U.S. Customs and Border Protection (CBP) through the SAFE Port Act mandates that a CTPAT participant (Tier 1) will undergo a validation phase (Tier 2) within one year after becoming CTPAT certified by its Supply Chain Security Specialist (SCSS).
The validation phase has changed significantly since you were initially certified. As the CTPAT program benefits have increased, the minimum security requirements have also increased. Your objective is to score as close to 100% as possible. Any “Recommendations and/or Actions Required” that you receive during the validation phase will become part of the validation report unless you respond to them prior to the validation report being written. During the revalidation phase (the validation that takes place within 3 years of the initial or prior validation), one of the topics that your SCSS will focus on will be what was addressed in the initial or prior validation report issued by the SCSS.
The focus of the validation is to be able to respond with written procedures which have been implemented, for every question asked during the validation visit.
Many CTPAT members are concerned that they are not adequately prepared for the validation phase. Some of their concerns relate to their compliance with:
- Written procedures
- Documentation (Eg: Personnel files-Background checks and criminal checks (new and existing employees). Norman Jaspan Associates, Inc. (NJA) performs these checks.
- Employee threat-awareness program and CTPAT training – NJA provides a program that is well documented with the date of training, topics reviewed during the validation, results of the employee’s test and the employee’s name
- Annual Security Profile Review
- Five Step Risk Assessment Program
- Internal/External security audits and report
- Continuously sending out and evaluating security questionnaires to business supply chain providers in order to ascertain that they are meeting the minimum security requirements.
The validation process consists of six (6) components:
- The SCSS schedules a visit with the company at least 30 days in advance of the validation.
- The company prepares for the validation review by the SCSS.
- The SCSS will conduct an on site visit which will take place at one or more of the following locations: company’s domestic facilities which include corporate office, warehouses (private and/or third party), deconsolidation facilities, trucking companies and distribution centers, where applicable. In addition, the SCSS will conduct a site visit at the foreign business supply chain providers (foreign suppliers, consolidators, and trucking companies) where applicable.
- A validation report is issued by the SCSS within ninety (90) days of the validation closeout.
- You have ninety (90) days to respond to any “Recommendations/and or Actions Required” which are noted in the validation report. The CTPAT member responds to the validation report by clicking on the section “Partners” and scrolling down to the section called “Validation Response”. Each section requires a response. When responding to sections that are entitled “Actions Required”, the CTPAT member must upload a written procedure that has been implemented. Upon completion, click on the submit button. Once your SCSS receives your validation response, the SCSS will respond with a check mark in one of two boxes: accept or reject. If you receive a checkmark in the box titled reject, you will be given a specific amount of time, which will be listed on the validation response section, to respond. After all the sections, have been approved, your account status will go from “certified” to “certified validated.”If you receive too many “Actions Required”, you can be suspended from the CTPAT program. It is up to the discretion of your SCSS to determine how many “Actions Required” result in a suspension. In order to be considered for reinstatement into the CTPAT program, approval must be obtained by your SCSS and in some cases by headquarters in Washington, DC. In addition, a second on site visit may be required. If the company has not responded within the 90-day response period, it will be suspended from the CTPAT program and thus lose the CTPAT benefits that were awarded to it as a Tier 1 member. This can result in the CTPAT participant losing present and potential future customers, where CTPAT certification is a requirement to conduct business. In addition, there may also be an increase in inspections and audits.
- The SCSS responds to the company’s written validation response.
After the validation phase, you will go will undergo a revalidation within three years from the date of the initial foreign validation. However, CBP has the right to revalidate based on cause or incident, on a more frequent basis, as it deems necessary. In addition, the CTPAT member will undergo an annual security profile review approximately one year after becoming CTPAT certified.
The CTPAT validation is not intended to be an audit. However you must prepare for the validation as if that were the case.
Norman Jaspan Associates, Inc. (NJA) will work with the Tier 1 CTPAT participant in becoming validated by conducting the following analysis of the supply chain:
- Create a supply chain flow chart in order to determine their exposure to risk starting with the shipper (foreign) and ending with the importer of record and the domestic consignee, regardless of who is responsible for contracting the business supply chain partner.
- Review the participant’s approved security profile to ensure that it is compliant with CBP’s current requirements. (The requirements may have changed and/or become more stringent since the security profile was initially submitted.)
- Determine if the security profile is factually accurate. Review the participant’s documentation to ascertain if the written procedures are being implemented.
- Work with the participant’s CTPAT team in reviewing, updating and creating written procedures as well as helping to implement them.
- Make sure that the security survey questionnaires have been sent and completed by the business supply chain providers that will be visited by your SCSS during the validation phase.
- Thoroughly review the business supply chain provider’s security survey questionnaires to ascertain if they are meeting the minimum security requirements and if the written procedures exist and are being implemented. Please note that although your business partner may be a CTPAT member or if not eligible to join, were previously visited by a SCSS on behalf of another CTPAT member, they are not exempt from receiving formal recommendations/requirements from CBP, which affects your revalidation.
- Discuss with the business supply chain provider by telephone, fax and visit (if applicable) the deficiencies that were identified in their security survey questionnaires and obtain the appropriate information in order to make recommendations and create written procedures where necessary.
In addition to physically visiting the CTPAT member prior to the validation visit, we will also be present on the day of the validation as well as before in order to have the member prepared.
We will work with the participant in responding to the validation report which they will receive within ninety (90) days after the validation has been completed.
Please contact NJA so that we can review the validation phase with you based upon evaluating your approved CTPAT security profile.