CTPAT Resources

CTPAT Security Questionnaire FAQ

Written by Admin | Dec 6, 2023 8:09:41 PM

Sending, collecting, and documenting Security Questionnaires are all critical steps in completing your CTPAT Annual Assessment…however, new MSC guidelines on how to handle them correctly are notoriously hazy. Today, Veroot is here to answer the top five most frequently asked questions we receive on the topic.  See the transcription of the video below in case you want to read it and not watch it!

1) WHAT IS A SECURITY  QUESTIONNAIRE?

The CBP requires that you properly vet all business partners in your supply chain. There are two methods of doing this: the first is to go on-site and perform an audit, and the second – which is much easier and therefore much more popular among participants – is to send out a security questionnaire. This method allows you to skip a full-blown site visit, while still ensuring all key stakeholders in your supply chain are meeting MSC requirements.

After you send out the questionnaires and receive completed versions back from your business partners, it’s your job to review them and make any adjustments necessary to maintain CTPAT compliance. This usually means providing an action plan to any parties who are not meeting all the minimum security criteria.

2) TO WHOM DO I NEED TO SEND MY QUESTIONNAIRES?

The answer is given by the CBP’s regulations which state: “When a CTPAT Member outsources or contracts elements of its supply chain, the Member must exercise due diligence (via visits, questionnaires, etc.) to ensure these business partners have security measures in place that meet or exceed CTPAT’s Minimum Security Criteria (MSC).”

What that means from an actionable standpoint depends on your industry. For example, an importer needs to send surveys to manufacturers, suppliers, companies that play a part in transporting the product being imported (ground, ocean, air, etc.), and any third parties who handle digital information about those shipments (IT providers, brokers, etc.). A consolidator CTPAT member needs to send them to all parties involved in the logistics supply chain. This includes highway carriers, air carriers, ocean carriers, warehouse providers, and – again – any companies that handle digital information related to the shipment (IT providers, brokers, etc.).

Essentially, any entity involved in your supply chain needs to receive and complete a security questionnaire to provide you with documented confirmation that they’re following the requirements outlined in your CTPAT standard operating procedures.

A question we always get is “Well how far down do we need to go?” For instance, an importer may order from a master distributor – so in this case does the importer need to send a questionnaire to all the suppliers of that distributor? There is certainly some common sense involved because if you go all the way down the supply chain, you’ll eventually end up talking to raw material providers which could be hundreds of steps down the chain. So we always advise CTPAT members to at least send questionnaires to all first-level suppliers that show up in their ordering systems and on bills of lading. Certainly, this would include master distributors and any direct suppliers because they are involved in the supply chain. If the goods are purchased through a distributor, yet have a major impact on your business or you promote their products, it is always best practice to develop a relationship with the supplier directly and include them in your annual security questionnaire process. What you want to be able to show the CBP is sample shipment paperwork from beginning to end – and make sure everyone on the shipping paperwork is properly vetted via your questionnaire process.

3) DO I HAVE TO SEND THEM TO MY CLIENTS?

The short answer is “maybe,” and here’s why: CBP doesn’t specifically mention clients in their new MSC requirements, but if the nature of your business requires you to take some form of responsibility for the goods being shipped after a client interacts with them (in other words, if the client plays a part in your supply chain), you need to send them a security questionnaire.

For some people, that may sound like a turnoff to participating in the program…but don’t think so negatively! You could make a strong argument that requiring customers to complete the security questionnaire adds value to the services you provide for them. Sure, it takes a little bit of time and energy to fill out the document – which might not sound appealing since they’re paying you to work for them – but think about how reassuring it would be as a client to know that filling out that survey is part of a larger effort to prove at a government-approved level just how secure your supply chain is. You are effectively demonstrating that if someone chooses to work with you, there is little risk of their freight being damaged or disrupted as long as it is part of your supply chain.

We recommend pitching CTPAT the security questionnaire as a valuable service feature instead of a nuisance. You could say something like, “Hey, listen. This questionnaire is something we have to do as part of an agreement with the U.S. government to prove we have a secure supply chain. It’s gonna take you _________ minutes to fill out, but we require clients to complete it because it helps us ensure that the freight we’re responsible for is virtually guaranteed to reach its final destination intact and on time.”

4) WHEN DO I SEND OUT MY SECURITY QUESTIONNAIRES?

This one is pretty straightforward: send them on an annual basis. To maintain your CTPAT membership in good standing, Customs and Border Protection requires that you perform an Annual Risk Assessment that gets submitted to your assigned Supply Chain Security Specialist in order to pass your yearly CTPAT Renewal. We recommend time-stamping the security questionnaires when you send them out then finding a way to remind yourself to go through the process again every year.

5) WHERE CAN I GET ADDITIONAL ASSISTANCE?

If you need help managing your Security Questionnaires or any other part of your Annual Assessment, Veroot has CTPAT-specific software to automate all these processes and ultimately save you about 85%-90% of the time you’d spend completing everything manually. Learn more about how our platform can help.