First things first, for those who are not familiar with the term, C-TPAT stands for Customs-Trade Partnership Against Terrorism. It is a supply chain security plan, whose main purpose is to improve the security of all private companies that are part of supply chains. This program was launched after the unfortunate event of 9/11 and is managed by CBP (Customs and Border Protection). The C-TPAT initiative was introduced because the government needed a methodology to be able to focus its resources on the right targets. It cannot inspect 100% of all shipments and being C-TPAT accredited allows it to identify low-risk importers from unknown risk parties. Participants (importers, carriers, 3PLs, etc) have to however maintain status and one of the expected activities is to impart supply chain training/awareness updates to its employees.
It is important to know that any company who wants to become registered in this agency voluntarily has to review and sign a MoU, which stands for Memorandum of Understanding and afterwards to complete a questionnaire. After this, the importer has to do one more important step, which is to complete a self-assessment following the rules imposed by C-TPAT. That assessment contains reviews of a series of aspects related to security, such as physical security, physical access control, personnel security and so on. Each of these reviews is highly important for completing the assessment properly and for being successfully registered in C-TPAT.
The process through which importers have to go is a five-step one. The first step is related to supply chains and map cargo flows, followed by the second step, conducting threat assessments, and the third one, identifying possible security vulnerabilities and other weaknesses and rating them. The fourth step implies to prepare a plan of action in order to address security weaknesses. Last but not least, the importers have to document risk assessment, to audit and to review procedures on an annual basis. However, before making any of these steps, the organization should decide upon a dedicated internal team that would be responsible of these tasks or, in case this is not possible, they should hire one from outside in order to perform them. The organization should also think of hiring a compliance manager. The role of these managers is to make sure that their business operations are in compliance with C-TPAT regulations.