GISTnet Main page

GISTnet Library

Glossary

CFR

Exhibits

Countries

My Page

Help

S14u—CTPAT for Consolidator/Forwarder Managers, Supervisors, and CTPAT Administrators

Subscriber price: $88.00, Non-subscriber price: $130.00
Estimated total study time: 11 hours 30 minutes

One of the critical aspects of maintaining and sustaining the CTPAT security program is training. The education of employees is a vital component of the "people and physical security" focus area of the minimum security criteria (MSC). Training of personnel to recognize threats, foster awareness of vulnerabilities, and understand the important role each person plays in securing the supply chain is a requirement of the CTPAT program.

This comprehensive course is for those managers, supervisors, or other staff in charge of setting-up, documenting, administering, and ensuring compliance with their company's CTPAT program. It will encompass all of the minimum security focus areas and the categories that "must" or "should" be met. This course consists of everything in the basic-level for "personnel", plus additional guidance for implementation and administration which include CTPAT benefits, application, certification, validation and program requirements.

Important: Supervisors and managers who do not have additional CTPAT administrative responsibilities need only take the basic-level course, S18u—CTPAT for Consolidator/Forwarder Personnel.

We begin with the requirements for all CTPAT members and their business partners and provide a comparative table in each category. The course concludes by discussing the benefits, eligibility requirements, and specific criteria that must be followed by consolidators including freight forwarders, ocean transportation intermediaries, and non-vessel operating common carriers (NVOCCs). It is designed to meet the CTPAT training requirement for managers, supervisors, and security points of contact who must understand, perform, and otherwise comply with operational-level security measures.

According to MSC 12.1, security training must be provided to employees, as required based on their functions and position, on a regular basis, and newly hired employees must receive this training as part of their orientation/job skills training. This course is suitable for both initial and refresher training.

Please note: Because the implementation of CTPAT security measures varies somewhat by company, this course "as is" can provide only general-purpose coverage of these topics. For companies with more than a few people to train, we recommend customization of this training to add company-specific security policies and procedures. The GISTware system which hosts this training facilitates such customization; please contact us for specifics.

The Decision to Participate in CTPAT

Why do companies want to participate in CTPAT? Find out the types of businesses that are eligible. There are specific requirements for participation and benefits based on business type.

(Estimated study time: 45 minutes)

• Introduction
• CTPAT Security Background
• Customs Trade Partnership Against Terrorism (CTPAT) is a Voluntary U.S. Security Program
• CTPAT Member Entity Groups
• Foreign Suppliers, Transportation Carriers, and Supply Chain Service Providers Gain Increased Marketability as CTPAT Members
• General Benefits of CTPAT Participation
• The Decision to Participate in CTPAT
  • Program Feasibility and Cost Justification
  • Supply Chain Security Analysis (Self-Assessment)
  • Why Participate in CTPAT?
  • CTPAT Best Practices

CTPAT Application, Certification, Validation and Maintenance

This lesson covers application, certification and validation of CTPAT. CTPAT is an ongoing compliance effort consisting of mandatory security requirements that must be met based on certain types of businesses in the supply chain. We begin the comparison of security requirements for four of these business types.

(Estimated study time: 31 minutes)

• Introduction
• Getting Started with CTPAT Security and Continuing Responsibilities
  • Overview of Steps Involved in CTPAT Application and Membership
  • CTPAT Program Application Through the CTPAT Portal
    • Creating the Origanization Profile to Set up the Portal Account
    • CTPAT Company Profile
    • Supply Chain Security Profile
  • CTPAT Certification
  • CTPAT Criteria Implementation
    • Internal Company Implementation
    • Communication of Requirements to Business Partners
    • Implementation of Security Measures by Business Partners
  • After You Are "Certified" (Accepted) into CTPAT
    • Validation
    • CBP Account Management and Monitoring
    • CTPAT Enforcement and Appeal Process
    • Post-Incident Analysis (PIA) Following a Security Breach

CTPAT Implementation Guidance for Corporate Security for All Entities

This lesson covers the minimum security requirements (must do) and suggestions (should do) with implementation guidance for the first three categories for the focus area of corporate security. The categories covered include: Security Vision & Responsibility, Risk Assessments, and Business Partner Security. The criteria covered are applicable to all entities.

(Estimated study time: 1 hour 43 minutes)

• Introduction to Corporate Security
• CTPAT Security Measures—"Minimum Security Standards"
  • Minimum Security Criteria (MSC) Focus Areas
  • Changes in Minimum Security Criteria Since CTPAT Began
• Minimum Security Criteria You Cannot Meet; Some Flexibility
• Explanation of the CTPAT Program Requirement Tables
• Table for Mandatory Corporate Security Requirements
• Table for Suggested Additions to Corporate Security
• Security Vision and Responsibility
  • CTPAT 1.0 Mandatory Security Vision & Responsibility Security
    • 1.3 CTPAT Members Review Plans to Audit their CTPAT Program
    • 1.4 CTPAT Members Appoint a Knowledgeable Point of Contact (POC)
  • CTPAT 1.0 Recommended Security Vision & Responsibility
    • 1.1 CTPAT Member's Statement of Support
    • 1.2 Create a Cross-Functional Security Team
• CTPAT Risk Assessment
  • CTPAT 2.0 Mandatory Risk Assessments
    • 2.1 CTPAT Members Conduct and Document a Supply Chain Risk Assessment
    • 2.3 Periodic Review of the Risk Assessment
  • CTPAT 2.0 Recommended Risk Assessments
    • 2.4 CTPAT Members Should Document Procedures for Crisis Management and Disaster Readiness
• CTPAT Business Partner Security
  • CTPAT 3.0 Mandatory Business Partner Security
    • 3.1 CTPAT Members Must have Documented Process for Screening and Monitoring Business Partners
    • 3.4 Business Partners Certified with CTPAT or Approved AEO programs
    • 3.5 CTPAT Members Exercise Due Diligence to Ensure Business Partners Meet MSC
  • CTPAT 3.0 Recommended Business Partner Security
    • 3.7 Business Partners Security Risk Assessments Should be Updated Regularly

CTPAT Implementation Guidance for Cybersecurity as Part of Corporate Security

This lesson deals with the fourth category, Cybersecurity, within the Corporate Security focus area. Cybersecurity is described as securing information technology and data systems that contain intellectual property, customer information, financial and trade data, employee records, etc.

(Estimated study time: 59 minutes)

• Introduction to Cybersecurity
  • Table for Cybersecurity 4.0
  • CTPAT 4.0 Mandatory Cybersecurity
    • 4.1 CTPAT Members Must Develop Comprehensive Cybersecurity Policies
    • 4.2 CTPAT Members Defend Against Common Cybersecurity Threats
      • Common Cybersecurity Threats
      • Social Engineering
      • Social Media
      • Consequences of Unauthorized Disclosure
    • 4.3 CTPAT Members Regularly Test IT Network Infrastructure
    • 4.5 Identification of and Disciplinary Action for Any IT Abuse
    • 4.6 Regular Review and Update of Cybersecurity Policies and Procedures
    • 4.7 Restrictions on Computer and Network Access Based on Job Assignment
    • 4.8 User Authentication/MFA/VPN for Individual IT Systems Accounts
    • 4.9 Virtual Private Network (VPN) Requirement for CTPAT Company Remote Access
    • 4.10 Network Protection for Access Via CTPAT Member Personal Devices
    • 4.13 Accounting and Proper Disposing of Media, Hardware or other IT Equipment Containing Sensitive Information
  • CTPAT 4.0 Recommended Cybersecurity
    • 4.4 Sharing Information with Business Partners and the Government
    • 4.11 Methods to Protect Against Counterfeit or Improperly Licensed Technology
    • 4.12 Encrypt and Backup Sensitive and Confidential Data

CTPAT Implementation Guidance for Transportation Security Applicable to All Entities

In this lesson we look at the minimum security requirements (must do) and suggestions (should do) with implementation guidance for three of the categories under the focus area of transporation security. The categories covered include: Conveyance and Instruments of International Traffic Security, Seal Security and Procedural Security. The criteria covered are applicable to all entities.

(Estimated study time: 2 hours 11 minutes)

• Introduction to Transportation Security
  • Table for Mandatory Transportation Security Requirements
  • Table for Suggested Additions to Transportation Security
• Conveyance and Instruments of International Traffic Security
  • CTPAT 5.0 Mandatory Conveyance and IIT Security
    • 5.1 Store Conveyances and IIT in a Secure Area
    • 5.29 Security Threats Must be Reported by Members to Business Partners
• Seal Security
  • CTPAT 6.0 Mandatory Seal Security
    • 6.1 Written Procedures for CTPAT Member Seal Control
    • 6.2 CTPAT Member shipments To or From the U.S. Sealed with High Security Seals
    • 6.5 Inventory Maintenance and Seal Standards Documented by CTPAT Members
    • 6.6 CTPAT Members Audit, Inventory, Verify and Document Seal Numbers
• Procedural Security
  • CTPAT 7.0 Mandatory Procedural Security
    • 7.23 CTPAT Members Procedure to Report and/or Escalate an Incident
    • 7.24 Procedures to Identify, Challenge and Address Unauthorized People
    • 7.37 Conduct Internal Investigation of Security-Related Incidents
  • CTPAT 7.0 Recommended Procedural Security
    • 7.7 Paper Documents Should be Secured
    • 7.25 Mechanism to Anonymously Report Security Related Issues

CTPAT Implementation Guidance for People & Physical Security Applicable to All Entities

This is the final set of minimum security requirements and suggestions that apply to everyone. The last four categories in the focus area of people and physical security include: Physical Access Controls, Physical Security, Personnel Security and Education, Training, and Awareness.

(Estimated study time: 2 hours 14 minutes)

• Introduction to People and Physical Security
  • Table for Mandatory People and Physical Security Requirements
  • Table for Suggested Additions to People and Physical Security
• Physical Security
  • CTPAT 9.0 Mandatory Physical Security
    • 9.1 Facility Security
    • 9.4 Gates and Other Egress Manned or Monitored
    • 9.6 Adequate Lighting Inside and Outside
    • 9.8 Member's Procedure for Security Technology
    • 9.10 Physical Control of Security Technology Infrastructure
    • 9.13 Using Cameras Systems for Security
    • 9.15 Review Camera Systems and Instructions
  • CTPAT 9.0 Recommended Physical Security
    • 9.2 Perimeter Fencing for Cargo Handling and Storage Facilities
    • 9.5 Parking for Private Passenger Vehicles
    • 9.7 Premises Monitored with Security Technology
    • 9.9 Licensed or Certified Resources used for Design and Installation of Security Technology
    • 9.11 Security Technology Systems Connected to an Alternative Power Source
    • 9.12 Cameras and Alarms Monitor Facility Premises and Sensitive Areas
    • 9.14 Camera Systems with "Failure to Operate" Alarm Notification
    • 9.16 Camera Footage Maintained Temporarily
• Physical Access Controls
  • CTPAT 10.0 Mandatory Physical Access Controls
    • 10.1 CTPAT Members Documented Procedures Governing Use of Badges and Access Devices
    • 10.2 CTPAT Certified Facility Visitor Controls
  • CTPAT 10.0 Recommended Physical Access Controls
    • 10.8 Arriving Packages and Mail
• Personnel Security
  • CTPAT 11.0 Mandatory Personnel Security
    • 11.1 Pre-Employment Verification
    • 11.5 All CTPAT Member Contractors and Employees Must Understand and Sign a Code of Conduct
  • CTPAT 11.0 Recommended Personnel Security
    • 11.2 Background Checks and Investigations
• Education, Training, and Awareness
  • CTPAT 12.0 Mandatory Education, Training and Awareness
    • 12.1 Members Establish a Security Training and Awareness Program
    • 12.8 Training on Company Cybersecurity Policies and Procedures
    • 12.9 Training in Operation and Management of Security Technology Systems
    • 12.10 Training on Suspicious Activity Detection and Reporting
  • CTPAT 12.0 Recommended Education, Training and Awareness
    • 12.4 Measures for Members to Verify Training Met Objectives
  • Summary of Required Security Measures for All CTPAT Members
  • Areas that Due Diligence Requires Companies must Ensure are Followed by Business Partners

CTPAT Implementation Guidance for Criteria that Consolidators Must Accomplish

In all of the previous lessons we covered the requirements in each category of the CTPAT minimum security requirements and specified the requirements that applied to all member entities of CTPAT. This lesson concentrates on the "must do" areas that are different for each entity, in this case consolidators.

(Estimated study time: 2 hours 38 minutes)

• Introduction
• Specific Benefits for Supply Chain Service Providers
• Specific Consolidator's Eligibility Requirements
• 3.5 CTPAT Members Exercise Due Diligence to Ensure Business Partners Meet MSC
• 5.2 Create Written Procedures for Security and Agriculture Inspections
• 5.3 Conduct Inspections of All Conveyances and Empty Instruments of International Traffic Prior to Loading
  • Inspections Prior to Loading
  • Container and Unit Load Device (ULD) Security and 7-Point Inspection Procedures
  • Trailer Security and Inspection Procedures
  • Conveyance Security and 17-Point Inspection Procedures
• 5.4 Inspect External Hardware on Conveyances and IIT Before Attaching the Seal
• 5.7 Perform Proper Removal of any Visible Pest Contamination from Container or Conveyance
• 6.7 VVTT Process Followed to Check that High Security Seals are Properly Affixed
  • Seal Verification Process
  • Proper Way to Apply Seals
  • View Verify Tug Twist Seal Inspection Method
• 7.1 Cargo in Overnight or Extended Storage Secured from Unauthorized Access
• 7.2 Cargo Areas Kept Free from Visible Pest Contamination
• 7.6 Procedures Ensuring Cargo Clearance Information Protected and Submitted
• 7.8 Shipper and Carrier Ensure Documents Accurately Reflect Contents and be Filed Timely
• 7.10 Personnel Recognize Possible Suspicious Cargo
• 7.27 Investigate and Resolve Any Cargo Discrepancies
• 8.1 Transportation Security; Fulfilling CTPAT 8.0 Mandatory Agricultural Security
• 10.3 Positive Identification of Drivers Dropping Off or Picking Up Cargo
• 10.4 CTPAT Certified Facility Cargo Controls
• 10.10 Work Instructions for Security Guards
• 12.2 Training on Security and Agricultural Inspections
• Summary of Consolidator's (Air & Ocean Forwarders, NVOs) Required Security Measures

CTPAT Implementation Guidance for Criteria that Consolidators Should Accomplish

This lesson concentrates on the "should-do" areas that are different for each entity, in this case consolidators. They are not required, only suggestions to strengthen security as best practices.

(Estimated study time: 29 minutes)

• Introduction
• 5.5 Inspections of Conveyances and IIT Should be Recorded on a Checklist
• 5.6 Should Perform Security Inspections in a Controlled Access Area
• 5.8 Should Conduct Random Searches by Management After Staff Inspections
• 5.14 Requirements for Tracking, Reporting and Sharing of All Shipment Data Should be Contained in the Terms of Service Agreement
• 7.4 Designated Personnel Should Supervise Loading of Cargo
• 7.5 Photograph Seal Installation and Forward to Destination
• 7.28 Verify Arriving and Departing Cargo Against Transport Documents
• 7.29 Transmit Assigned Seal Numbers to the Consignee Before Departure
• 7.30 Print Seal Numbers on Shipping Documents
• 10.9 Only Specially Designated Monitored Areas Used for Cargo Deliveries
• Summary of Suggested Security Criteria for Consolidators