidelines for Brokers.
6. Create and provide CBP with a C-TPAT supply chain security profile, which identifies how the broker will meet, maintain and enhance internal policy to meet the C-TPAT Security Guidelines for Brokers.

Penalties For The Providing of False Information

The failure to provide true, accurate and complete information in an application may result in denial of this application. Severe penalties are provided by law for knowingly and willfully falsifying or concealing a material fact or using any false document in submitting this application. If you are found in violation of the terms and conditions of this program, we may cancel your privileges and you may be subject to fines, penalties and criminal charges.

C-TPAT Security Guidelines for Brokers

Brokers must conduct a comprehensive assessment of their international supply chains based upon the following C-TPAT security guidelines. Where a broker outsources or contracts elements of their supply chain, such as a foreign facility, conveyance, domestic warehouse, or other elements, the broker must work with these business partners to ensure that pertinent security measures are in place and adhered to throughout their supply chain. The supply chain for C-TPAT purposes is defined from point of origin (manufacturer/supplier/vendor) through to point of distribution and recognizes the diverse business models C-TPAT members employ.

C-TPAT recognizes the complexity of international supply chains and endorses the application and implementation of security measures based upon risk analysis. Therefore, the program allows for flexibility and the customization of security plans based on the member's business model.

As listed throughout this document appropriate security measures, based on risk, must be implemented and maintained throughout the broker's supply chains.

Business Partner Requirements

Brokers must have written and verifiable processes for the screening selection of business partners including customers, contractors, carriers, and vendors. Ensure that contract companies who provide transportation, security, and cargo handling related services commit to C-TPAT Security Guidelines. Periodically review the performance of the service providers to detect weakness or potential weaknesses in security.

Security Procedures

Service Provider Screening and Selection Procedures

The C-TPAT Broker should have documented service provider screening and selection procedures to screen the contracted service provider for validity, financial soundness, ability to meet contractual security requirements, and the ability to identify and correct security deficiencies as needed. Service Provider procedures should utilize a risk-based process as determined by an internal management team.

Customer Screening Procedures

The C-TPAT Broker should have documented procedures to screen prospective customers for validity, financial soundness, the ability to meet contractual security requirements, and the ability to identify and correct security deficiencies as needed. Customer screening procedures should utilize a risk-based process as determined by an internal management team.

Physical Access Controls

Access controls prevent unauthorized entry to facilities, maintain control of employees and visitors and protect company assets. Access controls must include the positive identification of all employees, visitors and vendors at all points of entry.

Employees

An employee identification system must be in place for positive identification and access control purposes. Employees should only be given access to those secure areas needed for the performance of their duties. Company management or security personnel must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. keys, key cards, etc.) must be documented.

Visitors Controls

Visitors must present photo identification for documentation purposes upon arrival. All visitors should be escorted and visibly display temporary identification.

Deliveries (including mail)

Proper vendor ID and/or photo identification must be presented for documentation purposes upon arrival by all vendors. Arriving packages and mail should be periodically screened before being disseminated.

Challenging and Removing Unauthorized Persons

Procedures must be in place to identify, challenge and address unauthorized/unidentified persons.

Personnel Security

Processes must be in place to screen prospective employees and to periodically check current employees. Maintain a current permanent employee list (foreign and domestic), which includes the name, date of birth, national identification number or social security number, position held and submit such information to CBP upon written request, to the extent permitted by law.

Pre-Employment Verification

Application information, such as employment history and references must be verified prior to employment.

Background Checks / Investigations

Consistent with foreign, federal, state and local regulations, background checks and investigations should be conducted for prospective employees. Periodic checks and reinvestigations should be performed based on cause and/or the sensitivity of the employee's position.

Personnel Termination Procedures

Companies must have procedures in place to remove identification; facility and system access for terminated employees.

Procedural Security

Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling and storage of cargo in the supply chain.

Documentation Processing

Procedures must be in place to ensure that all documentation used in the clearing of merchandise/cargo is legible, complete, accurate and protected against the exchange, loss or introduction of erroneous information. Documentation control must include safeguarding computer access and information.

Manifesting Procedures

To help ensure the integrity of cargo received from abroad, procedures must be in place to ensure that information received from business partners is reported accurately and timely.

Cargo Discrepancies

All shortages, overages and other significant discrepancies or anomalies must be resolved and/or investigated appropriately. CBP and/or other appropriate law enforcement agencies must be notified if illegal or suspicious activities are detected.

Security Training and Threat Awareness

A threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by terrorists at each point in the supply chain. Employees must be made aware of the procedures the company has in place to address a situation and how to report it. Additional training should be provided to employees in sensitive areas.

Additionally, specific training should be offered to assist employees in recognizing internal conspiracies and protecting access controls. These programs should offer incentives for active employee participation.

Physical Security

Brokers should incorporate the following C-TPAT physical security guidelines throughout their facilities as applicable.

Building Structure

Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.

Locking Devices and Key Controls

All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys.

Lighting

Adequate lighting must be provided inside and outside the facility including the following areas: entrances and exits, fence lines and parking areas.

Alarms Systems & Video Surveillance Cameras

Alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to cargo handling and storage areas.

Information Technology Security

Information Technology (IT) integrity must be maintained to protect data from unauthorized access or manipulation.

Password Protection

Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place and provided to employees in the form of training.

Accountability

A system must be in place to identify the abuse of IT including improper access, tampering or the altering of business data. All system violators must be subject to appropriate disciplinary actions for abuse.

Licensed Customs Broker General Items

C-TPAT Application

Instructions for submitting an online C-TPAT application are at: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/online_app/. Select "Instructions for Completing the C-TPAT Online Application."

The C-TPAT Online Application itself can be found at: 
https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

Agreement to Voluntarily Participate

The Licensed Customs Broker Agreement to Voluntarily Participate is similar to the . The Highway Carrier Agreement can be found as part of the C-TPAT Online Application at:

https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

For More Information

For more information about C-TPAT go to: www.cbp.gov. Search for "C-TPAT for Licensed Customs Brokers."

¹ C-TPAT requirements are evolving. For the latest information refer to the CBP Web site at: www.cbp.gov.

² These security guidelines for Licensed Customs Brokers become effective April 24, 2006 and are current as of October 2010.

C-TPAT for U.S. Marine or Port Terminal 1 
Back to C-TPAT Table of Contents

C-TPAT Security Guidelines for 
U.S. Marine or Port Terminal Operators²

C-TPAT Qualifications for U.S. Marine or Port Terminal Operators

Be an active U.S. Marine or Port Terminal Operator.

1. Have a business office staffed in the U.S.
2. Have an active Federal Maritime Commission (FMC) Marine Terminal Operator (MTO) Number:
3. ###### FMC MTO Number (6 digits)
4. Have a designated company officer that will be the primary cargo security officer responsible for C-TPAT.
5. Commit to maintaining CBP's C-TPAT supply chain security guidelines as outlined in the C-TPAT U.S. Marine or Port Terminal Operator agreement.
6. Create and provide CBP with a C-TPAT supply chain security profile, which identifies how the U.S. Marine or Port Terminal Operator will meet, maintain and enhance internal policy to meet the C-TPAT U.S. Marine or Port Terminal Operator security guidelines.

C-TPAT Security Guidelines for U.S. Marine or Port Terminal Operators

U.S. Marine or Port Terminal Operators must conduct a comprehensive assessment of their international supply chains based upon the following C-TPAT security guidelines. Where a U.S. Marine or Port Terminal Operator outsources or contracts elements of their supply chain, such as a conveyance, foreign facility, domestic warehouse or other elements, the U.S. Marine or Port Terminal Operator must work with these business partners to ensure that pertinent security measures are in place and adhered to throughout their supply chain. The supply chain for C-TPAT purposes is defined from point of origin (manufacturer/supplier/vendor) through to point of distribution and recognizes the diverse business models C-TPAT members employ.

C-TPAT recognizes the complexity of international supply chains and endorses the application and implementation of security measures based upon risk analysis. Therefore, the program allows for flexibility and the customization of security plans based on the member's business model.

As listed throughout this document appropriate security measures, based on risk, must be implemented and maintained throughout the U.S. Marine or Port Terminal Operator's supply chains.

Conveyance Security

Conveyance/vessel integrity must be maintained to protect against the introduction of unauthorized personnel and material. Conveyance/vessel security procedures must include the physical search of all readily accessible areas, securing all internal/external compartments, panels and reporting cases in which unmanifested materials, or signs of tampering are discovered. Prior to arrival at first U.S. port, search the vessel, prepare a vessel search checklist and secure all areas as appropriate. While at port, the pier and waterside of vessel must be adequately illuminated. Limit shore employees and service providers to those areas of the vessel where they have legitimate business.

Business Partner Requirements

U.S. Marine or Port Terminal Operators must have written and verifiable processes for the screening and selection of business partners including customers, contractors, and vendors. Ensure that contracted service provider companies who provide security, transportation, and cargo handling services commit to C-TPAT Security Guidelines. Periodically review the performance of the service providers to detect weakness or potential weaknesses in security.

Security Procedures

Service Provider Screening and Selection Procedures

The C-TPAT U.S. Marine or Port Terminal Operators should have documented service provider screening and selection procedures to screen the contracted service provider for validity, financial soundness, ability to meet contractual security requirements, and the ability to identify and correct security deficiencies as needed. Service Provider procedures should utilize a risk-based process as determined by an internal management team.

Customer Screening Procedures

The C-TPAT U.S. Marine or Port Terminal Operators should have documented procedures to screen prospective customers for validity, financial soundness, ability of meeting contractual security requirements, and the ability to identify and correct security deficiencies as needed. Customer screening procedures should utilize a risk-based process as determined by an internal management team.

Container Security

Container integrity should be verified to check for the introduction of unauthorized material and/or persons.

Container Inspection

Procedures must be in place to verify the physical integrity of the cargo container structure prior to loading, to include the reliability of the locking mechanisms of the doors. An inspection process is recommended for all full and empty containers:

• Full:
• Left side
• Right side
• Roof
• Outside doors, hinges, hasps
• Undercarriage
• Empty:
• Front wall
• Left side
• Right side
• Floor
• Ceiling/Roof
• Inside/Outside doors, hinges, hasps
• Outside/Undercarriage

Container Seals

Written procedures must stipulate how seals are to be controlled and affixed to loaded containers. Procedures must be in place for recognizing and reporting compromised seals and/or containers to US Customs and Border Protection or the appropriate foreign authority. Only designated employees should distribute container seals for integrity purposes.

Container Storage

Containers must be stored in a secure area to prevent unauthorized access and/or manipulation. Procedures must be in place for reporting and neutralizing unauthorized entry into containers or container storage areas.

Physical Access Controls

Access controls prevent unauthorized entry to conveyances and facilities, maintain control of employees, visitors and protect company assets. Access controls must include the positive identification of all employees, visitors and vendors at all points of entry.

Employees

An employee identification system must be in place for positive identification and access. Employees should only be given access to those secure areas needed for the performance of their duties. Company management or security personnel must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. keys, key cards, etc.) must be documented.

Visitors Controls

Visitors must present photo identification for documentation purposes upon arrival. All visitors should be escorted and visibly display temporary identification.

Deliveries (including mail)

Proper vendor ID and/or photo identification must be presented for documentation purposes upon arrival by all vendors. Arriving packages and mail should be periodically screened before being disseminated.

Challenging and Removing Unauthorized Persons

Procedures must be in place to identify, challenge and address unauthorized/unidentified persons.

Personnel Security

Processes must be in place to screen prospective employees and to periodically check current employees. Maintain a current permanent employee list, which includes the name, date of birth, national identification number or social security number, position held, and submit such information to CBP upon written request, to the extent permitted by law.

Pre-Employment Verification

Application information, such as employment history and references must be verified prior to employment.

Background Checks / Investigations

Consistent with foreign, federal, state and local regulations, background checks and investigations should be conducted for prospective employees. Periodic checks and reinvestigations should be performed based on cause and/or the sensitivity of the employee's position.

Personnel Termination Procedures

Companies must have procedures in place to remove identification, facility, and system access for terminated employees.

Procedural Security

Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling and storage of cargo in the supply chain.

Documentation Processing

Procedures must be in place to ensure that all documentation used in the clearing of merchandise/cargo, is legible, complete, accurate and protected against the exchange, loss or introduction of erroneous information. Documentation control must include safeguarding computer access and information.

Manifesting Procedures

To help ensure the integrity of cargo received from abroad, procedures must be in place to ensure that information received from business partners is reported accurately and timely. Ensure that all bills of lading and other documentation submitted for cargo is complete and a system in place to verify the accuracy of the weight, marks and quantity of the shipment.

Shipping & Receiving

Arriving cargo should be reconciled against information on the cargo manifest. The cargo should be accurately described, weighed, labeled, marked, counted and verified. Departing cargo should be checked against purchase or delivery orders. Drivers delivering or receiving cargo must be positively identified before cargo is received or released.

Cargo Discrepancies

All shortages, overages and other significant discrepancies or anomalies must be resolved and/or investigated appropriately. CBP and/or other appropriate law enforcement agencies must be notified if illegal or suspicious activities are detected.

Security Training and Threat Awareness

A threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by terrorists at each point in the supply chain. Employees must be made aware of the procedures the company has in place to address a situation and how to report it. Additional training should be provided to employees in the shipping and receiving areas, as well as those receiving and opening mail.

Additionally, specific training should be offered to assist employees in maintaining cargo integrity, recognizing internal conspiracies and protecting access controls. These programs should offer incentives for active employee participation. Conduct periodic unannounced security checks to ensure that all procedures are being performed in accordance with defined guidelines.

Physical Security

Cargo handling and storage facilities in domestic and foreign locations must have physical barriers and deterrents that guard against unauthorized access. U.S./Canada Highway Carriers should incorporate the following C-TPAT physical security guidelines throughout their supply chains as applicable.

Fencing

Perimeter fencing should enclose the areas around cargo handling and storage facilities. Interior fencing within a cargo handling structure should be used to segregate domestic, international, high value, and hazardous cargo. All fencing must be regularly inspected for integrity and damage.

Gates and Gate Houses

Gates through which vehicles and/or personnel enter or exit must be manned and/or monitored. The number of gates should be kept to the minimum necessary for proper access and safety.

Parking

Private passenger vehicles should be prohibited from parking in or adjacent to cargo handling and storage areas.

Building Structure

Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.

Locking Devices and Key Controls

All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys.

Lighting

Adequate lighting must be provided inside and outside the facility including the following areas: entrances and exits, cargo handling and storage areas, fence lines and parking areas.

Alarms Systems & Video Surveillance Cameras

Alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to cargo handling and storage areas.

Information Technology Security

Information Technology (IT) integrity must be maintained to protect data from unauthorized access or manipulation.

Password Protection

Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place and provided to employees in the form of training.

Accountability

A system must be in place to identify the abuse of IT including improper access, tampering or the altering of business data. All system violators must be subject to appropriate disciplinary actions for abuse.

U.S. Marine or Port Terminal Operator General Items

C-TPAT Application

Instructions for submitting an online C-TPAT application are at: www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/online_app/. Select "Instructions for Completing the C-TPAT Online Application."

The C-TPAT Online Application itself can be found at: 
https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

Agreement to Voluntarily Participate

The U.S. Marine or Port Terminal Operator Agreement to Voluntarily Participate is similar to the . The Highway Carrier Agreement can be found as part of the C-TPAT Online Application at:

https://ctpat.cbp.dhs.gov/CompanyProfile.aspx

¹ C-TPAT requirements are evolving. The information contained in this section was current as of October 2010. For the latest information refer to the CBP Web site at: www.cbp.gov.