Communications Daily is a service of Warren Communications News.
Subscriber Login

CBP Posts Info, FAQs on C-TPAT Annual Security Profile Reviews

December 22, 2010 by Karen Marzullo|Top News

U.S. Customs and Border Protection has posted a frequently asked questions document on Customs-Trade Partnership Against Terrorism Annual Security Profile Reviews. CBP has also posted a document providing information on how to complete these reviews.

Sign up for a free preview to unlock the rest of this article

Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!

Start My Free Preview

(C-TPAT is a voluntary initiative between CBP and private business to build relationships that strengthen international supply chains and improve U.S. border security. Upon voluntarily signing the C-TPAT Partner Agreement, members are required to complete an Annual Security Profile Review and to update company profile information.)

The following are highlights of these documents, including the difference between the C-TPAT Annual Security Profile Review and the International Supply Chain Security Risk Assessment process:

Annual Review is a “Yearly Self Assessment” of the Company

The Annual Security Profile Review is a review and update of a company’s information and security profile that has been entered into the secure web portal. When the agreement to voluntarily participate was originally signed and a company was approved as a partner in the C-TPAT program, a condition of the program was to conduct a “yearly self assessment” of the company. This process is now referred to as the Annual Security Profile Review.

This review provides valuable information for the company’s Supply Chain Security Specialist (SCSS), prepares for upcoming validations, and allows C-TPAT members to reassess their current security procedures.

Members Have 90 Days to Complete Annual Review from Date of Notification

The Annual Security Profile Review notification process will commence January 1, 2011. Ninety days prior to a member’s annual review date, they will receive an automated email notification stating that they are required to complete their annual security profile within 90 days. The email will be sent to all the points of contact listed in a company’s profile within the C-TPAT secure web portal.

In addition, C-TPAT members may check their portal homepage which will indicate when their annual security profile review is due.

Certain Information Must be Reviewed and Updated as Part of Review

The information that must be reviewed and updated in a company/security profile includes:

  • Company Name*
  • Email Address
  • Company Address(s)
  • Company Contact(s)
  • Company Phone Number(s)
  • Number of Employees
  • Active IOR Numbers, if applicable*
  • CBP Importer bond number*
  • SCAC Code, if applicable*
  • Manufacturer Identification Number (MID)
  • With respect to the Security Profile-provide any updates and date, append any current information in the Partner Response Box (includes describing any self audits or testing of security procedures, involvement in mutual recognition programs, etc.)

CBP notes that it is important that company identifiers are correct in the secure web portal to ensure that the appropriate benefits are assigned.

*CBP asks that C-TPAT members notify their assigned SCSS directly if a change occurs to any of this information.

Process Overview

To complete the Annual Security Profile Review, the C-TPAT member should:

  • Log into the C-TPAT Web Portal
  • Review Company Profile Information
  • Review Security Profile Information
  • Append new information after current language
  • Check the Annual Review box for each criteria section
  • Submit

SCSS Will Review and Approve Annual Security Reviews

The annual security profile review will be reviewed and approved by the company’s assigned SCSS. After companies complete and submit their security profile review, their assigned SCSS will be notified that it was completed and submitted. The SCSS is responsible for either rejecting or approving the updated information. A SCSS will contact companies via the web portal if there are any questions.

Difference Between Annual Security Review and Int’l Supply Chain Risk Assessment Process

In response to a question on what the difference is between the C-TPAT Annual Security Profile Review and the recently clarified International Supply Chain Security Risk Assessment process, CBP states that the two are separate but go hand-in-hand because C-TPAT members are expected to make adjustments to their security procedures based on current threat and vulnerability risk information.

As explained in the Risk Assessment FAQs, a security risk assessment is a fundamental part of a C-TPAT company’s security program, and must include an examination of the security threat environment and operational vulnerabilities in the member’s supply chain, using a risk-based approach. The member should then use the on-going information gathered through the risk assessment process to incorporate into their annual security profile review.

(See ITT’s Online Archives or 07/20/10 news, 10072017, for BP summary of the C-TPAT supply chain risk assessment guide and FAQs.)

Unreported Process Changes Could Affect Status

CBP notes that if process changes that needs to be updated as part of the annual review and is not, it could affect members’ C-TPAT status. A company’s SCSS refers to their Security Profile in preparation to any validation.

FAQs are available here.

Information on completing the review is available here.