Ten Steps to Ensure CTPAT Security Compliance

Ten steps to ensure your CTPAT Security Program continues to meet your company’s needs, is continually improving, and you are ready for a CBP validation. 

  1. CTPAT Minimum Security Criteria – identify the MSC most appropriate for your company from the 12 available on the US CBP website.  MSC are also updated regularly to adapt to the evolving issues in supply chain security.
  2. Security Program Documents – best practice is to have one documents that describe how your company will meet the MSC – a Security Policy, Program, or Management System.
  3. Operational Documents – gather the additional documents that describe operational processes impacted by the MSC – these could be procedures from Human Resources, the Employee Handbook, the Code of Ethics, and processes within the Office or Warehouse.
  4. CPTAT Portal Security Profile – review previously submitted profile on the Portal and the most recent validation report from CBP and your response to nonconformances.
  5. Gap Analysis – compare the requirements of the MSC with the policies, procedures, and other documents to identify any items not covered by your Security Program.
  6. Action Items – identify tasks that will fill the gaps identified.
  7. Self-Assessment or Audit – gather evidence to confirm your employees are following the procedures and meeting the MSC; gather evidence from service providers to verify they support your requirements.
  8. Audit Report – document your findings, identify nonconformances, and create action items to get back on track.
  9. Map your Supply Chain and Identify Risks – identify the trade lanes, your customers, shippers, carriers and other service providers, ports of export and entry, and complete a Risk Analysis.
  10. More Action Items – to mitigate risks, find areas to improve your Security Program, operational documents, and audit practices, and create and assign tasks to get it done.

Be sure to train employees about CTPAT, your Security Program, and their role; everyone has a role in securing the global supply chain.  Training should be periodically updated to include evolving issues in supply chain security and changes to the MSC.

If you have not yet achieved CTPAT Certification, step 2 becomes “Document your Security Program” which helps you complete step 4 by creating a CTPAT Security Profile in the portal.

Check your CTPAT Security Program regularly and avoid the mad scramble a month before your triennial validation. 

Need help or fresh eyes to get this done?  Have customers who need help with ongoing compliance management or becoming certified?  Unsure how to respond to recent nonconformances you’re your CTPAT validation?  Engage Sobottka Consulting; message, call, or e-mail today to discuss.

#CTPAT #SupplyChainSecurity  

Return to Engagement Stories
Scroll to Top