WHAT IS CYBERSECURITY?
Cybersecurity refers to the body of technologies, processes and practices designed to protect networks, devices, programs and data from attack, damage or unauthorized access.
For Cybersecurity, the size of your company is not defined by the amount of hardware and software that your company has but by the RISK exposure that you have. For example, a company that has ten (10) computers dedicated to use in the office, with no remote access has much less risk than a company with five (5) computers with remote access and accepts credit card payments.
HOW CAN NORMAN JASPAN ASSOCIATES, INC. (NJA) HELP YOU COMPLY WITH CYBERSECURITY?
NJA is able to synthesize the Cybersecurity stringent criteria, regardless of the size of your company. NJA has created an audit checklist, which also contains examples of different types of software and hardware along with a glossary of cybersecurity terms, that will enable you do the following:
In addition, we will work with your company to establish a cybersecurity training program, with phishing exercises, if applicable, that can be administered by your own company.
WHAT DOES THE CTPAT MEMBER REALLY KNOW ABOUT CYBERSECURITY?
Most small to medium size companies do not have extensive knowledge about cybersecurity and probably rely on an Internal IT department or external IT consultant to address computer issues. Depending on the size and depth of the internal IT department and the services of the external IT consultant, most of them only focus on repairing hardware problems, installing software and hardware and addressing email issues.
HOW DOES CYBERSECURITY AFFECT MY SUPPLY CHAIN?
Cybersecurity is found in its entirety in all twelve (12) different CTPAT eligibility categories. In order to pass a validation, you must physically demonstrate (on the computer and in written documentation) that you have the MSC or have your security profile approved. CTPAT members as well as their business partners must meet the requirements. These partners include anyone with access to their information such as the Customs Broker, Freight Forwarder, Third Party Warehouse and Foreign Supplier.
Since Cybersecurity is a never-ending battle to prevent attacks, damage or unauthorized access, the IT user must constantly learn and reevaluate. A Cybersecurity attack is NOT a question of IF but WHEN.
HISTORY AND BACKGROUND OF UPDATED/NEW 2020 CTPAT SECURITY PROFILE
Effective January 1, 2020, U.S. Customs and Border Protection (CBP) implemented an updated version of the CTPAT Minimum Security Criteria (MSC) for CTPAT members and their supply chain business partners. The new MSC applies to all 12 Industry categories. It is the first major revision since 2003. In addition; they added one additional Eligibility Requirement which is as follows:
NEW ELIGIBILTY REQUIREMENT
A CTPAT member or applicant must maintain no evidence of financial debt to CBP for which the responsible party has exhausted all administrative and judicial remedies for relief, a final judgment or administrative disposition has been rendered, and the final bill or debt remains unpaid at the time of the initial application or annual renewal. Evidence of financial debt can result in membership application being declined, or if you are already a member, being suspended from the CTPAT program.
All Industries will be expected to upgrade their security to meet the new requirements. Please see dates of implementation.
The changes include three new criteria categories (Security Vision and Responsibility, Cybersecurity and Agricultural Security) plus an enhanced version of all of the other sections. Below is an overview of the three sections:
1) Corporate Security-A) Security vision and responsibility (NEW) B) Risk Assessment, C) Business partner requirements D) Cybersecurity (NEW)
2) Transportation Security-A) Conveyance and IIT security B) Seal Security C) Procedural Security E) Agricultural Security (NEW)
3) People and physical security—A) Physical access B) Physical Security C) Personnel security D) Security training, threat awareness (NEW).
The new MSC is not only going to hold the CTPAT member accountable but now the spotlight is going to focus on the first and second tier business partners.
For many CTPAT members and their service providers, this is a lot to digest all at once. For some, this is going to represent a major change in the way they are doing business. For those CTPAT members who are only a member because it is required by their customer, the new MSC will be overwhelming. In addition, there is no discretion in latitude that CBP previously provided the CTPAT member in their ability to demonstrate their adherence to MSC, (both domestic and especially foreign.
We will develop the proper procedures, questionnaires, and checklists as well as security training in order to bridge the gap between what you physically have in place and what is required. For over 19 years, we have successfully assisted applicants to join the CTPAT program and have traveled around the world to prepare and be present for foreign validations. The latter is of significant importance during a revalidation when there is no domestic validation and your ability to maintain your CTPAT status rests solely with your foreign supplier and their business partners being able to demonstrate that they are meeting the MSC.
CTPAT Resources (all items are "clickable" to download):
Click on Learn More below for additional details on: