What you need to know about the updates to the C-TPAT program
Since January 2019, CBP has developed updates to the C-TPAT, which included new risk points that are presented currently in the supply chains of companies, with the aim of strengthening security by requiring more specific measures. As a result, it will be necessary to begin performing actions in a coordinated manner in order to comply with these important initiatives.
In this regard, the following list shows the background of the changes made by CBP:
- The current updates derive from “New” threats against international commerce that were nonexistent, or were not so highly developed during 2001, the year that the program was created. Likewise, the updates come as part of the meetings between the CBP and their advisory committee.
- From 2016 to 2018, an upgrading phase of the CTPAT Program’s Security Criteria took place.
- In October 2018, the “socialization” phase concluded. The purpose of this phase was to obtain feedback from entities that were involved in the program.
- In January 2019, the preparation and training phase commenced for the companies that are part of the program. This phase concludes in 2020.
- The fourth phase will start in 2020, in which the members of the program will include the new criteria to their security process.
- In summary, the additions of the new program will be the following: cyber-security management, the vision and responsibility of security at the corporate level, as well as agribusiness security.
The origin of this standards dates from the terrorist attacks of September 11, 2001, against the World Trade Center (Twin towers) in the city of New York in the United States of America. CTPAT (Customs-Trade Partnership Against Terrorism) is a joint initiative of the government and companies whose objective is to build commercial cooperation relations that reinforce and improve the business value chain and the security of the U.S. border.
The purpose and the scope of the regulation are to define the necessary guidelines, in order to reinforce security in business chain value and to secure the continuity of compliance.
Defined standards
Formerly, the CTPAT program was mainly based in the following security standards:
- Physical security
- Physical access Control
- Business partners
- Processes security
- Security of cargo vehicles, containers, trailers and/or semi-trailers
- Personnel security
- Information and documentation security
- Security training and awareness.
Derived from the new modifications, there will now be 12 standards. The former eight plus the following:
- Security and responsibility vision
- Cybersecurity
- Agribusiness security
- Stamps security
In this sense, the profile will be composed of the following standards:
Corporate security
- Security and responsibility vision
- Risk analysis
- Business partners
- Cybersecurity
Transport security
- Transport and security in International Traffic Instruments
- Stamps security
- Processes security
- Agribusiness security
Physical and personnel security
- Physical security
- Access control
- Personnel security
- Training, education and awareness
In summary, the following information is in relation to the most important modifications to the program:
- For the Security and Responsibility Vision Process, it is necessary to accomplish a procedure in order to include Security in the Company’s Supply Chain System as a part of its cultural identity.
- Cybersecurity: an adjustment will be made to the denomination of this standard, previously it was called “Technology Security”, and now the name is replaced. Additionally, it is necessary to make updates, as well as strengthen the content of this procedure.
- Agribusiness Security: with this procedure the criteria to follow should be to inspect the forms of transportation, with the purpose of assuring that they are pest-free.
- The new Stamps security procedure was already handled in the Container Security standard and, derived from the changes, this new procedure has to be strengthened by creating measures for transport safety, performing audits to verify compliance, determining security tools for storage and, also, must have evidence of stamped cargo (photographs).
- Transportation Security Procedure. This standard is substituted by Transport and International Traffic Instruments Security.
- Physical and personnel security: the security process and threat awareness are replaced by training, education and awareness, which seeks to strengthen the procedure by measuring the effectiveness of training and focus subjects to the management of information systems, suspicion or possible contamination or manipulation.
Based on the above and, in order to be able to comply with the new security criteria suggested by CBP, it is necessary to carry out a comprehensive review of the supply chain, the internal security of its plant, offices and operations, which also includes verifying the supply chain from its origin to the final consumer in the US, and business partners, as well as updating the security profile.
Once certificated and it comes to the attention that minimum criteria procedures are not continued and in compliance, the CBP authorities will suspend or withdraw the certification, which will leave the business out of the advantages and benefits of the program.
We hope this information is useful, please do not hesitate to contact us if you have any questions or comments.