CTPAT is rounding the bend into change territory! The road ahead is both familiar and new, with some of the first signs already added to the landscape. U.S. Customs and Border Protection, (CBP) presented its CTPAT Roadmap for the future of the program at the Customs Trade Partnership Against Terrorism (CTPAT) Conference focusing on 2018 and beyond. And yes, no typo here, the hyphen has been omitted from the name, and there is a new logo. A distinctive, well executed, branding with a slogan that is befitting to its mission, “Your Supply Chain’s Strongest Link.” Oh yes, and there’s a new woman leading the way, Liz Schmelzinger, Director of CTPAT programs in CBP’s Office of Field Operations.
CTPAT was established in 2001 as a public-private voluntary program to allow commerce and trade to participate in preventing further terrorist attacks. Today, with more than 11,000 certified members and objectives that have moved beyond identifying, “things that can blow up,” CTPAT is enlarging its scope and embracing new technology and concepts to fight the broadening threats to the global supply chain.
The new framework is encouraging to longtime participants and will certainly offer new possibilities to those who have not yet taken the step to join. The biggest standout in the presentation was that the “minimum security criteria” will be updated and modernized. We can expect to see changes in areas like:
- Cybersecurity – This one is in definite need of new input. MUCH has developed in the cyber area since 2001 – just think about that one for a
- Money laundering – focusing on identifying and preventing the destructive effects of this
- Seal Standards – Terrorists and overall bad-actors have developed sophisticated ways of tampering with and compromising the current ISO 17712 high-security seals. Technology is available in this area that can greatly improve cargo
- Terrorism financing – Securing monetary funds is a targeted goal for hackers residing in the ranks of terrorist organizations, and they take full advantage of the gaps. CBP is going to close those
- Personnel security – A compromised supply chain can be traced back to internal conspiracies approximately 95% of the time. (According to the post-incident analysis reports received by CBP over the past few years).
- Business partner requirements – CBP will be putting a bigger emphasis on initial selection and screening of business partners and service providers. Additionally, greater weight will be placed on risk analysis procedures of existing partners with a big push on verifiable processes and senior management buy-in.
- Best Practices – will have five (5) definable points: Verifiable evidence, Documented processes, Senior management buy-in, Systems and checks, and Innovative business practices. The leading change in best practices comes in the form of scalability, allowing more small and medium-sized participants to achieve this status. Schmelzinger indicated, “If you’re sophisticated enough to organize an international transaction, then you can incorporate best practices ”
- Portal 2.0 – The portal has a whole new crew of IT professionals working on it. (of note; you will officially be able to use Chrome or Safari, or an internet browser of your choice in the near future! For now, the recommendation is to stick to Explorer.) Also of note, SVI numbers are officially obsolete, so now you can not only request monitoring of a participant through the portal, but can also send a status email to non-SVI partners under the SVI field.
- Technology – CBP will not require any specific technology, but will validate that you are using the technology you have. For instance, do you monitor and audit ACE reports? Do you schedule a time to revisit the threat assessment process identifying emerging dangers or risks that could impact your supply chain? Do you periodically “test” employees to see if they are following the processes that are in
And last, but certainly not the bottom of the priority list,
- Training – CTPAT has developed a library of resources that can be utilized in making sure your company, from the top down, has the training to participate in and properly evaluate the security of your supply chain. Some suggestion for updating your training were: Security Threat Assessment and Identifying Internal Conspiracies Eight Signs of Terrorism Container and Conveyance Inspection IT Security and You
Best Practices Evaluation
CBP has placed some helpful material in their resource library to assist you in preparing training internally. They have also published a good guideline for planning your training; they call it a Mindmap. Click the link below to see the CTPAT publication on Security Awareness Training.
Additionally, consider third-party training and audits. This type of external involvement can help you maintain and improve your supply chain security. External instructors can offer a different methodology providing focused training to reinforce your commitment to security and offer the latest updates in information. Third party audits or assessments of CTPAT operations and security can add validity to your processes and help you identify any gaps or risks with recommendations for improvement and continuing development.
For new applicants, and those of you in line for revalidation, in order to achieve maximum benefits relating to the latest protocols, and to minimize supply chain disruption, consider seeking outside assistance in conducting a security assessment and in completing the CBP portal responses before submitting your security profile.