Customer Guidance C-TPAT

March 25th Importer Requirements

C-TPAT Partner Application for Importers - Instructions

For More Information:

Contact Industry Partnership Programs at (202) 344-1180 or fax (202) 344-2626 or email us, at
industry.partnership@dhs.gov

Or Pinkerton Supply Chain Security, Cassandra Cannon 919-676-1881, cassandra.cannon@ci-

pinkerton.com or Barry Wilkins 703-413-2340 Barry.wilkins@ci-pinkerton.com

Importer for C-TPAT Application Qualifications

1. Active U.S. Importer or Non-Resident Canadian Importer into the United States.

2. Have a business office staffed in the United States or Canada.

3. Have active U.S. importer of record ID(s) in either of the following formats:

• U.S. Social Security Number

• U.S. Internal Revenue Service assigned ID(s)
• CBP assigned Importer ID

4. Possess a valid continuous import bond registered with CBP.

5. Have a designated company officer that will be the primary cargo security officer responsible for C-
TPAT.

6. COMMIT to maintaining CBP C-TPAT supply chain security criteria as outlined in the C-TPAT importer
agreement.

7. Create and provide CBP with a C-TPAT supply chain security profile, which identifies how the importer
will meet, maintain, and enhance internal policy to meet the C-TPAT importer security criteria.

Application Instructions:

Step 1. Prepare a C-TPAT Supply Chain Security Profile

Importers are required to complete and submit to CBP a Supply Chain Security Profile that addresses
each item in the C-TPAT Security Criteria for Importers. The security profile SHOULD summarize the
importer’s COMMITMENT to ensuring adherence to the following C-TPAT security criteria for importers:

C-TPAT Security Criteria for Importers

Importers MUST conduct a comprehensive assessment of their international supply chains based upon
the following C-TPAT security criteria. Where an importer out sources or contracts elements of their
supply chain, such as a foreign facility, conveyance, domestic warehouse, or other elements, the importer
MUST work with these business partners to ENSURE that pertinent security measures are IN PLACE
and ADHERED TO throughout their supply chain. The supply chain for C-TPAT purposes is defined from

Page 1 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements
point of origin (manufacturer/supplier/vendor) through to point of distribution and recognizes the diverse
business models C-TPAT members employ.

C-TPAT recognizes the complexity of international supply chains and endorses the application and
implementation of security measures based upon RISK analysis. Therefore, the program allows for
flexibility and the customization of security plans based on the member’s business model.

Appropriate security measures, as listed throughout this document, MUST be implemented, and
maintained throughout the importer’s supply chains, BASED ON RISK.

Business Partner REQUIREMENTS

Importers MUST have WRITTEN and verifiable processes for the selection of business partners
including manufacturers, product suppliers, and vendors.

Security Procedures
For those business partners eligible for C-TPAT certification (carriers, U.S. ports, terminals, brokers,
consolidators, etc.) the importer MUST have DOCUMENTATION (e.g., C-TPAT certificate, SVI number,
etc.) indicating whether these business partners are or are NOT C-TPAT certified.

For those business partners NOT eligible for C-TPAT certification, importers MUST REQUIRE business
partners to demonstrate that they are meeting C-TPAT security criteria via WRITTEN/electronic
confirmation (e.g., contractual obligations via a letter from a senior business partner officer attesting to
compliance; a WRITTEN statement from the business partner demonstrating their compliance with C-
TPAT security criteria or an equivalent WCO accredited security program administered by a foreign
customs authority; or by providing a completed importer security questionnaire).Based upon a
DOCUMENTED RISK assessment process, non-C-TPAT eligible business partners MUST be subject to
verification of compliance with C-TPAT security criteria by the importer.

Point of Origin
Importers MUST ENSURE business partners develop security processes and procedures consistent with
the C-TPAT security criteria to enhance the integrity of the shipment at point of origin. Periodic
reviews of business partners’ processes and facilities SHOULD be conducted BASED ON RISK, and
SHOULD maintain the security standards required by the importer.

Participation / Certification in Foreign Customs Administrations Supply Chain Security Programs

Current or prospective business partners who have obtained a certification in a supply chain security
program being administered by foreign Customs administration SHOULD be required to indicate their
status of participation to the importer.

Other internal criteria for selection

Internal requirements, such as financial soundness, capability of meeting contractual security
requirements, and the ability to identify and correct security deficiencies as NEEDED, SHOULD be
addressed by the importer. Internal requirements SHOULD be assessed against a RISK-based process
as determined by an internal management team.

Container Security
Container integrity MUST be maintained to protect against the introduction of unauthorized material
and/or persons. At point of stuffing, procedures MUST be IN PLACE to properly seal and maintain the
integrity of the shipping containers. A high security seal MUST be affixed to ALL loaded containers
bound for the United States. ALL seals MUST meet or exceed the current PAS ISO 17712 standards for
high security seals.

Page 2 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements
Container Inspection
Procedures MUST be IN PLACE to verify the physical integrity of the container structure prior to stuffing,
to include the reliability of the locking mechanisms of the doors. A 7-point inspection process is
RECOMMENDED for ALL containers:

• Front wall
• Left side
• Right side
• Floor
• Ceiling/Roof
• Inside/outside doors
• Outside/Undercarriage

Container Seals
WRITTEN procedures MUST stipulate how seals are to be controlled and affixed to loaded containers - to
include procedures for recognizing and reporting compromised seals and/or containers to U.S. Customs
and Border Protection or the appropriate foreign authority. Only designated employees SHOULD
distribute container seals for integrity purposes.

Container Storage
Containers MUST be stored in a secure area to prevent unauthorized access and/or manipulation.
Procedures MUST be IN PLACE for reporting and neutralizing unauthorized entry into containers or
container storage areas.

Physical Access Controls

Access controls prevent unauthorized entry to facilities, maintain control of employees and visitors, and
protect company assets. Access controls MUST include the positive identification of ALL employees,
visitors, and vendors at ALL points of entry.

Employees
An employee identification system MUST be IN PLACE for positive identification and access control
purposes. Employees SHOULD only be given access to those secure areas NEEDED for the
performance of their duties. Company management or security personnel MUST adequately control the
issuance and removal of employee, visitor, and vendor identification badges. Procedures for the
issuance, removal and changing of access devices (e.g. keys, key cards, etc.) MUST be DOCUMENTED.

Visitors Controls
Visitors MUST present photo identification for DOCUMENTATION purposes upon arrival. ALL visitors
SHOULD be escorted and visibly display temporary identification.

Deliveries (including mail)

Proper vendor identification (ID) and/or photo identification MUST be presented for DOCUMENTATION
purposes upon arrival by ALL vendors. Arriving packages and mail SHOULD be periodically screened
before being disseminated.

Challenging and Removing Unauthorized Persons

Procedures MUST be IN PLACE to identify, challenge and address unauthorized/unidentified persons.

Personnel Security
Processes MUST be IN PLACE to screen prospective employees and to check periodically current
employees.

Page 3 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements
Pre-Employment Verification
Application information, such as employment history and references MUST be verified prior to
employment.

Background checks / investigations

Consistent with foreign, federal, state, and local regulations, background checks and investigations
SHOULD be conducted for prospective employees. Once employed, Periodic checks and
reinvestigations SHOULD be performed based on cause, and/or the sensitivity of the employee’s
position.

Personnel Termination Procedures

Companies MUST have procedures IN PLACE to remove identification, facility, and system access for
terminated employees.

Procedural Security
Security measures MUST be IN PLACE to ENSURE the integrity and security of processes relevant to
the transportation, handling, and storage of cargo in the supply chain.

Documentation Processing
Procedures MUST be IN PLACE to ENSURE that ALL information used in the clearing of
merchandise/cargo, is legible, complete, accurate, and protected against the exchange, loss, or
introduction of erroneous information. DOCUMENTATION control MUST include safeguarding computer
access and information.

Manifesting Procedures
To help ENSURE the integrity of cargo received from abroad, procedures MUST be IN PLACE to
ENSURE that information received from business partners is reported accurately and timely.

Shipping & Receiving

Arriving cargo SHOULD be reconciled against information on the cargo manifest. The cargo SHOULD be
accurately described, and the weights, labels, marks, and piece count indicated and verified. Departing
cargo SHOULD be verified against purchase or delivery orders. Drivers delivering or receiving cargo
MUST be positively identified before cargo is received or released.

Cargo Discrepancies
shortages, overages, and other significant discrepancies or anomalies MUST be resolved and/or
investigated appropriately. CBP and/or other appropriate law enforcement agencies MUST be Notified if
illegal or suspicious activities are detected, as appropriate.

Security Training and Threat Awareness

A threat awareness program SHOULD be established and maintained by security personnel to recognize
and foster awareness of the threat posed by terrorists at each point in the supply chain. Employees
MUST be made aware of the procedures the company has IN PLACE to address a situation and how to
report it. Additional training SHOULD be provided to employees in the shipping and receiving areas, as
well as those receiving and opening mail.

Additionally, specific training SHOULD be offered to assist employees in maintaining cargo integrity,
recognizing internal conspiracies, and protecting access controls. These programs SHOULD offer
incentives for active employee participation.

Page 4 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements
Physical Security
Cargo handling and storage facilities in domestic and foreign locations MUST have physical barriers and
deterrents that guard against unauthorized access. Importers SHOULD incorporate the following C-TPAT
physical security criteria throughout their supply chains as applicable.

Fencing
Perimeter fencing SHOULD enclose the areas around cargo handling and storage facilities. Interior
fencing within a cargo handling structure SHOULD be used to segregate domestic, international, high
value, and hazardous cargo. ALL fencing MUST be regularly inspected for integrity and damage.

Gates and Gate Houses

Gates through which vehicles and/or personnel enter or exit MUST be manned and/or monitored. The
number of gates SHOULD be kept to the minimum necessary for proper access and safety.

Parking
Private passenger vehicles SHOULD be prohibited from parking in or adjacent to cargo handling and
storage areas.

Building Structure
Buildings MUST be constructed of materials that resist unlawful entry. The integrity of structures MUST
be maintained by Periodic inspection and repair.

Locking Devices and Key Controls

ALL external and internal windows, gates and fences MUST be secured with locking devices.
Management or security personnel MUST control the issuance of ALL locks and keys.

Lighting
Adequate lighting MUST be provided inside and outside the facility including the following areas:
entrances and exits, cargo handling and storage areas, fence lines and parking areas.

Alarms Systems & Video Surveillance Cameras

Alarm systems and video surveillance cameras SHOULD be utilized to monitor premises and prevent
unauthorized access to cargo handling and storage areas.

Information Technology Security - Password Protection

Automated systems MUST use individually assigned accounts that REQUIRE a Periodic change of
password. Information technology (IT) security policies, procedures, and standards MUST be IN PLACE
and provided to employees in the form of training.

Information Technology Security - Accountability

A system MUST be IN PLACE to identify the abuse of information technology (IT) including improper
access, tampering, or the altering of business data. ALL system violators MUST be subject to
appropriate disciplinary actions for abuse.

Step 2. Submission of your application

Submit your C-TPAT application and other required supplemental information via the C-TPAT Online
Application submission process, located at the application web link provided. (C-TPAT Online Application )

Step 3. After entering your online application

Applicants will be directed to upload your Supply Chain Security Profile. The only acceptable file formats
are limited to .doc, .rtf, .pdf, and .txt files.

Page 5 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements
IMPORTANT: You MUST be ready to UPLOAD your Supply Chain Security Profile IMMEDIATELY upon
completion of the online application.

Step 4. Upon receipt

CBP will review the importer’s completed Supply Chain Security Profile. After CBP completes the profile
review, the importer will receive feedback on their Supply Chain Security Profile within 60 days.

C-TPAT Fact Sheet and Frequently Asked Questions

What is C-TPAT?

• C-TPAT is a joint government-business initiative to build cooperative

relationships that strengthen overall supply chain and border security.
• C-TPAT recognizes that Customs can provide the highest level of
security only through close cooperation with the ultimate owners of
the supply chain, importers, carriers, brokers, warehouse operators, and manufacturers.
• Through this initiative, Customs is asking businesses to ENSURE the integrity of their security
practices and communicate their security guidelines to their business partners within the supply
chain.

What does participation in C-TPAT REQUIRE?

Businesses MUST apply to participate in C-TPAT. Participants will sign an agreement that COMMIT s
them to the following actions:

• Conduct a comprehensive self-assessment of supply chain security using the C-TPAT security
guidelines jointly developed by Customs and the trade community. These guidelines, which are
available for review on the Customs website, encompass the following areas: Procedural
Security, Physical Security, Personnel Security, Education and Training, Access Controls,
Manifest Procedures, and Conveyance Security.
• Submit a supply chain security profile questionnaire to Customs.
• Develop and implement a program to enhance security throughout the supply chain in
accordance with C-TPAT guidelines.
• Communicate C-TPAT guidelines to other companies in the supply chain and work toward
building the guidelines into relationships with these companies.

What are the benefits of participation in C-TPAT?

C-TPAT offers businesses an opportunity to play an active role in the war against terrorism. By
participating in this first worldwide supply chain security initiative, companies will ENSURE a more secure
supply chain for their employees, suppliers and customers. Beyond these essential security benefits,
Customs will offer potential benefits to C-TPAT members, including:

• A reduced number of inspections (reduced border times)

• An assigned account manager (if one is NOT already assigned)
• Access to the C-TPAT membership list
• Eligibility for account-based processes (bimonthly/monthly payments, e. g.)
• An emphasis on self-policing, NOT Customs verifications

Who is eligible for C-TPAT?

C-TPAT is currently open to ALL importers and carriers (air, rail, sea). Customs plans to open enrollment

Page 6 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements
to a broader spectrum of the trade community in the near future. C-TPAT membership will be made
available to ALL sectors of the supply chain. Customs will be consulting with the trade community to
develop the most effective approach for each sector to participate in C-TPAT. Please refer to this site for
the latest information on eligibility and application procedures.

How do I apply?

• Applicants will submit signed agreements to Customs, which will represent their COMMITMENT
to the C-TPAT security guidelines.
• Applicants will also submit a supply chain security profile questionnaire at the same time they
submit their signed agreements or within a specified time thereafter.
• Complete application instructions will be maintained on this site.

When will benefits begin?

Benefits will begin once Customs has completed an evaluation of the importer's C-TPAT application
package and Notified the importer of our findings. Customs aims to complete these evaluations within
30-60 days after the supply chain security questionnaire has been submitted.

How will the partnership work on an ongoing basis?

• Account managers will contact participants to begin joint work on establishing or updating
account action plans to reflect C-TPAT COMMIT MENT s.
• Action plans will track participants' progress in making security improvements, communicating C-
TPAT guidelines to business partners, and establishing improved security relationships with other
companies.
• Failure to meet C-TPAT COMMITMENTS will result in suspension of C-TPAT benefits. Benefits
will be reinstated upon correcting identified deficiencies in compliance and/or security.

Where can I get more information on C-TPAT? www.customs.gov

Frequently Asked Questions

Q: What exactly are Customs expectations for the trade on this program?
A: To make a COMMITMENT toward the common goal of creating a more secure and efficient supply
chain through partnership. Customs understands that it has entered a new era and requires the
assistance of private industry to ENSURE increased vigilance throughout the supply chain. Customs
recognizes that just as it protects the trade and our borders, businesses MUST ENSURE that their
brands, employees, and customers are protected to the best of their abilities.
Q: Will the information our company provides be confidential?
A: All information on supply chain security submitted by companies applying for the C-TPAT program will
be confidential. Customs will NOT disclose a company's participation in C-TPAT without the
company's consent.
Q: As a company, we are very interested in C-TPAT but we are not interested in spending a lot of
money, or putting ourselves in a liability position if something goes wrong. Is it still possible
to do this partnership?
A: Yes. Customs intent is NOT to impose security requirements that will be cost prohibitive. For this

Page 7 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements

reason, we worked in concert with the trade community in developing security guidelines that reflect a
realistic business perspective. Potential C-TPAT participants may find that they already have many of
these guidelines IN PLACE.

C-TPAT is also NOT intended to create any new 'liabilities' for companies beyond existing trade laws
and regulations. However, joining C-TPAT will COMMIT companies to follow through on actions
specified in the signed agreement. These actions include self-assessing security systems,
submitting security questionnaires, developing security enhancement plans, and
communicating C-TPAT guidelines to companies in the supply chain. If a company fails to
uphold its C-TPAT COMMIT MENT s, Customs would take action to suspend benefits or cancel
participation.

Q: What is the overall vision for C-TPAT in the coming months and years?
A: Customs recognizes that a safe and secure supply chain is the most critical part of our work in
keeping our country safe. For this reason, Customs is seeking a strong anti-terrorism partnership with
the trade community through C-TPAT. Trade partners will have a COMMITMENT to both trade
security and trade compliance, which are rooted in the same business practices. Customs wants to
work closely with companies whose good business practices ENSURE supply chain security and
compliance with trade laws.
Q: How will audits work in the future?
A: Audits will continue to be used to assess overall trade compliance. Customs Regulatory Audit will
apply the new "Focused Assessment" methodology, a RISK-based audit program, in conducting
these audits. Companies will NOT be required to undergo a Focused Assessment in order to
participate in C-TPAT. However, to take advantage of Customs Regulatory Audit Importer Self-
Assessment (ISA) program, importers MUST be C-TPAT participants.
Q: As a carrier, I already participate in the Customs Carrier Initiative - is it a duplication of effort in
joining C-TPAT?
A: Customs will be looking for carriers to join C-TPAT to enhance existing security practices and better
address the terrorism threat to international air, sea, and land shipping. We will work to ENSURE
that C-TPAT participation does NOT REQUIRE duplicate work for current Customs Carrier Initiative
Program (CIP) participants. CIP participants already subscribe to the importance of security from a
narcotics-smuggling perspective and are well positioned to expand their security focus to encompass
anti-terrorism.
Q: Is the C-TPAT program a viable consideration for medium or small size companies?
A: C-TPAT is designed for the entire trade community and Customs encourages ALL companies to take
an active role in promoting supply chain and border security. While the benefits of C-TPAT are
greatest for large companies that rely heavily on international supply chains, C-TPAT is NOT just a
big-company program. Medium and small companies may want to evaluate the requirements and
benefits of C-TPAT carefully in deciding whether to apply for the program. Moreover, even without
official participation in C-TPAT, companies SHOULD still consider employing C-TPAT guidelines in
their security practices.

Frequently Asked Questions Regarding Minimum Security

Criteria for Importers

Page 8 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements

(03/25/2005)
Q: 1.Why is CBP updating the security guidelines for C-TPAT importers? Will other enrollment
sectors also be subject to new minimum-security criteria?
A: For C-TPAT to ENSURE its continued viability, effectiveness, and relevance, the program MUST
continue to evolve – as the terrorist threat and the nature of global trade evolves. The impetus for
strengthening the existing security guidelines is to provide more detail to the membership on the
expectations of the program, and to assist CBP in defining a more consistent baseline for minimal
program requirements and better-defined C-TPAT benefits. Throughout 2005, CBP will work with the
trade community to develop minimum-security criteria for ALL enrollment sectors.
Q: 2. What basis did CBP use in developing the new security criteria?
A: The new security criteria are based on the processes, procedures, and best practices collected from
the thousands of security profiles that CBP has reviewed and approved, and the more than 470
Validations that have been completed and DOCUMENTED to date. The new criteria were
developed in partnership with the trade community over a 6-month period.
Q: 3. Does CBP intend to revise the security guidelines for ALL sectors of C-TPAT membership?
If so, has CBP determined the timeframe for completion of the refined security criteria for each
sector?
A: Yes. CBP will move forward with revising the current security guidelines for each sector of
membership. After the new C-TPAT security criteria for importers have been announced, CBP will
begin revising the sea carriers, air carriers, and foreign manufacturers sectors concurrently.
Q: 4. Has the C-TPAT membership participated in developing the new security criteria?
A: Yes. The first draft of the new security criteria was disseminated in October of 2004 to a group of 18
C-TPAT importers and trade associations for review and comment. In November, the process was
merged into the larger COAC C-TPAT Subcommittee where modifications to the initial draft were
made based upon feedback from the trade community. Several additional drafts were then circulated
and several conference calls and meetings transpired until the process was finalized in February
2005.
Q: 5. Is CBP moving towards making C-TPAT a regulatory program?
A: No. C-TPAT will continue to evolve as a voluntary, incentives based government / private sector
partnership. As C-TPAT evolves, the program will continue to work in partnership with the
stakeholders of the international supply chain and cooperatively develop improved systems of security
and efficiency.
Q: 6. The new C-TPAT security criteria contain mandatory elements that may potentially place a
greater burden of responsibility on the importer. Doesn’t this constitute a major policy shift
within C-TPAT – from voluntary to mandatory REQUIREMENTS?
A: No. C-TPAT remains a voluntary, incentive based partnership. However, once a company COMMIT s
to the C-TPAT program, there are specific program requirements that MUST be ADHERED TO by the
company to qualify for C-TPAT benefits, which are significant. C-TPAT importers are six (6) times less
likely to undergo a security related cargo examination, and four (4) times less likely to be subject to a
trade related examination, than non-C-TPAT members did. These significantly fewer cargo
examinations help save importers time and money, while leading to a more predictable supply chain.
CBP continues to explore additional benefits, which can be afforded members who meet or exceed the
minimum-security criteria.
Q: 7. Will it be possible to differentiate Supplier-Importer combinations as "green lane" or high
risk since it may not be economically feasible to conduct periodic reviews of ALL suppliers?
A: C-TPAT member importers COMMIT to strengthen their entire supply chains and adopt appropriate
security measures BASED ON RISK, and CANNOT EXCLUDE a particular segment of their supply

Page 9 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements
chain from this COMMITMENT based on economic feasibility. Importers MUST ENSURE business
partners develop security processes and procedures consistent with the C-TPAT security criteria to
enhance the integrity of the shipment at point of origin, and throughout the supply chain. Periodic
reviews of business partners' processes and facilities SHOULD be conducted BASED ON RISK, and
SHOULD maintain the security standards required by the importer.
Q: 8. Some security standards such as background checks are not permitted in certain foreign
countries. Are these suppliers therefore not permitted to export to the United States?
A: Processes MUST be IN PLACE to screen prospective employees and to check periodically current
employees, consistent with foreign, federal, state, and local regulations. If prohibited by law from
conducting a criminal or financial background check or investigation, some types of applicant
information such as employment history, employment references, etc., can still be verified as part of
the screening process. Members SHOULD be certain to DOCUMENT what level or checks have been
initiated, as well as DOCUMENT limitations imposed by foreign law.
Q: 9. Do the physical security standards apply to the supplier as well as the importer?
A: As outlined in the business partner requirements, appropriate security measures, as listed throughout
the C-TPAT Security Criteria DOCUMENT, MUST be implemented and maintained throughout the
importer’s supply chains, BASED ON RISK. Foreign suppliers, manufacturers, cargo handling, and
storage facilities in foreign locations MUST have physical barriers and deterrents that guard against
unauthorized access.

Q: 10. Is "indication" of participation adequate? Moreover, what does indication mean?

SHOULDn't the information be available publicly, as on the CBP or WCO web site.
A: Importers MUST have WRITTEN and VERIFIABLE processes for the selection of business partners
including manufacturers, product suppliers, and vendors. For those business partners eligible for C-
TPAT certification (carriers, ports, terminals, brokers, consolidators, etc.) the importer MUST have
DOCUMENTATION (e.g., C-TPAT certificate, SVI number, etc.) indicating whether these business
partners ARE or are NOT C-TPAT certified. For those business partners NOT eligible for C-TPAT
certification, importers MUST REQUIRE their business partners to demonstrate that they are meeting
C-TPAT security criteria via WRITTEN/electronic confirmation (e.g., contractual obligations; via a
letter from a senior business partner officer attesting to compliance; a WRITTEN statement from the
business partner demonstrating their compliance with C-TPAT security criteria or an equivalent WCO
accredited security program administered by a foreign customs authority; or, by providing a completed
importer security questionnaire). Periodic review SHOULD be conducted, BASED ON RISK.
Q: 11. Thousands of legitimate shipments are made each year to importers without a purchase
order or contract being issued. (e.g., returned goods, samples, prototypes, unsolicited
promotional, marketing or advertising material) Importers have no control over these types of
shipments or the security of the party shipping them. How will these shipments be treated for
C-TPAT participation purposes? What CBP ATS security rating will be given to these
shipments at the time of import?
A: C-TPAT recognizes the complexity of international supply chains and endorses the application and
implementation of security measures based upon RISK analysis. Therefore, the program allows for
flexibility and the customization of security plans based on the member’s business model. Where an
importer outsources or contracts elements of their supply chain, such as a foreign facility, conveyance,
domestic warehouse, or other elements, the importer MUST work with these business partners to
ENSURE that pertinent security measures are IN PLACE and ADHERED TO throughout their supply
chain.

Unsolicited shipments will understandably lie outside the capability of the importer to ENSURE
security. CBP employs a RISK management approach in screening and targeting, and such

Page 10 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements
shipments, as well as those from unknown or less established entities, receive higher scrutiny
from CBP. The agency does NOT disclose ATS targeting rules.
Q: 12. Beyond the above type of shipments nothing can prevent a terrorist anywhere in the world
from addressing a shipment to a C-TPAT importer, prepaying the freight and shipping the
goods. Will CBP apply a reduced ATS security rating to these shipments even though no one
can prevent these shipments from being made or ensure the security of the party sending
them?
A: CBP will continue to target and examine shipments BASED ON RISK. Shipments from unknown or
less established entities receive higher scrutiny from CBP
Q: 13. C-TPAT participation for importers appears to be an ALL or nothing situation. That is - an
importer guarantee either every shipment to them is secure or they lose their C-TPAT
membership. What is the means for an importer to exclude from their C-TPAT program
shipments from suppliers who refuse or are incapable addressing supply chain security
issues?
A: While C-TPAT recognizes the complexity of international supply chains and endorses the application
and implementation of security measures based upon RISK analysis, C-TPAT membership does
entails a COMMITMENT to strengthen entire supply chains and adopt appropriate security measures
BASED ON RISK. C-TPAT importers are NOT expected to guarantee that every shipment is secure,
but rather, importers MUST demonstrate an ongoing COMMITMENT towards strengthening their
supply chains.
Q: 14. Will an importer lose their C-TPAT membership when a supplier who refuses to cooperate
is the only supplier in the world for a critical good, material, or piece of machinery or
equipment? (e.g. supplier holds the only patent, supplier has the only manufacturing
capability, supplier has the only manufacturing capacity, supplier is the only cost competitive
source)
A: C-TPAT members MUST make every effort to leverage their business relationships to enhance
the security of the supply chain from point of stuffing, through the CBP clearance process.
Membership entails a demonstrated COMMITMENT towards meeting this goal, yet the program
recognizes the difficulties involved in securing ALL aspects of the importer’s entire international supply
chains. If the importer continues to demonstrate this COMMITMENT, membership will be retained.
Q: 15. The proposed C-TPAT program states that it allows for “flexibility and customization of
security plans,” however, the proposed criteria are drafted as “mandatory” REQUIREMENTS.
In the event that a REQUIREMENT is not met due to circumstances outside of the participating
C-TPAT importer, what would be the resulting consequences for the importer? (e.g. supplier
holds the only patent, supplier has the only manufacturing capability, supplier has the only
manufacturing capacity, supplier is the only cost competitive source)
A: As a voluntary, incentives based partnership program, C-TPAT member importers MUST
demonstrate an ongoing COMMITMENT towards strengthening their supply chains, and in return,
CBP affords benefits such as reduced cargo inspections. Importers who continue to strive towards
enhancing their supply chain security will continue to receive member benefits.
Q: 16. At this time, CBP has chosen not to promulgate the standards for joining and maintaining
participation in the program through a regulatory process. Is it envisioned that C-TPAT will
evolve into a regulatory program in the future?
A: No. C-TPAT will continue to evolve as a voluntary government/private sector partnership. As
C-TPAT evolves, the program will continue to work in partnership with the stakeholders of the
international supply chain and cooperatively develop improved systems of security and efficiency.
Q: 17. Will certification and validation audits for C-TPAT participants differ under the new criteria
from those already in place?
A: As of March 25, 2005, new importers to the C-TPAT program will have their security profile certified

Page 11 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements
and validated against the new minimum-security criteria. Existing members will be expected to
bring their security measures into compliance with the new criteria over a phased in period, ending
180 days after the March 25, 2005, effective date of the new criteria. (See C-TPAT Security
Criteria Implementation Plan for specific details).

Validations of existing members will be conducted using the new criteria after the phased in
implementation period has ended. Members will NOT be expected to resubmit their security profile,
but necessary adjustments or modifications MUST be undertaken to ENSURE that the supply chain
security measures meet or exceed the minimum, baseline security criteria. If a validation determines
that the importer is NOT meeting the new minimum-security criteria after the phase in period has
passed, benefits may be suspended until such criteria are met.
Q: 18. What is the expected time period that it will take for an importer to become certified under
the new criteria? And validated under the new criteria?
A: The length of time it will take an importer to bring their security measures into line with the security
criteria depends on the degree to which changes are NEEDED. Existing C-TPAT importer
members will be afforded 180 days from the date of implementation to ensure full compliance
with the security criteria. New members MUST meet these criteria prior to being certified.
Validations will continue to be conducted BASED ON RISK.
Q: 19. Will companies who are already certified or validated be REQUIRED to undergo a new
evaluation to retain that status?
A: No. Existing members will NOT be required to re-submit their security profile. Those existing
members who have previously completed a validation will NOT automatically be subject to additional
validation, however, validations will continue to be initiated BASED ON RISK. As CBP continues to
hire additional Supply Chain Specialists, validations and re-validations will become more common.
See C-TPAT Security Criteria Implementation Plan for specific details.
Q: 20. Importers MUST evaluate the cost and risks associated with participating in C-TPAT against
the benefits. To assist importers in this regard, please identify the specific benefits that an
importer will receive based on its participation in C-TPAT.
A: Certified members will continue to receive fewer cargo inspections, allowed access to land border
expedited processing via the FAST program, and granted participation into the Importer Self
Assessment program. Additional benefits are currently being discussed within CBP and more
detailed information concerning additional benefits will be provided in the near future. It SHOULD be
noted that C-TPAT members are 6 times less likely to undergo a security related examination, and 4
times less likely to undergo a trade related examination, as compared to non-C-TPAT members.
There are clearly financial benefits as a result of these fewer inspections.
Q: 21. What future plans are envisioned for C-TPAT? Will C-TPAT be offered to entities outside of
the U.S. and North America? What types of businesses would qualify for the program?
A: At present, the C-TPAT program is open to U.S. importers, carriers, brokers, freight forwarders,
consolidators, ports, terminal operators, northern and southern border truck carriers, and
Mexican manufacturers. SHOULD enrollment be expanded to additional sectors, the public will be
notified via the CBP website.
Q: 22. Will participation in other security programs administered by other government agencies
affect an importer’s obligation to comply with the C-TPAT criteria?
A: CBP has attempted to align the C-TPAT program requirements to security programs administered by
other government agencies, to reduce redundancy and ENSURE a logical, consistent approach.
Generally, companies who participate in other government administered security related programs find
it easier to meet or exceed the program requirements of C-TPAT.

Q: 23. Will the new standards apply equally to companies of ALL sizes (large, medium and small)?

Page 12 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements

And to ALL kinds of commodities?

A: Yes. C-TPAT recognizes the complexity of international supply chains and endorses the application
and implementation of security measures based upon RISK analysis. Therefore, the program allows
for flexibility and the customization of security plans based on the member’s business model.
Membership in this voluntary, incentives based partnership entails a COMMITMENT to strengthen the
entire supply chain.
Q: 24. The preamble to C-TPAT Security Criteria for importers states that importers MUST assess
their supply chains and take appropriate security measures based on “risk.” What factors
SHOULD importers take into account to conduct a “risk analysis?”
A: Importers shall have a DOCUMENTED and VERIFIABLE process for determining RISK throughout
their supply chains based on their business model (i.e., volume, country of origin, routing, potential
terrorist threat via open source information, recognized weaknesses in the supply chain, etc.)
Q: 25. Is there a specified timeline within which the importer MUST verify compliance with
C-TPAT criteria? Also, for existing importers enrolled in C-TPAT, what is the timeframe that
existing members MUST be compliant? (whether or not they have been validated previously)
A: See C-TPAT Security Criteria Implementation Plan for specific details.
Q: 26. Under the “Business Partner REQUIREMENT” importers MUST have documentation to
indicate that their partners are or are not C-TPAT certified. Examples such as C-TPAT
certificates and SVI number are given. Please provide other examples on how this
documentation might be accomplished?
A: For those business partners eligible for C-TPAT certification the importer MUST have
DOCUMENTATION indicating whether these business partners are or are NOT C-TPAT certified. The
two (2) readily available means to DOCUMENT C-TPAT certification is either the C-TPAT
certificate or SVI number.
Q: 27. C-TPAT importers are provided several means to show that their business partners are
meeting appropriate C-TPAT standards. How flexible will CBP be with smaller and medium size
importers, and those of different commodities, who may not enjoy the leverage to conduct
these examinations?
A: C-TPAT member importers COMMIT to strengthen their entire supply chains and adopt appropriate
security measures BASED ON RISK. Importers MUST ENSURE business partners develop security
processes and procedures consistent with the C-TPAT security criteria to enhance the integrity of the
shipment at point of origin. Periodic reviews, which does NOT necessarily imply an actual physical
review of the foreign manufacturer/supplier, of business partners' processes and facilities SHOULD be
conducted BASED ON RISK, and SHOULD maintain the security standards required by the importer.
A Best Practices document under development will provide several avenues through which small to
mid size importers have been successful in leveraging their business partners.
Q: 28. Point of Origin section states that “Importers MUST ensure business partners develop
security processes and procedures consistent with the C-TPAT security criteria to enhance the
integrity of the shipment at point of origin.” How far back into the supply chain MUST a
certified C-TPAT importer go to ensure and maintain proper security standards assuming that
risks are equal?
A: Importers MUST conduct a comprehensive assessment of their international supply chains. Where
an importer outsources or contracts elements of their supply chain, such as a foreign facility,
conveyance, domestic warehouse, or other elements, the importer MUST work with these business
partners to ENSURE that pertinent security measures are IN PLACE and ADHERED TO throughout
their supply chain. The supply chain for C-TPAT purposes is defined from point of origin
manufacturer / supplier / vendor) through to point of distribution – and recognizes the diverse
business models C-TPAT members employ.
Q: 29. What steps MUST an importer take to ensure that their business partners develop security

Page 13 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements

processes and procedures consistent with the C-TPAT security criteria?

A: Importers MUST REQUIRE their business partners to demonstrate that they are meeting C-TPAT
security criteria via WRITTEN/electronic confirmation (e.g., C-TPAT certificates; [C-TPAT Status
Verification Interface] SVI number; contractual obligations; via a letter from a senior business partner
officer attesting to compliance; a WRITTEN statement from the business partner demonstrating their
compliance with C-TPAT security criteria or an equivalent WCO accredited security program
administered by a foreign customs authority; or, by providing a completed importer security
questionnaire).
Q: 30. How frequently SHOULD an importer conduct a review of its business partner to “ensure”
compliance with C-TPAT standards?
A: C-TPAT recognizes the complexity of international supply chains and endorses the application and
implementation of security measures based upon RISK analysis. Therefore, the program allows for
flexibility and the customization of security plans based on the member’s business model. HIGH-RISK
supply chain components SHOULD be reviewed more frequently than low RISK components.
Q: 31. The criteria for container security state that the integrity of the container MUST be
maintained to protect it from introduction of unauthorized materials and personnel. Under
many circumstances the importer has no direct control or responsibility before it is assigned
use or when the container is stuffed by (an) outside third party(ies) and is transported by a
carrier. The same is also true for container inspections, seals, and storage. What steps can an
importer take regarding these circumstances in order to comply with this standard?
A: C-TPAT recognizes the complexity of international supply chains and endorses the application and
implementation of security measures based upon RISK analysis. Therefore, the program allows for
flexibility and the customization of security plans based on the member’s business model. HIGH-RISK
supply chain components SHOULD be reviewed more frequently than low RISK components.
Q: 32. Do the proposed criteria for physical access controls, personnel security, procedural
security, security training and threat awareness, physical security, and information technology
security apply only to facilities and operations that are under the direct control of the importer?
Do they also apply to overseas parties with whom the importer does business? If yes, how
SHOULD these REQUIREMENTS is applied when the importer uses an overseas supplier only
on rare or one occasion?
A: C-TPAT recognizes the complexity of international supply chains and endorses the application and
implementation of security measures based upon RISK analysis. Therefore, the program allows for
flexibility and the customization of security plans based on the member’s business model. Where an
importer outsources or contracts elements of their supply chain, such as a foreign facility, conveyance,
domestic warehouse, or other elements, the importer MUST work with these business partners to
ENSURE that pertinent security measures are IN PLACE and ADHERED TO throughout their supply
chain. Through the Business Partner Requirements, importers are expected to leverage their
business relationships to enhance security measures, throughout the entire supply chain, NOT just
those parties under direct control of the importer.

Q: 33. With regard to proper vendor ID under physical access controls, please provide examples
on what constitutes proper (photo identification) ID?
A: Proper photo identification will vary based on the foreign/domestic location of the facility. Proper
vendor ID may be any government issued photo identification document, or any comparable type of
DOCUMENTATION, which establishes the identity of the bearer. The crucial aspect of these criteria
is to establish who is entering the facility; members are NOT expected to be experts at fraudulent
document detection.
Q: 34. As for cargo discrepancies, CBP is REQUIRED to be notified if “illegal or suspicious
activities are detected, as appropriate.” Can CBP provide examples of the kinds of

Page 14 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements

discrepancies that would and would not warrant notification? Is this referring to when the
cargo is received at the final destination on the bill of lading? Please Note: Full container
shipments moving via an ocean carriers bill of lading are "Shippers Load, Stow & Count,” so
unless there is an inspection of the container requested by CBP, discrepancies - such as
shortages or overages would not be identified until the cargo reaches the final destination on
the bill of lading.
A: All shortages, overages, and other significant discrepancies or anomalies MUST be resolved and/or
investigated appropriately. Customs and/or other appropriate law enforcement agencies MUST be
notified if illegal or suspicious activities are detected - as appropriate. Examples of illegal or
suspicious activities range from the presence of contraband or stowaways/illegal migrants,
significant theft or pilferage, introduction of material(s)/items after point of stuffing, and other
unusual activities which may indicate criminal actions.
Q: 35. The Business Partner REQUIREMENT section states that an importer’s business partners
SHOULD be C-TPAT certified or otherwise compliant with C-TPAT criteria. Can a C-TPAT
importer do business with a business that is not C-TPAT certified or compliant? If so, what are
the consequences of doing so?
A: C-TPAT members are expected to demonstrate a COMMITMENT toward strengthening their entire
supply chains. One way to demonstrate this COMMITMENT is through the use of other C-TPAT
certified members, or those certified through an equivalent WCO accredited security program
administered by a foreign customs authority. If using non-C-TPAT business partners, the
C-TPAT member MUST be aware of the security measures employed by their business partner, and
these measures MUST be subject to verification of compliance with C-TPAT security criteria by the
importer.
Q: 36. Will the C-TPAT program distinguish between compliant and non-compliant suppliers?
How? Will shipments from nonconforming suppliers be treated differently by CBP? How
would CBP know which suppliers are conforming and which are not?
A: See answer to question #7 above.

7. C-TPAT member importers COMMIT to strengthen their entire supply chains and adopt appropriate
security measures BASED ON RISK, and CANNOT EXCLUDE a particular segment of their supply
chain from this COMMITMENT based on economic feasibility. Importers MUST ENSURE business
partners develop security processes and procedures consistent with the C-TPAT security criteria to
enhance the integrity of the shipment at point of origin, and throughout the supply chain. Periodic
reviews of business partners' processes and facilities SHOULD be conducted BASED ON RISK, and
SHOULD maintain the security standards required by the importer.
Q: 37. When compliant suppliers’ cargo is mixed with non-compliant suppliers’ cargo in a
consolidated load, what is the consequence?
A: CBP employs a RISK management approach in screening and targeting import and export shipment.
Shipments from non-C-TPAT certified members, or those from unknown or less established entities
receive higher scrutiny from CBP. If C-TPAT member cargo is imported in the same container as
HIGH-RISK cargo imported by another party, and an examination of the higher risk cargo is
necessary, the entire shipment will be examined.
Q: 38. When compliant suppliers’ cargo is mixed with non-compliant suppliers’ cargo in a
consolidated load, what is the consequence?/
A: CBP employs a RISK management approach in screening and targeting import and export shipment.
Shipments from non-C-TPAT certified members, or those from unknown or less established entities
receive higher scrutiny from CBP. If C-TPAT member cargo is imported in the same container as
HIGH-RISK cargo imported by another party, and an examination of the higher risk cargo is
necessary, the entire shipment will be examined.

Page 15 of 16
 Customer Guidance C-TPAT
March 25th Importer Requirements

Q: 39. Does a compliant consolidator “cleanse” noncompliant suppliers?

A: NOT necessarily, though the supply chain is made more secure by this activity. This activity would
NOT necessarily ENSURE that the cargo itself is NOT containing contraband or other items, which
may be a threat or terrorist weapon. Importers MUST still advance supply chain security
enhancements throughout their business partners. One secure piece of the supply chain does NOT
“cleanse” other, less secure components.
Q: 40. The criteria list many “REQUIREMENTS.” At the same time it says: “the program allows for
flexibility and the customization of security plans based on the member’s business model.”
Does this mean that the C-TPAT importer can, using its customization discretion, not apply
various program “REQUIREMENTS”?
A: While the C-TPAT program recognizes the complexity of international supply chains and endorses the
application and implementation of security measures based upon RISK analysis, importers MUST
work with their business partners to ENSURE that pertinent security measures are IN PLACE and
ADHERED TO throughout their supply chain. The program allows for flexibility and the customization
of security plans based on the member’s business model, which demonstrates that the baseline,
minimum-security criteria are being met or exceeded.
Q: 41. Does CBP believe that importers have sufficient information to make accurate terrorist risk
assessments throughout their supply chains?
A: Yes. Importers shall have a DOCUMENTED and verifiable process for determining RISK throughout
their supply chains based on their business model (i.e., volume, country of origin, routing, potential
terrorist threat via open source information, etc.). Importers who employ good business practices are
aware of the RISKS posed by foreign countries in which they operate.

Q: 42. CBP has expressly used the term “as applicable” throughout the document. Is it the
intention that “as applicable” be used by the importer to modify and/or provide alternatives to
these “REQUIREMENTS” such that a level of security within the specific parameter is met, but
not necessarily exactly as indicated? This may be the same as the guidelines in TD 72-56 for
bonded facilities. Is our interpretation of this term, “as applicable” correct?

A: Yes. C-TPAT recognizes the complexity of international supply chains and endorses the application
and implementation of security measures based upon RISK analysis. Therefore, the program allows
for flexibility and the customization of security plans based on the member’s business model.
Q: 43. Do foreign entities which participate in, and are certified by, the Business Anti-Smuggling
Coalition (BASC) automatically meet C-TPAT business partner security REQUIREMENTS?
A: BASC and C-TPAT remain separate programs, though very similar in philosophy and overall program
objective, which is to enhance supply chain security to reduce vulnerabilities. Membership in BASC
does help establish that the foreign business partner is meeting minimum-security criteria, but a
complete review would still be NEEDED to identify any deficiencies, which NEED to be addressed.

Page 16 of 16