The Total Guide to CTPAT Visitor Management Protocol

As most members are aware, there are a lot of standard operating procedures CTPAT participants must both document and enforce to comply with CBP’s minimum security criteria. There are so many SOPs that it’s often difficult to keep track without overlooking a requirement or two…and one of the processes we see fall through the cracks most often is the Visitor Management Process Flow.

Under new MSC regulations, companies must have a documented process to vet non-company personnel on the premises. Specifically, this rule applies to office visitors and drivers responsible for picking up or delivering cargo. Below, we walk through the basic outlines for CBP-approved office visitor and driver SOPs, as well as provide some insider tips and tricks to help you implement a fully compliant guest protocol.

CTPAT VISITOR MANAGEMENT PROCESS FRAMEWORK:

1. Non-employee site visitors (i.e. contractors, drivers, business partners, vendors, etc.) should not be able to enter your facility directly. Rather, they should be required to remain in the lobby or entry vestibule until they contact an employee who can determine the nature of their visit. If you don’t have a lobby or waiting area that restricts entry, they must stay outside until an employee can meet them.
2. The employee should then meet the visitor at the entry point and review their government or company-issued ID to verify the guest’s identity and credentials.  
3. Upon review of identification, guests should sign into a logbook with their full name, date, who they are visiting, and time of visit – at which time they should be issued an official visitor badge by an employee.  The employee who is vetting the visitor should also sign or initial the logbook to confirm the visitor was properly vetted.
4. All guests should display their visitor’s badges in a prominent location on their person (i.e. on a lanyard around their neck, pinned to their shirt, etc.) and be accompanied by a properly vetted employee for the duration of their time on-site.  
5. At the time of departure, guests must return their visitor’s badge to the visitor sign-in area. They must also sign out of the logbook, noting their time of exit. 

CTPAT CARGO PICKUP AND DELIVERY PROCESS FRAMEWORK:

There are added steps when the visitor is involved in picking up cargo. The basic structure of the cargo pickup and delivery SOPs should mirror that of the office visitor process outlined above. However, the identity of the driver, equipment, and company has to be 100% confirmed before accepting or releasing any cargo. Here are some of the additional items to include in your Visitor Management Process Flow for cargo pickup and delivery:

• The cargo pickup log must be kept confidential – meaning the driver should not see it – because the log contains certain information that could theoretically be used in criminal activity (i.e. seal numbers, company name, etc.). Therefore, the logbook must be kept behind a desk or locked away out of sight.
• When a driver arrives on the premises, they must not only pass the sign-in and standard ID check procedures that apply to all visitors (outlined in steps #2 – #3 above) but they should also be required to provide several additional pieces of information before entry. Beyond the first and last name, date, and arrival/departure time for each driver, the following items should also be recorded by the vetted employee responsible for managing the logbook:
  • Employer / Company Name
  • Truck Number
  • Trailer Number
  • Seal Number (if applicable – a seal is affixed to the shipment at the time of departure)

IMPLEMENTATION TIPS & TRICKS:

If your company doesn’t already have a visitor process in place, it’s relatively easy to get rolling. Below, we’ve put together some of Veroot’s favorite (and most helpful!) nuggets of wisdom to make it as easy as possible to put your documented Visitor Management procedures into practice:

• The Visitor Badges don’t have to be a certain style. A set of numbered badges attached to lanyards – or even sticky-back name tags – will work just fine. 
• The Visitor Logbook doesn’t have to be fancy either. As long as it provides the following fields (at minimum), you’ll be all set in the eyes of your SCSS:
  • First Name
  • Last Name
  • Company
  • Reason for Visit
  • Arrival Time
  • Departure Time
  • Guest ID Reviewed (Yes/No field)
  • Name of Employee Responsible for Check-In
• Per the CBP implementation guidance, a visitor log may double as a cargo log as long as the extra information outlined above (i.e. Company Name, Truck Number, Trailer Number, and Seal Number) is appended to the visitor log.  However, as mentioned, this extra information must be kept secure and out of reach of the driver.  For this reason, most companies use a different sign-in sheet and process for logging in office visitors versus drivers that pick up cargo.
• Keep in mind your Visitor Management Process Flow should be included in your CTPAT Security Profile. They should also be provided to all your business partners and vendors since they outline the critical steps to manage visitors to their facilities in a way your organization deems secure and compliant.

We hope this information helps point you in the right direction as you build out a CTPAT Visitor Management Process Flow to meet your organization’s needs. However, if you find yourself in search of additional help creating your SOPs (or any other CTPAT documentation, for that matter), Veroot has your back. Simply fill out a form by clicking below to get the ball rolling!