As a member of CTPAT, each year you are required to pass an Annual Renewal conducted by your assigned Supply Chain Security Specialist (SCSS). Whether the audit is conducted remotely or on-site, companies need to conduct a CTPAT Annual Assessment internally ahead of the inspection.
With the CBP’s newly implemented minimum security criteria, companies often find themselves lacking clarity on what is expected of them when completing this assessment, and the uncertainty can be nerve-wracking. Here, we outline every step you need to take to execute a complete internal assessment and ultimately ensure your organization passes its CTPAT Renewal with flying colors each year.
This needs to be done annually at minimum, however, every six months would be considered “best practice” and every three months would be considered “above and beyond.”
To do this, start by setting up a meeting with your CTPAT Team (Designated Security Officer, Operations Manager, Warehouse Manager, HR Team, IT team, applicable Executive Staff, etc.), and work together to answer questions such as:
Also, be sure to review your current security questionnaire and CTPAT training material with the team. Consider whether new questions need to be added to comply with 2020 MSC regulations and evaluate whether the training currently provided to employees is adequate.
Finally, make sure you document these management meetings by keeping a log of attendance, what was discussed, and who owns any follow-up actions that result from the discussion.
If your vendors/business partners are CTPAT certified, simply add them to your CTPAT SVI partner portal, and if they are not certified, be sure to send them a CTPAT questionnaire so they can make you aware of processes they have in place to keep your supply chain safe. A good security questionnaire will allow you to spot gaps in their procedures so you can work with them to resolve any issues. Along with your security questionnaire, you should also send them your organization’s Standard Operating Procedures (SOPs) and CTPAT Training to ensure they are aware of your expectations.
Standardize a company-wide method to address any discrepancies found during your management review as well as any issues with business partner compliance that you may uncover upon return of their security questionnaires.
This action plan should include:
Coming into your CTPAT audit with at least one action plan already executed demonstrates to your SCSS that you understand the internal process of escalating and resolving any issues found during your Annual Assessment.
Before the meeting with your Supply Chain Security Specialist (SCSS), be sure to complete an up-to-date CTPAT Security Awareness Training Log. This can be in the form of an exported file from your e-training system or simply a spreadsheet detailing the dates and scores of each employee trained on the procedures.
First, create a document noting each country/region that plays a part in your supply chain. This can include suppliers, carriers, and – in some cases – even customers. From there, determine the risk level of each country to the U.S. supply chain and finally rank them individually on a scale of 1-3 (1 = risk, 3 = highest).
Select an example shipment and demonstrate using either words or graphics how that shipment enters and moves through your entire supply chain, all the way to its final destination. As you complete your Cargo make, be sure to identify any gaps in security, then document and update any new policies and processes to rectify those gaps.
Make sure your Visitor Logs, Cargo Pick Up Logs, and Seals Logs are being used by your team and updated properly by your internal CTPAT SOPs.
Confirm an Alarm and Camera checklist is regularly being used by your team as outlined in the standard operating procedures your company submitted to the CBP in your CTPAT Security Profile.
On the CBP website, make sure the following items are up-to-date in your official Security Profile.
Though this list is certainly not exhaustive, it is a relatively comprehensive sampling of the items that should be included in your Annual Assessment to demonstrate to your SCSS that your organization is doing its due diligence to maintain CTPAT compliance and protect the supply chain as effectively as possible.
As always, if you have questions or concerns about any piece of the Annual Assessment outlined above – or you want to learn how Veroot’s SaaS platform can automate these processes to alleviate 85%-90% of the annual workload?