Communications Daily is a service of Warren Communications News.
Subscriber Login

New C-TPAT Supply Chain Risk Assessment Guide

July 20, 2010 by Karen Marzullo|Top News

U.S. Customs and Border Protection has posted a Customs-Trade Partnership Against Terrorism 5 Step Risk Assessment Process Guide to assist C-TPAT members in conducting an international security risk assessment of their international supply chain(s).

Sign up for a free preview to unlock the rest of this article

Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!

Start My Free Preview

Risk Assessment Guide Contains Basic Tools, Resources, Examples

This 5 Step Risk Assessment Process Guide contains some of the basic tools, resources, and examples C-TPAT members should consider using when conducting a risk assessment on their international supply chain(s). The information is intended to serve as a guide, and is not “all inclusive” of what should be included in an international supply chain security risk assessment.

Risk Assessment Includes Mapping Cargo, Conducting Threat Assessments, Etc.

The 5 Step Risk Assessment Process Guide consists of:

  1. Mapping Cargo and Business Partners: identify business partners and how cargo moves throughout the supply chain to include modes of transportation (air, sea, rail, or truck) and nodes (country of origin, transit points).
  2. Conducting a Threat Assessment: identify such threats as terrorism, contraband/human smuggling, organized crime, or other conditions which may increase the probability of a security breach.
  3. Conducting a Security Vulnerability Assessment: based on C-TPAT minimum security criteria, determine if business partners have gaps, vulnerabilities, or weaknesses which may lead to a security breach.
  4. Preparing an Action Plan to Address Vulnerabilities: developing a written strategy to address potential gaps, vulnerabilities, and weaknesses.
  5. Documenting How the Security Risk Assessment is Conducted: writing the policies/procedures on who will be responsible for conducting the assessment; what will be included in the assessment; why the assessment must be conducted; when (how often) the assessment will be conducted; where the assessments will be conducted; and how the assessment will be conducted.

Use of New Guide is Optional, but Some Documented Process is Needed

According the frequently asked questions document on C-TPAT risk assessments, companies are not required to the 5 Step Risk Assessment Process Guide.

CBP understands there are a wide variety of business models and the guide may not fit all business models. However, CBP expects C-TPAT members to have a documented process for determining and addressing security risks throughout their international supply chains, as outlined in the minimum security criteria.

More Extensive Assessments Recommended for “High Risk” Supply Chains

It is understood that some C-TPAT members may have numerous supply chains which may present a large task when conducting a comprehensive security risk assessment of their international supply chains.

Therefore, it is recommended for C-TPAT members to identify their “High Risk” supply chains by conducting a threat assessment at the point of origin/region and where the cargo is routed/transshipped, and then conduct a comprehensive security vulnerability assessment of those supply chains. Conversely, if supply chains involve a limited number of business partners or related business partners, their supply chain security risk assessment may not require such extensive efforts.

(Guide posted 07/16/10)