| Q: |
1.Why is CBP
updating the security guidelines for C-TPAT importers? Will other
enrollment sectors also be subject to new minimum-security criteria? |
| A: |
For C-TPAT to ensure its continued viability, effectiveness, and
relevance, the program must continue to evolve – as the terrorist
threat and the nature of global trade evolves. The impetus for
strengthening the existing security guidelines is to provide more
detail to the membership on the expectations of the program, and to
assist CBP in defining a more consistent baseline for minimal
program requirements and better-defined C-TPAT benefits. Throughout
2005, CBP will work with the trade community to develop
minimum-security criteria for all enrollment sectors.
|
| |
| Q: |
2. What basis
did CBP use in developing the new security criteria? |
| A: |
The new security criteria are based on the processes, procedures and
best practices collected from the thousands of security profiles
that CBP has reviewed and approved, and the more than 470
validations that have been completed and documented to date. The new
criteria were developed in partnership with the trade community over
a 6-month period. |
| |
| Q: |
3. Does CBP intend to revise the security
guidelines for all sectors of C-TPAT membership? If so, has CBP
determined the timeframe for completion of the refined security
criteria for each sector? |
| A: |
Yes. CBP will move forward with revising the current security
guidelines for each sector of membership. After the new C-TPAT
security criteria for importers has been announced, CBP will begin
revising the sea carriers, air carriers and foreign manufacturers
sectors concurrently. |
| |
| Q: |
4. Has the C-TPAT
membership participated in developing the new security criteria? |
| A: |
Yes. The first draft of the new security criteria was disseminated
in October of 2004 to a group of 18 C-TPAT importers and trade
associations for review and comment. In November, the process was
merged into the larger COAC C-TPAT Subcommittee where modifications
to the initial draft were made based upon feedback from the trade
community. Several additional drafts were then circulated and
several conference calls and meetings transpired until the process
was finalized in February 2005. |
| |
| Q: |
5. Is CBP
moving towards making C-TPAT a regulatory program? |
| A: |
No. C-TPAT will continue to evolve as a voluntary, incentives based
government / private sector partnership. As C-TPAT evolves, the
program will continue to work in partnership with the stakeholders
of the international supply chain and cooperatively develop improved
systems of security and efficiency. |
| |
| Q: |
6. The new C-TPAT security criteria contain
mandatory elements that may potentially place a greater burden of
responsibility on the importer. Doesn’t this constitute a major
policy shift within C-TPAT – from voluntary to mandatory
requirements? |
| A: |
No. C-TPAT remains a voluntary, incentive based partnership.
However, once a company commits to the C-TPAT program, there are
specific program requirements that must be adhered to by the company
to qualify for C-TPAT benefits, which are significant. C-TPAT
importers are six times less likely to undergo a security related
cargo examination, and 4 times less likely to be subject to a trade
related examination, than non-C-TPAT members. These significantly
fewer cargo examinations help save importers time and money, while
leading to a more predictable supply chain. CBP continues to explore
additional benefits, which can be afforded members who meet or
exceed the minimum-security criteria. |
| |
| Q: |
7. Will it be
possible to differentiate Supplier-Importer combinations as "green
lane" or high risk since it may not be economically feasible to
conduct periodic reviews of all suppliers? |
| A: |
C-TPAT member importers commit to strengthen their entire supply
chains and adopt appropriate security measures based on risk, and
cannot exclude a particular segment of their supply chain from this
commitment based on economic feasibility. Importers must ensure
business partners develop security processes and procedures
consistent with the C-TPAT security criteria to enhance the
integrity of the shipment at point of origin, and throughout the
supply chain. Periodic reviews of business partners' processes and
facilities should be conducted based on risk, and should maintain
the security standards required by the importer. |
| |
| Q: |
8. Some security standards such as
background checks are not permitted in certain foreign countries.
Are these suppliers therefore not permitted to export to the United
States? |
| A: |
Processes must be in place to screen prospective employees and to
periodically check current employees, consistent with foreign,
federal, state, and local regulations. If prohibited by law from
conducting a criminal or financial background check or
investigation, some types of applicant information such as
employment history, employment references, etc., can still be
verified as part of the screening process. Members should be certain
to document what level or checks have been initiated, as well as
document limitations imposed by foreign law. |
| |
| Q: |
9. Do the
physical security standards apply to the supplier as well as the
importer? |
| A: |
As outlined in the business partner requirements, appropriate
security measures, as listed throughout the C-TPAT Security Criteria
document, must be implemented and maintained throughout the
importer’s supply chains, based on risk. Foreign suppliers,
manufacturers, cargo handling and storage facilities in foreign
locations must have physical barriers and deterrents that guard
against unauthorized access. |
| |
| Q: |
10. Is "indication" of participation really
adequate? And what does indication mean? Shouldn't the information
be available publicly, as on the CBP or WCO web site. |
| A: |
Importers must have written and verifiable processes for the
selection of business partners including manufacturers, product
suppliers and vendors. For those business partners eligible for C-TPAT
certification (carriers, ports, terminals, brokers, consolidators,
etc.) the importer must have documentation (e.g., C-TPAT
certificate, SVI number, etc.) indicating whether these business
partners are or are not C-TPAT certified. For those business
partners not eligible for C-TPAT certification, importers must
require their business partners to demonstrate that they are meeting
C-TPAT security criteria via written/electronic confirmation (e.g.,
contractual obligations; via a letter from a senior business partner
officer attesting to compliance; a written statement from the
business partner demonstrating their compliance with C-TPAT security
criteria or an equivalent WCO accredited security program
administered by a foreign customs authority; or, by providing a
completed importer security questionnaire). Periodic review should
be conducted, based on risk. |
| |
| Q: |
11. Thousands of legitimate shipments are
made each year to importers without a purchase order or contract
being issued. (e.g, returned goods, samples, prototypes, unsolicited
promotional, marketing or advertising material) Importers have no
control over these type of shipments or the security of the party
shipping them. How will these shipments be treated for C-TPAT
participation purposes? What CBP ATS security rating will be given
to these shipments at the time of import? |
| A: |
C-TPAT recognizes the complexity of international supply chains and
endorses the application and implementation of security measures
based upon risk analysis. Therefore, the program allows for
flexibility and the customization of security plans based on the
member’s business model. Where an importer outsources or contracts
elements of their supply chain, such as a foreign facility,
conveyance, domestic warehouse, or other elements, the importer must
work with these business partners to ensure that pertinent security
measures are in place and adhered to throughout their supply chain.
Unsolicited shipments will understandably lie outside the capability
of the importer to ensure security. CBP employs a risk management
approach in screening and targeting, and such shipments, as well as
those from unknown or less established entities, receive higher
scrutiny from CBP. The agency does not disclose ATS targeting
rules. |
| |
| Q: |
12. Beyond the above type of shipments
nothing can prevent a terrorist anywhere in the world from
addressing a shipment to a C-TPAT importer, prepaying the freight
and shipping the goods. Will CBP apply a reduced ATS security rating
to these shipments even though no one can prevent these shipments
from being made or ensure the security of the party sending them? |
| A: |
CBP will continue to target and examine shipments based on risk.
Shipments from unknown or less established entities receive higher
scrutiny from CBP. |
| |
| Q: |
13. C-TPAT participation for importers
appears to be an all or nothing situation. That is - either an
importer guarantee every shipment to them is secure or they lose
their C-TPAT membership. What is the means for an importer to
exclude from their C-TPAT program shipments from suppliers who
refuse or are incapable addressing supply chain security issues? |
| A: |
While C-TPAT recognizes the complexity of international supply
chains and endorses the application and implementation of security
measures based upon risk analysis, C-TPAT membership does entails a
commitment to strengthen entire supply chains and adopt appropriate
security measures based on risk. C-TPAT importers are not expected
to guarantee that every shipment is secure, but rather, importers
must demonstrate an ongoing commitment towards strengthening their
supply chains. |
| |
| Q: |
14. Will an importer lose their C-TPAT
membership when a supplier who refuses to cooperate is the only
supplier in the world for a critical good, material or piece of
machinery or equipment? (e.g. supplier holds the only patent,
supplier has the only manufacturing capability, supplier has the
only manufacturing capacity, supplier is the only cost competitive
source) |
| A: |
C-TPAT members must make every effort to leverage their business
relationships to enhance the security of the supply chain from point
of stuffing, through the CBP clearance process. Membership entails a
demonstrated commitment towards meeting this goal, yet the program
recognizes the difficulties involved in securing all aspects of the
importer’s entire international supply chains. If the importer
continues to demonstrate this commitment, membership will be
retained. |
| |
| Q: |
15. The proposed C-TPAT program states that
it allows for “flexibility and customization of security plans,”
however, the proposed criteria are drafted as “mandatory”
requirements. In the event that a requirement is not met due to
circumstances outside of the participating C-TPAT importer, what
would be the resulting consequences for the importer? (e.g. supplier holds the only patent,
supplier has the only manufacturing capability, supplier has the
only manufacturing capacity, supplier is the only cost competitive
source) |
| A: |
As a voluntary, incentives based partnership program, C-TPAT member
importers must demonstrate an ongoing commitment towards
strengthening their supply chains and in return, CBP affords
benefits such as reduced cargo inspections. Importers who continue
to strive towards enhancing their supply chain security will
continue to receive member benefits. |
| |
| Q: |
16. At this time, CBP has chosen not to
promulgate the standards for joining and maintaining participation
in the program through a regulatory process. Is it envisioned that
C-TPAT will evolve into a regulatory program in the future? |
| A:
|
No. C-TPAT will continue to evolve as a voluntary government/private
sector partnership. As C-TPAT evolves, the program will continue to
work in partnership with the stakeholders of the international
supply chain and cooperatively develop improved systems of security
and efficiency. |
| |
| Q: |
17. Will certification and validation audits
for C-TPAT participants differ under the new criteria from those
already in place? |
| A: |
As of March 25, 2005, new importers to the C-TPAT program will have
their security profile certified and validated against the new
minimum security criteria. Existing members will be expected to
bring their security measures into compliance with the new criteria
over a phased in period, ending 180 days after the March 25, 2005,
effective date of the new criteria. (See C-TPAT Security Criteria
Implementation Plan for specific details). Validations of existing
members will be conducted using the new criteria after the phased in
implementation period has ended. Members will not be expected to
resubmit their security profile, but necessary adjustments or
modifications must be undertaken to ensure that the supply chain
security measures meet or exceed the minimum, baseline security
criteria. If a validation determines that the importer is not
meeting the new minimum security criteria after the phase in period
has passed, benefits may be suspended until such criteria are met. |
| |
| Q: |
18. What is the expected time period that it
will take for an importer to become certified under the new
criteria? And validated under the new criteria? |
| A: |
The length of time it will take an importer to bring their security
measures into line with the security criteria depends on the degree
to which changes are needed. Existing C-TPAT importer members will
be afforded 180 days from the date of implementation to ensure full
compliance with the security criteria. New members must meet these
criteria prior to being certified. Validations will continue to be
conducted based on risk. |
| |
| Q: |
19. Will companies who are already certified
or validated be required to undergo a new evaluation to retain that
status? |
| A: |
No. Existing members will not be required to re-submit their
security profile. Those existing members who have previously
completed a validation will not automatically be subject to
additional validation, however, validations will continue to be
initiated based on risk. As CBP continues to hire additional Supply
Chain Specialists, validations and re-validations were become more
common. See C-TPAT Security Criteria Implementation Plan for
specific details. |
| |
| Q: |
20. Importers must evaluate the cost and
risks associated with participating in C-TPAT against the benefits.
To assist importers in this regard, please identify the specific
benefits that an importer will receive based on its participation in
C-TPAT. |
| A: |
Certified members will continue to receive fewer cargo inspections,
allowed access to land border expedited processing via the FAST
program, and granted participation into the Importer Self Assessment
program. Additional benefits are currently being discussed within
CBP and more detailed information concerning additional benefits
will be provided in the near future. It should be noted that C-TPAT
members are 6 times less likely to undergo a security related
examination, and 4 times less likely to undergo a trade related
examination, as compared to non-C-TPAT members. There are clearly
financial benefits as a result of these fewer inspections. |
| |
| Q: |
21. What future plans are envisioned for C-TPAT? Will C-TPAT be
offered to entities outside of the U.S. and North America? What
types of businesses would qualify for the program? |
| A: |
At present, the C-TPAT program is open to U.S. importers, carriers,
brokers, freight forwarders, consolidators, ports, terminal
operators, northern and southern border truck carriers, and Mexican
manufacturers. Should enrollment be expanded to additional sectors,
the public will be notified via the CBP website. |
| |
| Q: |
22. Will participation in other security programs administered by
other government agencies affect an importer’s obligation to comply
with the C-TPAT criteria? |
| A: |
CBP has attempted to align the C-TPAT program requirements to
security programs administered by other government agencies, to
reduce redundancy and ensure a logical, consistent approach.
Generally, companies who participate in other government
administered security related programs find it easier to meet or
exceed the program requirements of C-TPAT. |
| |
| Q: |
23. Will the new standards apply equally to
companies of all sizes (large, medium and small)? And to all kinds
of commodities? |
| A: |
Yes. C-TPAT recognizes the complexity of international supply chains
and endorses the application and implementation of security measures
based upon risk analysis. Therefore, the program allows for
flexibility and the customization of security plans based on the
member’s business model. Membership in this voluntary, incentives
based partnership entails a commitment to strengthen the entire
supply chain. |
| |
| Q: |
24. The preamble to C-TPAT Security Criteria
for importers states that importers must assess their supply chains
and take appropriate security measures based on “risk.” What factors
should importers take into account to conduct a “risk analysis?” |
| A: |
Importers shall have a documented and verifiable process for
determining risk throughout their supply chains based on their
business model (i.e., volume, country of origin, routing, potential
terrorist threat via open source information, recognized weaknesses
in the supply chain, etc.) |
| |
| Q: |
25. Is there a specified timeline within
which the importer must verify compliance with C-TPAT criteria?
Also, for existing importers enrolled in C-TPAT, what is the
timeframe that existing members must be compliant? (whether or not
they have been validated previously) |
| A: |
See C-TPAT Security Criteria Implementation
Plan for specific details. |
| |
|
| Q: |
26. Under the “Business Partner Requirement”
importers must have documentation to indicate that their partners
are or are not C-TPAT certified. Examples such as C-TPAT
certificates and SVI number are given. Please provide other examples
on how this documentation might be accomplished? |
| A: |
For those business partners eligible for C-TPAT certification the
importer must have documentation indicating whether these business
partners are or are not C-TPAT certified. The two readily available
means to document C-TPAT certification is either the C-TPAT
certificate or SVI number. |
| |
| Q: |
27. C-TPAT importers are provided several
means to show that their business partners are meeting appropriate
C-TPAT standards. How flexible will CBP be with smaller and medium
size importers, and those of different commodities, who may not
enjoy the leverage to conduct these examinations? |
| A: |
C-TPAT member importers commit to strengthen their entire supply
chains and adopt appropriate security measures based on risk.
Importers must ensure business partners develop security processes
and procedures consistent with the C-TPAT security criteria to
enhance the integrity of the shipment at point of origin. Periodic
reviews, which does not necessarily imply an actual physical review
of the foreign manufacturer/supplier, of business partners'
processes and facilities should be conducted based on risk, and
should maintain the security standards required by the importer. A
Best Practices document under development will provide several
avenues through which small to mid size importers have been
successful in leveraging their business partners |
| |
| Q: |
28. Point of Origin section states that
“Importers must ensure business partners develop security processes
and procedures consistent with the C-TPAT security criteria to
enhance the integrity of the shipment at point of origin.” How far
back into the supply chain must a certified C-TPAT importer go to
ensure and maintain proper security standards assuming that risks
are equal? |
| A: |
Importers must conduct a comprehensive assessment of their
international supply chains. Where an importer outsources or
contracts elements of their supply chain, such as a foreign
facility, conveyance, domestic warehouse, or other elements, the
importer must work with these business partners to ensure that
pertinent security measures are in place and adhered to throughout
their supply chain. The supply chain for C-TPAT purposes is defined
from point of origin manufacturer / supplier / vendor) through to
point of distribution – and recognizes the diverse business models
C-TPAT members employ. |
| |
| Q: |
29. What steps must an importer take to
ensure that their business partners develop security processes and
procedures consistent with the C-TPAT security criteria? |
| A: |
Importers must require their business partners to demonstrate that
they are meeting C-TPAT security criteria via written/electronic
confirmation (e.g., C-TPAT certificates; SVI number; contractual
obligations; via a letter from a senior business partner officer
attesting to compliance; a written statement from the business
partner demonstrating their compliance with C-TPAT security criteria
or an equivalent WCO accredited security program administered by a
foreign customs authority; or, by providing a completed importer
security questionnaire). |
| |
| Q: |
30. How frequently should an importer
conduct a review of its business partner to “ensure” compliance with
C-TPAT standards? |
| A: |
C-TPAT recognizes the complexity of international supply chains and
endorses the application and implementation of security measures
based upon risk analysis. Therefore, the program allows for
flexibility and the customization of security plans based on the
member’s business model. High risk supply chain components should be
reviewed more frequently than low risk components. |
| |
| Q: |
31. The criteria for container security
state that the integrity of the container must be maintained to
protect it from introduction of unauthorized materials and
personnel. Under many circumstances the importer has no direct
control or responsibility before it is assigned use or when the
container is stuffed by (an) outside third party(ies) and is
transported by a carrier. The same is also true for container
inspections, seals and storage. What steps can an importer take
regarding these circumstances in order to comply with this standard? |
| A: |
C-TPAT recognizes the complexity of international supply chains and
endorses the application and implementation of security measures
based upon risk analysis. Therefore, the program allows for
flexibility and the customization of security plans based on the
member’s business model. High risk supply chain components should be
reviewed more frequently than low risk components. |
| |
| Q: |
32. Do the proposed criteria for physical
access controls, personnel security, procedural security, security
training and threat awareness, physical security and information
technology security apply only to facilities and operations that are
under the direct control of the importer? Do they also apply to
overseas parties with whom the importer does business? If yes, how
should these requirements be applied when the importer uses an
overseas supplier only on rare or one occasion? |
| A: |
C-TPAT recognizes the complexity of international supply chains and
endorses the application and implementation of security measures
based upon risk analysis. Therefore, the program allows for
flexibility and the customization of security plans based on the
member’s business model. Where an importer outsources or contracts
elements of their supply chain, such as a foreign facility,
conveyance, domestic warehouse, or other elements, the importer must
work with these business partners to ensure that pertinent security
measures are in place and adhered to throughout their supply chain.
Through the Business Partner Requirements, importers are expected to
leverage their business relationships to enhance security measures,
throughout the entire supply chain, not just those parties under
direct control of the importer. |
| |
| Q: |
33. With regard to proper vendor ID under physical access controls,
please provide examples on what constitutes proper (photo
identification) ID? |
| A: |
Proper photo identification will vary based on the foreign/domestic
location of the facility. Proper vendor ID may be any government
issued photo identification document, or any comparable type of
documentation which establishes the identity of the bearer. The
crucial aspect of this criteria is to establish who is entering the
facility; members are not expected to be experts at fraudulent
document detection. |
| |
| Q: |
34. As for cargo discrepancies, CBP is
required to be notified if “illegal or suspicious activities are
detected, as appropriate.” Can CBP provide examples of the kinds of
discrepancies that would and would not warrant notification? Is this
referring to when the cargo is received at the final destination on
the bill of lading? Please Note: Full container shipments moving via
an ocean carriers bill of lading are "Shippers Load, Stow & Count",
so unless there is an inspection of the container requested by CBP,
discrepancies - such as shortages or overages would not be
identified until the cargo reaches the final destination on the bill
of lading. |
| A: |
All shortages, overages, and other significant discrepancies or
anomalies must be resolved and/or investigated appropriately.
Customs and/or other appropriate law enforcement agencies must be
notified if illegal or suspicious activities are detected - as
appropriate. Examples of illegal or suspicious activities range from
the presence of contraband or stowaways/illegal migrants,
significant theft or pilferage, introduction of material(s)/items
after point of stuffing, and other unusual activities which may
indicate criminal actions. |
| |
| Q: |
35. The Business Partner Requirement section states that an
importer’s business partners should be C-TPAT certified or otherwise
compliant with C-TPAT criteria. Can a C-TPAT importer do business
with a business that is not C-TPAT certified or compliant? If so,
what are the consequences of doing so? |
| A: |
C-TPAT members are expected to demonstrate a commitment toward
strengthening their entire supply chains. One way to demonstrate
this commitment is through the use of other C-TPAT certified
members, or those certified through an equivalent WCO accredited
security program administered by a foreign customs authority. If
using non-C-TPAT business partners, the C-TPAT member must be aware
of the security measures employed by their business partner, and
these measures must be subject to verification of compliance with C-TPAT
security criteria by the importer. |
| |
|
| Q: |
36. Will the C-TPAT program distinguish between compliant and
non-compliant suppliers? How? Will shipments from nonconforming
suppliers be treated differently by CBP? How would CBP know which
suppliers are conforming and which are not? |
| A: |
See answer to question #7 above. |
| |
| Q: |
37. When compliant suppliers’ cargo is mixed with non-compliant
suppliers’ cargo in a consolidated load, what is the consequence? |
| A: |
CBP employs a risk management approach in screening and targeting
import and export shipment. Shipments from non-C-TPAT certified
members, or those from unknown or less established entities receive
higher scrutiny from CBP. If C-TPAT member cargo is imported in the
same container as high risk cargo imported by another party, and an
examination of the higher risk cargo is necessary, the entire
shipment will be examined. |
| |
| Q: |
38. When compliant suppliers’ cargo is mixed
with non-compliant suppliers’ cargo in a consolidated load, what is
the consequence?/ |
| A: |
CBP employs a risk management approach in screening and targeting
import and export shipment. Shipments from non-C-TPAT certified
members, or those from unknown or less established entities receive
higher scrutiny from CBP. If C-TPAT member cargo is imported in the
same container as high risk cargo imported by another party, and an
examination of the higher risk cargo is necessary, the entire
shipment will be examined. |
| |
| Q: |
39. Does a compliant consolidator “cleanse”
noncompliant suppliers? |
| A: |
Not necessarily, though the supply chain is made more secure by this
activity. This activity would not necessarily ensure that the cargo
itself is not containing contraband or other items which may be a
threat or terrorist weapon. Importers must still advance supply
chain security enhancements throughout their business partners. One
secure piece of the supply chain does not “cleanse” other, less
secure components. |
| |
| Q: |
40. The criteria lists many “requirements”.
At the same time it says: “the program allows for flexibility and
the customization of security plans based on the member’s business
model.” Does this mean that the C-TPAT importer can, using its
customization discretion, not apply various program “requirements”? |
| A: |
While the C-TPAT program recognizes the complexity of international
supply chains and endorses the application and implementation of
security measures based upon risk analysis, importers must work with
their business partners to ensure that pertinent security measures
are in place and adhered to throughout their supply chain. The
program allows for flexibility and the customization of security
plans based on the member’s business model which demonstrates that
the baseline, minimum security criteria are being met or exceeded. |
| |
| Q: |
41. Does CBP believe that importers have
sufficient information to make accurate terrorist risk assessments
throughout their supply chains? |
| A: |
Yes. Importers shall have a documented and verifiable process for
determining risk throughout their supply chains based on their
business model (i.e., volume, country of origin, routing, potential
terrorist threat via open source information, etc.). Importers who
employ good business practices are aware of the risks posed by
foreign countries in which they operate. |
| |
| Q: |
42. CBP has expressly used the term “as
applicable” throughout the document. Is it the intention that “as
applicable” be used by the importer to modify and/or provide
alternatives to these “requirements” such that a level of security
within the specific parameter is met, but not necessarily exactly as
indicated? This may be the same as the guidelines in TD 72-56 for
bonded facilities. Is our interpretation of this term, “as
applicable” correct? |
| A: |
Yes. C-TPAT recognizes the complexity of international supply chains
and endorses the application and implementation of security measures
based upon risk analysis. Therefore, the program allows for
flexibility and the customization of security plans based on the
member’s business model. |
| |
| Q: |
43. Do foreign entities which participate
in, and are certified by, the Business Anti-Smuggling Coalition (BASC)
automatically meet C-TPAT business partner security requirements? |
| A: |
BASC and C-TPAT remain separate programs, though very similar in
philosophy and overall program objective, which is to enhance supply
chain security to reduce vulnerabilities. Membership in BASC does
help establish that the foreign business partner is meeting minimum
security criteria, but a complete review would still be needed to
identify any deficiencies which need to be addressed. |
skype:ourseal.com
Whatsapp:13857716781 
