Details of CBP's C-TPAT Security Guidelines for Air Carriers

According to CBP sources, these guidelines are precursors to C-TPAT criteria (that are expected to have effective dates, etc.), which are being developed by CBP. (See BP note below for details.)

C-TPAT Qualifications for Air Carriers

CBP states that the following are C-TPAT qualifications for air carriers:

Active Air Carrier transporting cargo shipments to the U.S.

Have an active Airline Code registered with CBP.

Possess a valid continuous international carrier bond registered with CBP.

Have a designated company officer that will be the primary cargo security officer responsible for C-TPAT.

Commit to maintaining C-TPAT Security Guidelines for Air Carriers.

Create and provide CBP with a C-TPAT supply chain security profile, which identifies how the Air Carrier will meet, maintain and enhance internal policy to meet the C-TPAT Security Guidelines for Air Carriers.

C-TPAT Security Guidelines for Air Carriers

CBP states that Air Carriers must conduct a comprehensive assessment of their international supply chains based upon the following C-TPAT security guidelines. Where an Air Carrier out sources or contracts elements of its supply chain, such as a conveyance, foreign facility, domestic warehouse, or other elements, the Air Carrier must work with these business partners to ensure that pertinent security measures are in place and adhered to throughout its supply chain. The supply chain for C-TPAT purposes is defined from point of origin (manufacturer/supplier/vendor) through to point of distribution and recognizes the diverse business models C-TPAT members employ.

C-TPAT recognizes the complexity of international supply chains and endorses the application and implementation of security measures based upon risk analysis. Therefore, the program allows for flexibility and the customization of security plans based on the member's business model.

As listed throughout CBP's document appropriate security measures, based on risk, must be implemented and maintained throughout the Air Carrier's supply chains.

Conveyance Security

Aircraft integrity must be maintained to protect against the introduction of unauthorized personnel and material. Conveyance security procedures must include the physical search of all readily accessible areas, securing all internal/external compartments and panels and reporting cases in which unmanifested materials or signs of tampering are discovered.

Business Partner Requirements

Air Carriers must have written and verifiable processes for the screening and selection of business partners including customers, contractors, and vendors. Ensure that contracted service provider companies who provide security, transportation, and cargo handling services commit to C-TPAT Security Guidelines. Periodically review the performance of the service providers to detect weakness or potential weaknesses in security.

C-TPAT Business Partners

For those business partners eligible for C-TPAT certification (cross border carriers, U.S. ports, terminals, importers, brokers, consolidators, etc.) the C-TPAT Air Carrier must have documentation (e.g., C-TPAT certificate, SVI number, etc.) indicating the business partners are C-TPAT certified.

Business Partners Not Eligible for C-TPAT

For those business partners not eligible for C-TPAT certification, C-TPAT Air Carriers must require their business partners to demonstrate that they are meeting C-TPAT security guidelines via written/electronic confirmation (e.g., contractual obligations; via a letter from a senior business partner officer attesting to compliance; or a written statement demonstrating their compliance with C-TPAT security guidelines or an equivalent World Customs Organization (WCO) accredited security program administered by a foreign customs authority; or, by providing a completed security questionnaire). Based upon a documented risk assessment process, non-C-TPAT eligible business partners must be subject to verification of compliance with C-TPAT security guidelines by the C-TPAT Air Carrier.

Security Procedures

Point of origin. C-TPAT Air Carriers must ensure business partners develop security processes and procedures consistent with the C-TPAT security guidelines to enhance the integrity of the shipment at point of origin. Periodic reviews of business partners' processes and facilities should be conducted based on risk and should maintain the security standards required by the U.S./Mexico Air Carrier.

Participation/certification in foreign customs administrations supply chain security programs.Current or prospective business partners who have obtained a certification in a supply chain security program being administered by foreign Customs Administration should be required to indicate their status of participation to the C-TPAT Air Carrier.

Service provider screening and selection procedures.The C-TPAT Air carrier should have documented service provider screening and selection procedures to screen the contracted service provider for validity, financial soundness, ability to meet contractual security requirements, and the ability to identify and correct security deficiencies as needed. Service Provider procedures should utilize a risk-based process as determined by an internal management team.

Customer screening procedures. The C-TPAT Air Carrier should have documented procedures to screen prospective customers for validity, financial soundness, the ability of meeting contractual security requirements, and the ability to identify and correct security deficiencies as needed. Customer screening procedures should utilize a risk-based process as determined by an internal management team.

Container Security

Cargo container integrity must be maintained to protect against the introduction of unauthorized material and/or persons. At point of stuffing, procedures must be in place to verify cargo containers are properly secured.

Container inspection. Procedures must be in place to verify the physical integrity of the cargo containers prior to stuffing. An inspection process is recommended for all containers:

Top

Bottom

Inside

Outside

Physical Access Controls

Access controls prevent unauthorized entry to facilities, maintain control of employees and visitors, and protect company assets. Access controls must include the positive identification of all employees, visitors and vendors at all points of entry.

Employees. An employee identification system must be in place for positive identification and access control to its aircraft, both abroad and in the U.S. Employees should only be given access to those secure areas needed for the performance of their duties. Company management or security personnel must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. keys, key cards, etc.) must be documented.

Visitors controls.Visitors must present photo identification for documentation purposes upon arrival. All visitors should be escorted and visibly display temporary identification.

Deliveries (including mail).Proper vendor ID and/or photo identification must be presented for documentation purposes upon arrival by all vendors. Arriving packages and mail should be periodically screened before being disseminated.

Challenging and removing unauthorized persons. Procedures must be in place to identify, challenge and address unauthorized/unidentified persons.

Personnel Security

Processes must be in place to screen prospective employees and to periodically check current employees. Maintain a current permanent employee list (foreign and domestic), which includes the name, date of birth, national identification number or social security number, position held and submit such information to CBP upon written request, to the extent permitted by law.

Pre-Employment Verification. Application information, such as employment history and references must be verified prior to employment.

Background checks /Investigations. Consistent with foreign, federal, state and local regulations, background checks and investigations should be conducted for prospective employees. Periodic checks and reinvestigations should be performed based on cause and/or the sensitivity of the employee's position.

Personnel Termination Procedures.Companies must have procedures in place to remove identification; facility and system access for terminated employees.

Procedural Security

Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling and storage of cargo in the supply chain. Implement a Positive Baggage Identification Match (PBIM) program. The Carrier's SOP will describe in detail a plan to ensure that all checked baggage has an accompanying passenger checked in and boarded onto the aircraft. Maintain constant control of all baggage from the check-in point to the aircraft and from the aircraft to the CBP baggage examination area.

Documentation processing. Procedures must be in place to ensure that all documentation used in the clearing of merchandise/cargo is legible, complete, accurate and protected against the exchange, loss or introduction of erroneous information. Documentation control must include safeguarding computer access and information.

Manifesting procedures. To help ensure the integrity of cargo received from abroad, procedures must be in place to ensure that information received from business partners is reported accurately and timely. Ensure that all airwaybills and other documentation submitted for cargo is complete and a system in place to verify the accuracy of the weight, marks and quantity of the cargo received for shipment. Participate in the Advanced Passenger Information System (APIS) and the air Automated Manifest System (AMS).

Shipping & receiving. Arriving cargo should be reconciled against information on the cargo manifest. The cargo should be accurately described, weighed, labeled, marked, counted and verified. Departing cargo should be checked against purchase or delivery orders. Drivers delivering or receiving cargo must be positively identified before cargo is received or released.

Cargo discrepancies. All shortages, overages and other significant discrepancies or anomalies must be resolved and/or investigated appropriately. CBP and/or other appropriate law enforcement agencies must be notified if illegal or suspicious activities are detected.

Security Training and Threat Awareness

A threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by terrorists at each point in the supply chain. Employees must be made aware of the procedures the company has in place to address a situation and how to report it. Additional training should be provided to employees in the shipping and receiving areas, as well as those receiving and opening mail.

Additionally, specific training should be offered to assist employees in maintaining cargo integrity, recognizing internal conspiracies and protecting access controls. These programs should offer incentives for active employee participation. Conduct periodic unannounced security checks to ensure that all procedures are being performed in accordance with defined guidelines.

Physical Security

Cargo handling and storage facilities in domestic and foreign locations must have physical barriers and deterrents that guard against unauthorized access. Air Carriers should incorporate the following C-TPAT physical security guidelines throughout their supply chains as applicable.

Fencing. Perimeter fencing should enclose the areas around cargo handling and storage facilities. Interior fencing within a cargo handling structure should be used to segregate domestic, international, high value and hazardous cargo. All fencing must be regularly inspected for integrity and damage.

Gates and gate houses. Gates through which vehicles and/or personnel enter or exit must be manned and/or monitored. The number of gates should be kept to the minimum necessary for proper access and safety.

Parking. Private passenger vehicles should be prohibited from parking in or adjacent to cargo handling and storage areas.

Building structure. Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.

Locking devices and key controls. All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys.

Lighting. Adequate lighting must be provided inside and outside the facility including the following areas: entrances and exits, cargo handling and storage areas, fence lines and parking areas.

Alarms systems & video surveillance cameras. Alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to cargo handling and storage areas.

Information Technology Security

Information Technology (IT) integrity must be maintained to protect data from unauthorized access or manipulation.

Password protection. Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place and provided to employees in the form of training.

Accountability. A system must be in place to identify the abuse of IT including improper access, tampering or the altering of business data. All system violators must be subject to appropriate disciplinary actions for abuse.

Air carrier C-TPAT security guidelines (dated 04/24/06) available at http://www.cbp.gov/xp/cgov/import/commercial_enforcement/ctpat/security_guideline/guideline_air_carrier.xml.

BP Note

At the recent meeting of the Departmental Advisory Committee on Commercial Operations of Customs and Border Protection and Related Functions (COAC), CBP sources stated that "draft" minimum security criteria for air carriers have been developed and CBP is in the process of receiving feedback on them from the trade community.

Sources noted that once a final, conclusive version of the minimum security criteria for air carriers is completed, a decision would be made on how the criteria will be implemented (e.g., whether to phase-in implementation and, if so, over what period).