US Customs and Border Protection has published long overdue proposed updates to the CTPAT minimum security criteria. This is the first major overhaul of the criteria since the program began in 2002. There are new sections on cybersecurity, agricultural protection, money laundering, terrorist financing, and use of security technology. Additionally, CTPAT will now encompass both supply chain security and trade compliance to bring the program into alignment with AEO (authorized economic operator) programs around the world. The new criteria are influenced by lessons learned from validations and new security threats. Security audits and training will now be mandatory. The proactive role of management is accentuated throughout the criteria.
CTPAT members are strongly urged to review the new criteria and submit comments and suggestions. The updates may be found in the Partner Library on the CTPAT portal. Customs will be accepting feedback through October with implementation expected in 2020. Validation cycles will not change. Validations in 2019 will be based on the current criteria. Validations on the new criteria will start in 2020 and will focus on a phased implementation cycle.
Phase 1 will be cybersecurity, conveyance and IIT security, and seal security. The cybersecurity risk assessment is the most important thing a company needs to do now.
Phase 2 will be security training and threat awareness, business partner requirements, and risk assessment.
Phase 3 will be security, vision, and responsibility, physical security, and physical access security.
Phase 4 will be agriculture security, personnel security, and procedural security.
As always, we remind CTPAT members to perform their annual security profile review and ensure all information is up to date. If you have any questions, please contact Vandegrift at CTPAT@vandegriftinc.com.