Mapping Cargo/Data Flow and Control and Identifying Business Partners (whether directly or indirectly contracted) and how cargo moves throughout the supply chain to include modes of transportation (air, sea, rail, or truck) and nodes (country of origin, transit points).
Conducting a Threat Assessment focusing on Terrorism, Contraband Smuggling, Human Smuggling, Agricultural and Public Safety Threats, Organized Crime, and conditions in a country/region which may foster such threats, and ranking those threats.
Conducting a Vulnerability Assessment in accordance with the CTPAT Minimum Security Criteria. A vulnerability assessment includes identifying what the Partner has that a terrorist or criminal might desire. For brokers this might be data; for importers, manufacturers, and exporters, this might be access to cargo and company information. Then, identifying weaknesses in company procedures that would allow a terrorist or criminal to gain access to these processes, data, or cargo.
Preparing a Written Action Plan to Address Vulnerabilities. This includes mechanisms to record identified weaknesses, who is responsible for addressing the issues, and due dates. Reporting results to appropriate company officials and employees on completed follow up and changes is also essential.
Documenting the Procedure for How Risk Assessments are Conducted, to Include Reviewing and Revising the Procedure Periodically. The process itself should be reviewed and updated as needed at least annually, and a Risk Assessment should be conducted and documented at least annually, more frequently for highway carriers and high risk supply chains
What is a CTPAT validation, A CTPAT validation is a process through which the U.S. Customs and Border Protection (CBP) CTPAT program meets with company representatives and visits selected domestic and foreign sites to verify supply chain security measures contained in the CTPAT participants security profile are accurate and are being followed.
What is the goal of a CTPAT validation, The principal goal of a validation for CBP is to ensure that the companies CTPAT security profile is reliable, accurate, and effective. However, validations also provide a forum through which CBP and a CTPAT participant can build a stronger partnership by discussing supply chain security issues, sharing best practices, and cooperatively developing solutions to address potential vulnerabilities. The face to face nature of a validation encourages both CBP and the CTPAT participant to better understand the role each plays in securing our borders against international terrorism.
Is a CTPAT validation an audit, No. A validation is not an audit. Whereas CBP routinely performs audits in a variety of operational and regulatory areas (e.g. trade compliance, NAFTA), CTPAT validations do not measure a companies adherence to existing government rules and regulations. Instead, the validation is focused on the verification of supply chain security processes and procedures that a company voluntarily agrees to verify or perform under the auspices of the CTPAT program.