U.S. Customs and Border Protection (CBP) through the SAFE Port Act mandates that a CTPAT participant (Tier 2) will undergo a revalidation phase not less frequently than once every four years (usually within three years) after becoming CTPAT validated by its Supply Chain Security Specialist (SCSS).
The revalidation phase has changed significantly since you were previously validated. As the CTPAT program benefits have increased, the minimum security requirements have also increased. Your objective is to score as close to 100% as possible. Any “Recommendations and/or Actions Required” that you receive during the revalidation phase will become part of your next revalidation report unless you respond to them prior to the revalidation report being written. During the revalidation phase, one of the topics that your SCSS will focus on will be what was addressed in the initial validation or prior revalidation report issued by the SCSS.
The focus of the revalidation is to be able to respond with written procedures which have been implemented, for every question asked during the validation visit.
Many CTPAT members are concerned that they are not adequately prepared for the revalidation phase. Some of their concerns relate to their compliance with:
- Written procedures
- Documentation (Eg: Personnel files-Background checks and criminal checks (new and existing employees). Norman Jaspan Associates, Inc. (NJA) performs these checks.
- Employee threat-awareness program and CTPAT training – NJA provides a program that is well documented with the date of training, topics reviewed during the validation, results of the employee’s test and the employee’s name.
Annual Security Profile Review
- Five Step Risk Assessment Program
- Internal/External security audits and report
- Continuously sending out and evaluating security questionnaires to business supply chain providers in order to ascertain that they are meeting the minimum security requirements.
The revalidation process consists of six (6) components:
- The SCSS schedules a visit with the company at least 30 days in advance of the validation.
- The company prepares for the revalidation review by the SCSS.
- The SCSS has the option of conducting a conference call with a company officer who is listed under company contacts in the company profile or conducting a site visit which will take place at one or more of the following locations: company’s domestic facilities which include corporate office, warehouses (private and/or third party), deconsolidation facilities, trucking companies and distribution centers, where applicable. In addition, the SCSS will conduct a site visit at the foreign business supply chain providers (foreign suppliers, consolidators, and trucking companies) where applicable.
- A revalidation report is issued by the SCSS within ninety (90) days of the revalidation closeout.
- You have ninety (90) days to respond to any “Recommendations/and or Actions Required” which are noted in the revalidation report. The CTPAT member responds to the revalidation report by clicking on the section “Partners” and scrolling down to the section called “Revalidation Response”. Each section requires a response. When responding to sections that are entitled “Actions Required”, the CTPAT member must upload a written procedure that has been implemented. Upon completion, click on the submit button. Once your SCSS receives your revalidation response, the SCSS will respond with a check mark in one of two boxes: accept or reject. If you receive a checkmark in the box titled reject, you will be given a specific amount of time, which will be listed on the revalidation response section, to respond. After all the sections, have been approved, your account status will go from “certified” to “certified validated.”If you receive too many “Actions Required”, you can be suspended from the CTPAT program. It is up to the discretion of your SCSS to determine how many “Actions Required” result in a suspension. In order to be considered for reinstatement into the CTPAT program, approval must be obtained by your SCSS and in some cases by Washington, DC. headquarters. In addition, a second on site visit may be required. If the company has not responded within the ninety (90)-day response period, it will be suspended from the CTPAT program and thus lose the CTPAT benefits that were awarded to it as a Tier 2 member. This can result in the CTPAT participant losing present and potential future customers, where CTPAT certification is a requirement to conduct business. In addition, there may also be an increase in inspections and audits.
- The SCSS responds to the company’s written revalidation response.
After the revalidation phase, CBP has the right to revalidate based on cause or incident, on a more frequent basis than once every three years, as it deems necessary. In addition, the CTPAT member will undergo an annual security profile review approximately every year after becoming CTPAT certified.
The CTPAT revalidation is not intended to be an audit. However you must prepare for the revalidation as if that were the case.
Norman Jaspan Associates, Inc. (NJA) will work with the Tier 2 CTPAT participant in becoming revalidated by conducting the following analysis of the supply chain:
- Create a supply chain flow chart in order to determine their exposure to risk starting with the shipper (foreign) and ending with the importer of record and the domestic consignee, regardless of who is responsible for contracting the business supply chain partner.
- Review the participant’s approved security profile to ensure that it is compliant with CBP’s current requirements. (The requirements may have changed and/or become more stringent since the security profile was initially submitted.)
- Determine if the security profile is factually accurate. Review the participant’s documentation to ascertain if the written procedures are being implemented.
- Work with the participant’s CTPAT team in reviewing, updating and creating written procedures as well as helping to implement them.
- Make sure that the security survey questionnaires have been sent and completed by the business supply chain providers that will be visited by your SCSS during the revalidation phase.
- Thoroughly review the business supply chain provider’s security survey questionnaires to ascertain if they are meeting the minimum security requirements and if the written procedures exist and are being implemented. Please note that although your business partner may be a CTPAT member or if not eligible to join, were previously visited by a SCSS on behalf of another CTPAT member, they are not exempt from receiving formal recommendations/requirements from CBP, which affects your revalidation.
- Discuss with the business supply chain provider by telephone, fax and visit (if applicable) the deficiencies that were identified in their security survey questionnaires and obtain the appropriate information in order to make recommendations and create written procedures where necessary.
In addition to physically visiting the CTPAT member prior to the revalidation visit, we will also be present on the day of the revalidation as well as before in order to have the member prepared.
We will work with the participant in responding to the revalidation report which they will receive within ninety (90) days after the revalidation has been completed.
Please contact NJA so that we can review the validation phase with you based upon evaluating your approved CTPAT security profile.