GISTnet Main page

GISTnet Library

Glossary

CFR

Exhibits

Countries

My Page

Help

S12u—CTPAT for Customs Broker Managers, Supervisors, and CTPAT Administrators

Subscriber price: $95.00, Non-subscriber price: $140.00
Estimated total study time: 13 hours 0 minutes

One of the critical aspects of maintaining and sustaining the CTPAT security program is training. The education of employees is a vital component of the "people and physical security" focus area of the minimum security criteria (MSC). Training of personnel to recognize threats, foster awareness of vulnerabilities, and understand the important role each person plays in securing the supply chain is a requirement of the CTPAT program.

This comprehensive course is for those managers, supervisors, or other staff in charge of setting-up, documenting, administering, and ensuring compliance with their company's CTPAT program. It will encompass all of the minimum security focus areas and the categories that "must" or "should" be met. This course consists of everything in the basic-level for "personnel", plus additional guidance for implementation and administration which include CTPAT benefits, application, certification, validation and program requirements.

Important: Supervisors and managers who do not have additional CTPAT administrative responsibilities need only to take the basic-level course S17u—CTPAT for Customs Broker Personnel.

We begin with the requirements for all CTPAT members and their business partners and provide a comparative table in each category. The course continues by discussing the benefits, eligibility requirements, and specific criteria for importers and concludes with those specified for customs brokers. The information regarding importers is included because MSC 12.5 requires that customs brokers must be able to explain CTPAT's security requirements to their importer clients, apprise them of critical program developments, and encourage them to become CTPAT members. It is designed to meet the CTPAT training requirement for managers, supervisors, and security points of contact who must understand, perform, and otherwise comply with operational-level security measures.

According to MSC 12.1, security training must be provided to employees, as required based on their functions and position, on a regular basis, and newly hired employees must receive this training as part of their orientation/job skills training. This course is suitable for both initial and refresher training.

The Decision to Participate in CTPAT

Why do companies want to participate in CTPAT? Find out the types of businesses that are eligible. There are specific requirements for participation and benefits based on business type.

(Estimated study time: 55 minutes)

• Introduction
• CTPAT Security Background
• Customs Trade Partnership Against Terrorism (CTPAT) is a Voluntary U.S. Security Program
• CTPAT Member Entity Groups
• Foreign Suppliers, Transportation Carriers, and Supply Chain Service Providers Gain Increased Marketability as CTPAT Members
• General Benefits of CTPAT Participation
• The Decision to Participate in CTPAT
  • Program Feasibility and Cost Justification
  • Supply Chain Security Analysis (Self-Assessment)
  • Why Participate in CTPAT?
  • CTPAT Best Practices

CTPAT Application, Certification, Validation and Maintenance

This lesson covers application, certification and validation of CTPAT. CTPAT is an ongoing compliance effort consisting of mandatory security requirements that must be met based on certain types of businesses in the supply chain. We begin the comparison of security requirements for four of these business types.

(Estimated study time: 35 minutes)

• Introduction
• Getting Started with CTPAT Security and Continuing Responsibilities
  • Overview of Steps Involved in CTPAT Application and Membership
  • CTPAT Program Application Through the CTPAT Portal
    • Creating the Origanization Profile to Set up the Portal Account
    • CTPAT Company Profile
    • Supply Chain Security Profile
  • CTPAT Certification
  • CTPAT Criteria Implementation
    • Internal Company Implementation
    • Communication of Requirements to Business Partners
    • Implementation of Security Measures by Business Partners
  • After You Are "Certified" (Accepted) into CTPAT
    • Validation
    • CBP Account Management and Monitoring
    • CTPAT Enforcement and Appeal Process
    • Post-Incident Analysis (PIA) Following a Security Breach

CTPAT Implementation Guidance for Corporate Security: Security Vision and Responsibility

This lesson covers the CTPAT Security Measures with a focus on the "Minimum Security Standards." It delves into the Minimum Security Criteria (MSC), which are divided into three main focus areas: Corporate Security, Transportation Security, and People and Physical Security. Each focus area includes specific categories and criteria that CTPAT members must adhere to in order to ensure the security of the supply chain.

(Estimated study time: 1 hour 1 minute)

• Introduction
• CTPAT Security Measures—"Minimum Security Standards"
  • Minimum Security Criteria (MSC) Focus Areas
  • Changes in Minimum Security Criteria Since CTPAT Began
• Minimum Security Criteria You Cannot Meet; Some Flexibility
• Security Vision & Responsibility 1.0
• CTPAT 1.0 Mandatory Security Vision & Responsibility Security
  • 1.3 CTPAT Members Review Plans to Audit their CTPAT Program
  • 1.4 CTPAT Members Appoint a Knowledgeable Point of Contact (POC)
• CTPAT 1.0 Recommended Security Vision & Responsibility
  • 1.1 CTPAT Member's Statement of Support
  • 1.2 Create a Cross-Functional Security Team

CTPAT Implementation Guidance for Corporate Security: Risk Assessment

This lesson focuses on Risk Assessment (RA) within the context of the Customs Trade Partnership Against Terrorism (CTPAT) program. It covers the definition of risk, the importance of conducting thorough risk assessments, and the procedures for documenting and mitigating risks in the supply chain. The lesson emphasizes the need to continuously evaluate and improve security measures to protect against potential threats.

(Estimated study time: 1 hour 5 minutes)

• Introduction
• Risk Assessment (RA) 2.0
• CTPAT 2.0 Mandatory Risk Assessments
  • 2.1 CTPAT Members Conduct and Document a Supply Chain Risk Assessment
  • 2.3 Periodic Review of the Risk Assessment
• CTPAT 2.0 Recommended Risk Assessments
  • 2.4 CTPAT Members Should Document Procedures for Crisis Management and Disaster Readiness

CTPAT Implementation Guidance for Corporate Security: Business Partner Security

This lesson focuses on the requirements that CTPAT members must or should impose on their business partners to ensure the security of the supply chain. It covers the definition of business partners, the importance of compliance with minimum security measures, and the processes for screening and monitoring business partners. The lesson emphasizes the need for CTPAT members to work closely with their business partners, both domestically and internationally, to maintain effective security measures.

(Estimated study time: 49 minutes)

• Introduction
• Business Partner Security 3.0
• CTPAT 3.0 Mandatory Business Partner Security
  • 3.1 CTPAT Members Must have Documented Process for Screening and Monitoring Business Partners
  • 3.4 Business Partners Certified with CTPAT or Approved AEO programs
  • 3.5 CTPAT Members Exercise Due Diligence to Ensure Business Partners Meet MSC
• CTPAT 3.0 Recommended Business Partner Security
  • 3.7 Business Partners Security Risk Assessments Should be Updated Regularly

CTPAT Implementation Guidance for Corporate Security: Cybersecurity

This lesson deals with the fourth category, Cybersecurity, within the Corporate Security focus area. Cybersecurity is described as securing information technology and data systems that contain intellectual property, customer information, financial and trade data, employee records, etc.

(Estimated study time: 1 hour 19 minutes)

• Introduction to Cybersecurity
  • Table for Cybersecurity 4.0
  • CTPAT 4.0 Mandatory Cybersecurity
    • 4.1 CTPAT Members Must Develop Comprehensive Cybersecurity Policies
    • 4.2 CTPAT Members Defend Against Common Cybersecurity Threats
      • Common Cybersecurity Threats
      • Social Engineering
      • Social Media
      • Consequences of Unauthorized Disclosure
    • 4.3 CTPAT Members Regularly Test IT Network Infrastructure
    • 4.5 Identification of and Disciplinary Action for Any IT Abuse
    • 4.6 Regular Review and Update of Cybersecurity Policies and Procedures
    • 4.7 Restrictions on Computer and Network Access Based on Job Assignment
    • 4.8 User Authentication/MFA/VPN for Individual IT Systems Accounts
    • 4.9 Virtual Private Network (VPN) Requirement for CTPAT Company Remote Access
    • 4.10 Network Protection for Access Via CTPAT Member Personal Devices
    • 4.13 Accounting and Proper Disposing of Media, Hardware or other IT Equipment Containing Sensitive Information
  • CTPAT 4.0 Recommended Cybersecurity
    • 4.4 Sharing Information with Business Partners and the Government
    • 4.11 Methods to Protect Against Counterfeit or Improperly Licensed Technology
    • 4.12 Encrypt and Backup Sensitive and Confidential Data

CTPAT Implementation Guidance for Transportation Security

In this lesson we look at the minimum security requirements (must do) and suggestions (should do) with implementation guidance for three of the categories under the focus area of transporation security. The categories covered include: Conveyance and Instruments of International Traffic Security, Seal Security and Procedural Security. The criteria covered are applicable to all entities.

(Estimated study time: 1 hour 8 minutes)

• Introduction to Transportation Security
• 5.0 Conveyance and Instruments of International Traffic Security
  • CTPAT 5.0 Mandatory Conveyance and IIT Security
    • 5.1 Store Conveyances and IIT in a Secure Area
    • 5.29 Security Threats Must be Reported by Members to Business Partners
• 6.0 Seal Security
  • CTPAT 6.0 Mandatory Seal Security
    • 6.1 Written Procedures for CTPAT Member Seal Control
    • 6.2 CTPAT Member shipments To or From the U.S. Sealed with High Security Seals
    • 6.5 Inventory Maintenance and Seal Standards Documented by CTPAT Members
    • 6.6 CTPAT Members Audit, Inventory, Verify and Document Seal Numbers
• 7.0 Procedural Security
  • CTPAT 7.0 Mandatory Procedural Security
    • 7.23 CTPAT Members Procedure to Report and/or Escalate an Incident
    • 7.24 Procedures to Identify, Challenge and Address Unauthorized People
    • 7.37 Conduct Internal Investigation of Security-Related Incidents
  • CTPAT 7.0 Recommended Procedural Security
    • 7.7 Paper Documents Should be Secured
    • 7.25 Mechanism to Anonymously Report Security Related Issues
  • 8.0 Agricultural Security
  • CTPAT 8.0 Mandatory Agricultural Security
    • 8.0 What CBP Says About Agricultural Security
    • 8.1 Transportation Security; Fulfilling CTPAT 8.0 Mandatory Agricultural Security

CTPAT Implementation Guidance for Physical Security and Access Controls

This module covers the essential security measures required for cargo handling and storage facilities, including trailer yards and offices. It emphasizes the importance of physical barriers and deterrents to prevent unauthorized access, such as fencing, gates, controlled access, lighting, alarm systems, and video surveillance. The module also highlights the need for regular inspections, maintenance, and documentation of security technology, as well as the implementation of written policies and procedures to govern the use and protection of this technology.

(Estimated study time: 41 minutes)

• Introduction
• 9.0 Physical Security
• CTPAT 9.0 Mandatory Physical Security
  • 9.1 Facility Security
  • 9.4 Gates and Other Egress Manned or Monitored
  • 9.6 Adequate Lighting Inside and Outside
  • 9.8 Member's Procedure for Security Technology
  • 9.10 Physical Control of Security Technology Infrastructure
  • 9.13 Using Cameras Systems for Security
  • 9.15 Review Camera Systems and Instructions
• CTPAT 9.0 Recommended Physical Security
  • 9.2 Perimeter Fencing for Cargo Handling and Storage Facilities
  • 9.5 Parking for Private Passenger Vehicles
  • 9.7 Premises Monitored with Security Technology
  • 9.9 Licensed or Certified Resources used for Design and Installation of Security Technology
  • 9.11 Security Technology Systems Connected to an Alternative Power Source
  • 9.12 Cameras and Alarms Monitor Facility Premises and Sensitive Areas
  • 9.14 Camera Systems with "Failure to Operate" Alarm Notification
  • 9.16 Camera Footage Maintained Temporarily
• 10.0 Physical Access Controls
• CTPAT 10.0 Mandatory Physical Access Controls
  • 10.1 CTPAT Members Documented Procedures Governing Use of Badges and Access Devices
  • 10.2 CTPAT Certified Facility Visitor Controls
• CTPAT 10.0 Recommended Physical Access Controls
  • 10.8 Arriving Packages and Mail

CTPAT Implementation Guidance for Personnel Security, Education, Training and Awareness

This lesson outlines the steps involved in an effective employee selection process, emphasizing the importance of thorough screening to ensure workplace safety and integrity. It covers the creation of job descriptions, the application process, skill and knowledge evaluations, interviews, background checks, and follow-up interviews. The module also addresses the legal considerations in different countries and the importance of maintaining a Code of Conduct.

The next part of the lesson focuses on the importance of security training and awareness for employees in the supply chain. It emphasizes that employees who understand the necessity of security measures are more likely to comply with them. The module outlines the responsibilities of security personnel in implementing and maintaining a comprehensive security training program, including regular reviews, incident-based retraining, and orientation for new employees. It also covers the documentation requirements for training records and the specific training needs for different roles within the organization.

The lesson finishes up with a summary of all of the mandatory requirements and discusses the areas where companies are required to ensure their business partners are also following the CTPAT minimum security requirements whether their partners are participants in the program or not.

(Estimated study time: 54 minutes)

• Introduction
• 11.0 Personnel Security
• CTPAT 11.0 Mandatory Personnel Security
  • 11.1 Pre-Employment Verification
  • 11.5 All CTPAT Member Contractors and Employees Must Understand and Sign a Code of Conduct
• CTPAT 11.0 Recommended Personnel Security
  • 11.2 Background Checks and Investigations
• CTPAT 12.0 Mandatory Education, Training and Awareness
  • 12.1 Members Establish a Security Training and Awareness Program
  • 12.8 Training on Company Cybersecurity Policies and Procedures
  • 12.9 Training in Operation and Management of Security Technology Systems
  • 12.10 Training on Suspicious Activity Detection and Reporting
• CTPAT 12.0 Recommended Education, Training and Awareness
  • 12.4 Measures for Members to Verify Training Met Objectives
• Summary of Required Security Measures for All CTPAT Members
• Areas that Due Diligence Requires Companies must Ensure are Followed by Business Partners

CTPAT Implementation Guidance for Criteria that Importers Must Accomplish

In all of the previous lessons we covered the requirements in each category of the CTPAT minimum security requirements and specified the requirements that applied to all member entities of CTPAT. This lesson concentrates on the "must do" areas that are different for each entity, in this case importers.

(Estimated study time: 3 hours 0 minutes)

• Introduction
• Specific Benefits for Importers and Exporters
• CTPAT Trade Compliance Benefits for Importers
• Importer's Eligibility Requirements
• 3.6 Weaknesses Identified During Business Partner Security Assessments Must be Addressed ASAP
• 3.9 CTPAT Member's Social Compliance Program Addressing Forced Labor Issues a Must
• 5.3 Conduct Inspections of All Conveyances and Empty Instruments of International Traffic Prior to Loading
  • Inspections Prior to Loading
  • Container and Unit Load Device (ULD) Security and 7-Point Inspection Procedures
  • Trailer Security and Inspection Procedures
  • Conveyance Security and 17-Point Inspection Procedures
• 5.4 Inspect External Hardware on Conveyances and IIT Before Attaching the Seal
• 6.7 VVTT Process Followed to Check that High Security Seals are Properly Affixed
  • Seal Verification Process
  • Proper Way to Apply Seals
  • View Verify Tug Twist Seal Inspection Method
• 7.1 Cargo in Overnight or Extended Storage Secured from Unauthorized Access
• 7.2 Cargo Areas Kept Free from Visible Pest Contamination
• 7.6 Procedures Ensuring Cargo Clearance Information Protected and Submitted
• 7.8 Shipper and Carrier Ensure Documents Accurately Reflect Contents and be Filed Timely
• 7.10 Personnel Recognize Possible Suspicious Cargo
• 7.27 Investigate and Resolve Any Cargo Discrepancies
• 8.1 Transportation Security; Fulfilling CTPAT 8.0 Mandatory Agricultural Security
• 10.3 Positive Identification of Drivers Dropping Off or Picking Up Cargo
• 10.4 CTPAT Certified Facility Cargo Controls
• 10.10 Work Instructions for Security Guards
• 12.2 Training on Security and Agricultural Inspections
• 12.7 Training on Visible Pest Contamination Prevention
• Summary of Importer's Required Security Measures

CTPAT Implementation Guidance for Criteria that Importers Should Accomplish

This lesson concentrates on the "should-do" areas that are different for each entity, in this case importers. They are not required, only suggestions to strengthen security as best practices.

(Estimated study time: 45 minutes)

• Introduction
• 2.2 Foreign Manufacturers, U.S. Importers and Exporters Should Map the Movement of Cargo Through the Supply Chain
• 5.5 Inspections of Conveyances and IIT Should be Recorded on a Checklist
• 5.6 Should Perform Security Inspections in a Controlled Access Area
• 5.8 Should Conduct Random Searches by Management After Staff Inspections
• 5.14 Requirements for Tracking, Reporting and Sharing of All Shipment Data Should be Contained in the Terms of Service Agreement
• 5.16 Should Prohibit Unscheduled Stops Near U.S. Land Border
• 7.4 Designated Personnel Should Supervise Loading of Cargo
• 7.5 Photograph Seal Installation and Forward to Destination
• 7.28 Verify Arriving and Departing Cargo Against Transport Documents
• 7.29 Transmit Assigned Seal Numbers to the Consignee Before Departure
• 7.30 Print Seal Numbers on Shipping Documents
• 10.7 CTPAT Members Allow Deliveries and Pickup by Appointment Only
• 10.9 Only Specially Designated Monitored Areas Used for Cargo Deliveries
• 12.6 Identification of Trade Based Money Laundering and Terrorism Financing
• Summary of Suggested Security Criteria for Importer's

CTPAT Implementation Guidance for Criteria that Customs Brokers Must or Should Accomplish

In the two previous lessons we cover the requirements for importers because Customs Brokers must be able to advise their clients about CTPAT. This lesson concentrates on the required and suggested areas that specifically involve Customs Brokers.

(Estimated study time: 48 minutes)

• Introduction
• Specific Customs Broker's Eligibility Requirements
• Specific Benefits for Supply Chain Service Providers
• 7.26 U.S. Customs Brokers Must Advise Clients to Report Anomalies
• 12.5 Customs Broker's Must be Able to Explain CTPAT Security Requirements to Importers
• 7.9 U.S. Customs Brokers Entry Summary Should Match Transaction Documents
• Summary of Customs Broker's Required Security Measures
• Summary of Suggested Security Criteria for Customs Brokers