Page Title

The mate was a mighty sailing man the skipper brave and sure five passengers set sail that day for a three hour tour a three hour tour thank you for being a friend up

CTPAT Enrollment, Validation, and Revalidation

Joining CTPAT

In order to understand the CTPAT program, you must first determine if your company is eligible to join.

  1. If you are eligible to join, you must review the benefits of the program as well as the minimum security requirements in order to determine if the CTPAT program is meant for your company.
  2. If no, you must determine if you want to meet the minimum security requirements. This will enable you, as a supply chain business partner, to conduct business with a CTPAT member.

In order to help you determine if the C-TPAT program is meant for your company, Norman Jaspan Associates, Inc. (NJA) has prepared the CTPAT documents (see below) for review that will enable you to make an informed decision.

Please contact NJA so that we can explain the program in greater detail and answer any questions that you may have. In addition, we will review the written procedures and processes that you have to implement, if they do not exist.

Validation

The validation phase has changed significantly since you were initially certified. In order to help you prepare for the validation phase, Norman Jaspan Associates, Inc. (NJA) has prepared a validation overview, which explains the validation process and provides you with a description of some of the required written procedures (see below).

Please contact NJA so that we set up and implement the required written procedures for you as well as answer your questions about preparation for this very important process. Remember that if you and your supply chain business providers (SCBP) do not demonstrate that you and your SCBP are meeting the minimum security requirements, you may be suspended from the program.

Validation Overview

U.S. Customs and Border Protection (CBP) through the SAFE Port Act mandates that a CTPAT participant (Tier 1) will undergo a validation phase (Tier 2) within one year after becoming CTPAT certified by its Supply Chain Security Specialist (SCSS).

The validation phase has changed significantly since you were initially certified. As the CTPAT program benefits have increased, the minimum security requirements have also increased. Your objective is to score as close to 100% as possible. Any “Recommendations and/or Actions Required” that you receive during the validation phase will become part of the validation report unless you respond to them prior to the validation report being written. During the revalidation phase (the validation that takes place within 3 years of the initial or prior validation), one of the topics that your SCSS will focus on will be what was addressed in the initial or prior validation report issued by the SCSS.

The focus of the validation is to be able to respond with written procedures which have been implemented, for every question asked during the validation visit.

Many CTPAT members are concerned that they are not adequately prepared for the validation phase.  Some of their concerns relate to their compliance with:

  • Written procedures
  • Documentation (Eg: Personnel files-Background checks and criminal checks (new and existing employees). Norman Jaspan Associates, Inc. (NJA) performs these checks.
  • Employee threat-awareness program and CTPAT training – NJA provides a program that is well documented with the date of training, topics reviewed during the validation, results of the employee’s test and the employee’s name
  • Annual Security Profile Review
  • Five Step Risk Assessment Program
  • Internal/External security audits and report
  • Continuously sending out and evaluating security questionnaires to business supply chain providers in order to ascertain that they are meeting the minimum security requirements.

The validation process consists of six (6) components:

  1. The SCSS schedules a visit with the company at least 30 days in advance of the validation.
  2. The company prepares for the validation review by the SCSS.
  3. The SCSS will conduct an on site visit which will take place at one or more of the following locations: company’s domestic facilities which include corporate office, warehouses (private and/or third party), deconsolidation facilities, trucking companies and distribution centers, where applicable. In addition, the SCSS will conduct a site visit at the foreign business supply chain providers (foreign suppliers, consolidators, and trucking companies) where applicable.
  4. A validation report is issued by the SCSS within ninety (90) days of the validation closeout.
  5. You have ninety (90) days to respond to any “Recommendations/and or Actions Required” which are noted in the validation report.  The CTPAT member responds to the validation report by clicking on the section “Partners” and scrolling down to the section called “Validation Response”. Each section requires a response. When responding to sections that are entitled “Actions Required”, the   CTPAT member must upload a written procedure that has been implemented. Upon completion, click on the submit button. Once your SCSS receives your validation response, the SCSS will respond with a check mark in one of two boxes: accept or reject. If you receive a checkmark in the box titled reject, you will be given a specific amount of time, which will be listed on the validation response section, to respond. After all the sections, have been approved, your account status will go from “certified” to “certified validated.”If you receive too many “Actions Required”, you can be suspended from the CTPAT program. It is up to the discretion of your SCSS to determine how many “Actions Required” result in a suspension. In order to be considered for reinstatement into the CTPAT program, approval must be obtained by your SCSS and in some cases by headquarters in Washington, DC. In addition, a second on site visit may be required. If the company has not responded within the 90-day response period, it will be suspended from the CTPAT program and thus lose the CTPAT benefits that were awarded to it as a Tier 1 member. This can result in the CTPAT participant losing present and potential future customers, where CTPAT certification is a requirement to conduct business. In addition, there may also be an increase in inspections and audits.
  6. The SCSS responds to the company’s written validation response.

After the validation phase, you will go will undergo a revalidation within three years from the date of the initial foreign validation. However, CBP has the right to revalidate based on cause or incident, on a more frequent basis, as it deems necessary. In addition, the C-TPAT member will undergo an annual security profile review approximately one year after becoming CTPAT certified.

The CTPAT validation is not intended to be an audit.  However you must prepare for the validation as if that were the case.

Norman Jaspan Associates, Inc. (NJA) will work with the Tier 1 CTPAT participant in becoming validated by conducting the following analysis of the supply chain:

  1. Create a supply chain flow chart in order to determine their exposure to risk starting with the shipper (foreign) and ending with the importer of record and the domestic consignee, regardless of who is responsible for contracting the business supply chain partner.
  2. Review the participant’s approved security profile to ensure that it is compliant with CBP’s current requirements. (The requirements may have changed and/or become more stringent since the security profile was initially submitted.)
  3. Determine if the security profile is factually accurate. Review the participant’s documentation to ascertain if the written procedures are being implemented.
  4. Work with the participant’s CTPAT team in reviewing, updating and creating written procedures as well as helping to implement them.
  5. Make sure that the security survey questionnaires have been sent and completed by the business supply chain providers that will be visited by your SCSS during the validation phase.
  6. Thoroughly review the business supply chain provider’s security survey questionnaires to ascertain if they are meeting the minimum security requirements and if the written procedures exist and are being implemented. Please note that although your business partner may be a CTPAT member or if not eligible to join, were previously visited by a SCSS on behalf of another CTPAT member, they are not exempt from receiving formal recommendations/requirements from CBP, which affects your revalidation.
  7. Discuss with the business supply chain provider by telephone, fax and visit (if applicable) the deficiencies that were identified in their security survey questionnaires and obtain the appropriate information in order to make recommendations and create written procedures where necessary.

In addition to physically visiting the CTPAT member prior to the validation visit, we will also be present on the day of the validation as well as before in order to have the member prepared.

We will work with the participant in responding to the validation report which they will receive within ninety (90) days after the validation has been completed.

Please contact NJA so that we can review the validation phase with you based upon evaluating your approved CTPAT security profile.

Revalidation

The revalidation phase has changed significantly since you were initially or previously validated. In order to prepare you for the revalidation phase, Norman Jaspan Associates, Inc. (NJA) has prepared a revalidation overview, which explains the revalidation process and provides you with a description of some of the required written procedures (see below).

Please contact NJA so that we set up and implement the required written procedures for you as well as answer your questions about preparation for this very important process. Remember that if you and your supply chain business providers (SCBP) do not demonstrate that you and your SCBP are meeting the minimum security requirements, you may be suspended from the program.

Revalidation Overview

Being Prepared

U.S. Customs and Border Protection (CBP) through the SAFE Port Act mandates that a CTPAT participant (Tier 2) will undergo a revalidation phase not less frequently than once every four years (usually within three years) after becoming CTPAT validated by its Supply Chain Security Specialist (SCSS).

The revalidation phase has changed significantly since you were previously validated. As the CTPAT program benefits have increased, the minimum security requirements have also increased. Your objective is to score as close to 100% as possible. Any “Recommendations and/or Actions Required” that you receive during the revalidation phase will become part of your next revalidation report unless you respond to them prior to the revalidation report being written. During the revalidation phase, one of the topics that your SCSS will focus on will be what was addressed in the initial validation or prior revalidation report issued by the SCSS.

The focus of the revalidation is to be able to respond with written procedures which have been implemented, for every question asked during the validation visit.

Many CTPAT members are concerned that they are not adequately prepared for the revalidation phase.  Some of their concerns relate to their compliance with:

  • Written procedures
  • Documentation (Eg: Personnel files-Background checks and criminal checks (new and existing employees). Norman Jaspan Associates, Inc. (NJA) performs these checks.
  • Employee threat-awareness program and C-TPAT training – NJA provides a program that is well documented with the date of training, topics reviewed during the validation, results of the employee’s test and the employee’s name.
    Annual Security Profile Review
  • Five Step Risk Assessment Program
  • Internal/External security audits and report
  • Continuously sending out and evaluating security questionnaires to business supply chain providers in order to ascertain that they are meeting the minimum security requirements.

The revalidation process consists of six (6) components:

  1. The SCSS schedules a visit with the company at least 30 days in advance of the validation.
  2. The company prepares for the revalidation review by the SCSS.
  3. The SCSS has the option of conducting a conference call with a company officer who is listed under company contacts in the company profile or conducting a site visit which will take place at one or more of the following locations: company’s domestic facilities which include corporate office, warehouses (private and/or third party), deconsolidation facilities, trucking companies and distribution centers, where applicable. In addition, the SCSS will conduct a site visit at the foreign business supply chain providers (foreign suppliers, consolidators, and trucking companies) where applicable.
  4. A revalidation report is issued by the SCSS within ninety (90) days of the revalidation closeout.
  5. You have ninety (90) days to respond to any “Recommendations/and or Actions Required” which are noted in the revalidation report.  The CTPAT member responds to the revalidation report by clicking on the section “Partners” and scrolling down to the section called “Revalidation Response”. Each section requires a response. When responding to sections that are entitled “Actions Required”, the   CTPAT member must upload a written procedure that has been implemented. Upon completion, click on the submit button. Once your SCSS receives your revalidation response, the SCSS will respond with a check mark in one of two boxes: accept or reject. If you receive a checkmark in the box titled reject, you will be given a specific amount of time, which will be listed on the revalidation response section, to respond. After all the sections, have been approved, your account status will go from “certified” to “certified validated.”If you receive too many “Actions Required”, you can be suspended from the CTPAT program. It is up to the discretion of your SCSS to determine how many “Actions Required” result in a suspension. In order to be considered for reinstatement into the CTPAT program, approval must be obtained by your SCSS and in some cases by Washington, DC. headquarters. In addition, a second on site visit may be required.  If the company has not responded within the ninety (90)-day response period, it will be suspended from the CTPAT program and thus lose the CTPAT benefits that were awarded to it as a Tier 2 member. This can result in the CTPAT participant losing present and potential future customers, where CTPAT certification is a requirement to conduct business. In addition, there may also be an increase in inspections and audits.
  6. The SCSS responds to the company’s written revalidation response.

After the revalidation phase, CBP has the right to revalidate based on cause or incident, on a more frequent basis than once every three years, as it deems necessary. In addition, the CTPAT member will undergo an annual security profile review approximately every year after becoming CTPAT certified.

The CTPAT revalidation is not intended to be an audit.  However you must prepare for the revalidation as if that were the case.

Norman Jaspan Associates, Inc. (NJA) will work with the Tier 2 CTPAT participant in becoming revalidated by conducting the following analysis of the supply chain:

  1. Create a supply chain flow chart in order to determine their exposure to risk starting with the shipper (foreign) and ending with the importer of record and the domestic consignee, regardless of who is responsible for contracting the business supply chain partner.
  2. Review the participant’s approved security profile to ensure that it is compliant with CBP’s current requirements. (The requirements may have changed and/or become more stringent since the security profile was initially submitted.)
  3. Determine if the security profile is factually accurate. Review the participant’s documentation to ascertain if the written procedures are being implemented.
  4. Work with the participant’s CTPAT team in reviewing, updating and creating written procedures as well as helping to implement them.
  5. Make sure that the security survey questionnaires have been sent and completed by the business supply chain providers that will be visited by your SCSS during the revalidation phase.
  6. Thoroughly review the business supply chain provider’s security survey questionnaires to ascertain if they are meeting the minimum security requirements and if the written procedures exist and are being implemented. Please note that although your business partner may be a CTPAT member or if not eligible to join, were previously visited by a SCSS on behalf of another CTPAT member, they are not exempt from receiving formal recommendations/requirements from CBP, which affects your revalidation.
  7. Discuss with the business supply chain provider by telephone, fax and visit (if applicable) the deficiencies that were identified in their security survey questionnaires and obtain the appropriate information in order to make recommendations and create written procedures where necessary.

In addition to physically visiting the CTPAT member prior to the revalidation visit, we will also be present on the day of the revalidation as well as before in order to have the member prepared.

We will work with the participant in responding to the revalidation report which they will receive within ninety (90) days after the revalidation has been completed.

Please contact NJA so that we can review the validation phase with you based upon evaluating your approved CTPAT security profile.