CTPAT Checklist: Requirements to Know

by Vector | Jul 7, 2021 9:09:31 AM


In June 2019, U.S. Customs and Border Protection (CBP) made the largest single drug bust in the agency's 230-year history. The CBP intercepted a ship named the MSC Gayane at the Port of Philadelphia. Onboard, they discovered more than 19 tons of cocaine with an estimated worth of over $1 billion. Some people have called this story "Scarface at sea." Indeed, it sounds like the plot of a movie.

Prior to the bust in Philly, Mediterranean Shipping Company (MSC) was the number-two ocean freight carrier in the world. After the coke bust? CPB seized the MSC Gayane. That made the Gayane, a 10,000-TEU container ship, the largest vessel ever to be seized (a claim that may be surpassed by Egypt's seizure of the Ever Given after its six-day blockage of the Suez Canal). In addition, MSC's preferred customs status in the CBP's Customs Trade Partnership Against Terrorism (CTPAT) program was suspended for 90 days.

How has the story of "Scarface at sea" played out? Authorities identified it as an inside job.

The culprits onboard the Gayane were eight crew members who had ties to organized crime. All eight eventually pled guilty to drug trafficking charges. The first crew member received a sentence of 5 years and 10 months in prison.

What about MSC, the ship's owner? The company was required to stake $50 million to the CBP. But MSC was able to retrieve the Gayane and put the ship back into service. The crimes of eight employees threatened the livelihood of MSC's 27,000-person global workforce. But since then, MSC has overtaken Maersk as the number-one ocean carrier in the world.

The CTPAT Program Is Vital to Customs Efficiency

As you might imagine, MSC's participation in the the U.S. CBP CTPAT program is vital to the company's efficiency of operations. After all, it was newsworthy that MSC lost its CTPAT status for 90 days. Based on that alone, it might even be safe to say that the CTPAT program is a key cog in MSC's status as the global supply chain's leader in ocean freight.

That being said, let's take a closer look at the CTPAT program itself. We'll examine everything CTPAT. What is its history, how does it work,  and what does it take to pass the CTPAT audit? We'll also provide an audit checklist to help you if you're trying to understand the preparation involved in the CTPAT audit process.

What's the CTPAT Program?

According to the CBP website, the "Customs Trade Partnership Against Terrorism (CTPAT) is but one layer in U.S. Customs and Border Protection’s (CBP) multilayered cargo enforcement strategy." CTPAT is a public-private sector partnership program. It aims to help the CBP strengthen international supply chains and improve U.S. border security against threats, including drug trafficking and terrorism.

In addition, partners in the CTPAT program agree to "work with CBP in order to protect the supply chain, identify security gaps, and implement specific security measures and best practices."

The CTPAT program began in November 2001 as a response to 9/11. The driving idea was to align the key stakeholders of the international supply chain for the common good.

As such, carriers (including highway, rail, and sea), importers, exporters, freight consolidators, customs brokers, port authorities, port operators, and manufacturers involved with the CTPAT program share the burden of border security. In total, 11,400 companies across the supply chain have passed the CTPAT audit and received their customs certification under the program.

Once you're a member, your cargo is less likely to be scrutinized at ports and border crossings. But first, you must pass the CTPAT audit. Let's get into the details of that next.

A Basic CTPAT Audit Checklist

The audit is an assessment of your company's overall process and security profile. CBP lists three steps to the security review process.

Step One: Minimum Security Criteria

The first step of the CTPAT audit is to review the minimum security criteria page on the CBP website. This is will help you self-assess your eligibility for the program.

CTPAT wants to add members who "demonstrate excellence in supply chain security practices." One way CBP determines your level of excellence is to look into your history for security-related events of significance. If your company has had security issues in the past, those may make you ineligible for CTPAT participation.

The CBP notes specific criteria based on each branch of the supply chain. In other words, highway carriers will have different criteria from sea carriers.

Step Two: Online Application and Voluntary Waiver

The second step in the CTPAT audit process is to submit a basic application. Complete and submit your application online through the CTPAT portal system.

The application first asks for a basic company profile. This is simply information like company addresses and personnel contacts.

You'll also be asked to sign a waiver that states participation in the program is voluntary.

Step Three: Your Security Profile

The third step of the audit is where things get a bit more in depth. You'll start with information about your company’s ability to meet CTPAT security requirements. Once that's complete, a supply chain security specialist (SCSS) with the CBP will then review your application.

Your SCSS will work with you to provide CTPAT guidance on an on-going basis. Ultimately, you'll find out within 90 days of your application whether you've been accepted. If CBP approves your application, you'll continue with a CTPAT validation process that will take place over one year.

Pre-Audit Checklist Best Practices

Every company is different. Each branch and niche of logistics also features its own nuances. Having said that, the following checklist includes basic areas covered in CTPAT security audits.

In general, you'll want to be able to confirm that you have a security process in place for each of these key areas. In addition, you'll need to produce documentation that proves you continually track, monitor, and assess each of these security criteria:

  • Physical Security: Do you have an alarm system? Do you monitor a multilayered fence? Does it feature vibration sensors to deter underground tunneling?
  • Business Partners: Do you perform third-party audits of your business partners? Do you have a quick-response team for security breaches?
  • Conveyance Security: Do you use tamper-indicative security labels? Does your paperwork include a photo of the seal and the serial number?
  • Physical Access Control: Do all your employees have photo IDs and electronic logins? Do you have eight-hour badge expirations? Do you have two-way door locks?
  • Personnel Security: Are you fingerprinting new hires? Do you share information with national authorities? Do you conduct exit interviews after terminations?
  • Procedural Security: Do you use tamper-evident seals? Do you verify serial numbers against packing lists when loading and unloading? Do you use online or automated technology when scheduling shipments? Can all drivers provide all shipment paperwork when checking in with security guards?
  • Physical Security: Do you have security guards properly positioned at all times? Do you have proper fencing and barriers?
  • Security Training and Threat Awareness: Do new employees complete security training? Do you conduct security training with your suppliers, customers, and business partners?
  • Information Technology (IT) Security: Do you delete hard drives when employees leave the company? Do your employees sign liability agreements before using company technology?

Vector Can Help With CTPAT Audits—and Ongoing Compliance

In truth, partnering with Vector is a great way to prepare for the CTPAT audit. Vector's software will help you organize your processes. As such, Vector will continue to help you maintain your CTPAT compliance. Vector's suite of driver-friendly digitized documentation software tools help streamline the information required during and beyond the audit process.

Digitized documents, housed in the cloud, are in essence the easiest and most secure way to ensure security procedures are followed. To summarize, companies looking to join the CTPAT program should certainly analyze Vector's value proposition.

In short, don't risk getting blocked like the Suez Canal. Put another way, as we saw with MSC, your CTPAT membership may have world domination riding on it!


This post was written by Brian Deines. Brian believes that every day is a referendum on a brand’s relevance, and he’s excited to bring that kind of thinking to the world of modern manufacturing and logistics. He deploys a full-stack of business development, sales, and marketing tools built through years of work in the logistics, packaging, and tier-1 part supply industries serving a customer base comprised of Fortune 1000 OEMs.

Subscribe Now

Additional Reading