VISCO’s role in CTPAT
Secure

VISCO’s role in CTPAT

Remember that the burden of compliance (actually proof of the attempt to comply) is always on the importer of record.  It’s also important to note that the goal is to mitigate risk while recognizing that it is impossible to eliminate risk. CBP seal

At first glance, it may seem that the “Relevance of VIS” entries below are very basic, and at times redundant.  Couldn’t any number of databases provide this functionality?  There are a couple of very important things to remember:

1. There are about 35 areas listed below where VIS would play a role in helping the importer document C-TPAT compliance for CBP (Customs and Border Protection).  Most of the time, VIS is simply storing information about other companies procedures.  What’s crucial to remember is that these procedures must be documented for EACH of the foreign vendors, inter-modal carriers, ocean-going carriers, forwarders, etc.  This would be quite a task by itself, but what’s really important is the ability to also know which of these entities put their hands on any one shipment.  When used properly, VIS provides this information virtually out-of-box.

Let’s say CBP identifies a container as “suspect” because the container seal appears to have been tampered with.  The challenge is to find out everything possible about the container as quickly as possible.  Without a central repository storing all the information below, AND THE ABILITY TO LINK IT TO THE CONTAINER, how long would it take to provide this information?
That’s not to say that CBP would even want all this information.  It may be enough to be able to understand where the container originated and when the seal was first reported as damaged.  Let’s imagine for our purposes that there is an indication that the container was bumped against another at the port of departure.  That may be as far as CBP would need to go to consider the container safe enough to open and physically inspect.

But now let’s imagine another scenario.  This time, CBP does a physical inspection and finds some sort of contraband.  In this case, they may need the ability to review the procedures of each entity involved in the shipment.  Theoretically, it would be possible for CBP to pinpoint not only where the contraband was introduced to the container, but also to show the deficiency in the process that allowed it to happen.  That’s what they are after, and that’s what we can facilitate just by being able to provide the information efficiently.

2. It would fall to the importer of record to provide that kind of system, and that would cost money.  While some large importers would clearly see ROI solely from participating in the C-TPAT program (goods clearing more quickly, etc.), most small and medium-size importers would not find this to be the case (and to be fair, CBP is tasked with making the borders secure, not providing ROI to importers).  The question becomes, how can more small and medium-size importers afford to join C-TPAT?  One answer is: by implementing VIS.

Because the capabilities that would facilitate C-TPAT compliance are basically ancillary to the real mission of VIS (which is to provide ROI with product visibility, costing and other financial tools), the Venture Information System’s role in C-TPAT compliance is virtually cost-free.

C-TPAT Importer Security Criteria
03/25/2005

C-TPAT Security Criteria Importers
Importers must conduct a comprehensive assessment of their international supply chains based upon the following C-TPAT security criteria. Where an importer out-sources or contracts elements of their supply chain, such as a foreign facility, conveyance, domestic warehouse, or other elements, the importer must work with these business partners to ensure that pertinent security measures are in place and adhered to throughout their supply chain. The supply chain for C-TPAT purposes is defined from point of origin (manufacturer/supplier/vendor) through to point of distribution – and recognizes the diverse business models C-TPAT members employ.

C-TPAT recognizes the complexity of international supply chains and endorses the application and implementation of security measures based upon risk analysis. Therefore, the program allows for flexibility and the customization of security plans based on the member’s business model.

Appropriate security measures, as listed throughout this document, must be implemented and maintained throughout the importer’s supply chains – based on risk.

Business Partner Requirement
Importers must have written and verifiable processes for the selection of business partners including manufacturers, product suppliers and vendors.

VIS’ RELEVANCE – VIS would serve as the central repository for user companies to store relevant documents spelling out security measures in place at their vendors’ facilities.  VIS would store this type of information for each company involved in their supply chain.  VIS offers reporting functionality designed to provide valuable supplier data for cost effective supplier selection.  This also serves as a verifiable process of vendor selection

Security procedures
For those business partners eligible for C-TPAT certification (carriers, ports, terminals, brokers, consolidators, etc.) the importer must have documentation (e.g., C-TPAT certificate, SVI number, etc.) indicating whether these business partners are or are not C-TPAT certified.

VIS’ RELEVANCE – VIS would store relevant documentation for each of these entities and enable the easy distribution to CBP upon request.  (In the case of the Universys pilot, CBP would have direct access.)  Each of these entities has an associated electronic library of documentation with in VIS.

For those business partners not eligible for C-TPAT certification (currently, only Mexican businesses are eligible to participate.  Asian and European companies will be folded in at a later date.), importers must require their business partners to demonstrate that they are meeting C-TPAT security criteria via written/electronic confirmation (e.g., contractual obligations; via a letter from a senior business partner officer attesting to compliance; a written statement from the business partner demonstrating their compliance with C-TPAT security criteria or an equivalent WCO accredited security program administered by a foreign customs authority; or, by providing a completed importer security questionnaire).Based upon a documented risk assessment process, non-C-TPAT eligible business partners must be subject to verification of compliance with C-TPAT security criteria by the importer.

VIS’ RELEVANCE – VIS would store relevant documentation for each of these entities and enable the easy distribution to CBP upon request.  To accommodate C-TPAT security criteria, pdf’s, Word Doc’s as well as any other file type recognized by a Windows operating system can be stored as supporting documentation for business partners.

Point of Origin
Importers must ensure business partners develop security processes and procedures consistent with the C-TPAT security criteria to enhance the integrity of the shipment at point of origin. Periodic reviews of business partners’ processes and facilities should be conducted based on risk, and should maintain the security standards required by the importer.

VIS’ RELEVANCE – VIS would store relevant documentation for each of these entities and enable the easy distribution to CBP upon request.  In addition to Purchase Orders, Packing Lists, Delivery Orders, and the various other system generated documents, VIS sores and manages the Certificate of Origin, Bill of Lading, and Commercial Invoice at the shipment level to enhance the integrity of each and every shipment.

Participation / Certification in Foreign Customs Administrations Supply Chain Security Programs
Current or prospective business partners who have obtained a certification in a supply chain security program being administered by foreign Customs Administration should be required to indicate their status of participation to the importer.

VIS’ RELEVANCE – VIS would store relevant documentation for each of these entities and enable the easy distribution to CBP upon request.

Other Internal criteria for selection
Internal requirements, such as financial soundness, capability of meeting contractual security requirements, and the ability to identify and correct security deficiencies as needed, should be addressed by the importer. Internal requirements should be assessed against a risk-based process as determined by an internal management team.

VIS’ RELEVANCE – VIS would store relevant documentation for each of these entities and enable the easy distribution to CBP upon request.

Container Security
Container integrity must be maintained to protect against the introduction of unauthorized material and/or persons. At point of stuffing, procedures must be in place to properly seal and maintain the integrity of the shipping containers. A high security seal must be affixed to all loaded containers bound for the U.S. All seals must meet or exceed the current PAS ISO 17712 standards for high security seals.

VIS’ RELEVANCE – VIS could be integrated with a smart seal system (as is expected in the Universys pilot) store relevant documentation for each of these entities and enable the easy distribution to CBP upon request.

Container Inspection
Procedures must be in place to verify the physical integrity of the container structure prior to stuffing, to include the reliability of the locking mechanisms of the doors. A seven-point inspection process is recommended for all containers:

  • Front wall
  • Left side
  • Right side
  • Floor
  • Ceiling/Roof
  • Inside/outside doors
  • Outside/Undercarriage

Container Seals
Written procedures must stipulate how seals are to be controlled and affixed to loaded containers – to include procedures for recognizing and reporting compromised seals and/or containers to US Customs and Border Protection or the appropriate foreign authority. Only designated employees should distribute container seals for integrity purposes.

VIS’ RELEVANCE – The information might include ID information for whoever sealed the container.  Who controls the seal inventory?  How is reporting handled?

Container Storage
Containers must be stored in a secure area to prevent unauthorized access and/or manipulation. Procedures must be in place for reporting and neutralizing unauthorized entry into containers or container storage areas.

VIS’ RELEVANCE – This would be defined in documents provided by each entity involved in the supply chain, and stored in VIS.  The procedures for reporting tampering would be included here.

Physical Access Controls
Access controls prevent unauthorized entry to facilities, maintain control of employees and visitors, and protect company assets. Access controls must include the positive identification of all employees, visitors, and vendors at all points of entry.

VIS’ RELEVANCE – Documentation of each company’s unique access control procedures would be stored in VIS.

Employees
An employee identification system must be in place for positive identification and access control purposes. Employees should only be given access to those secure areas needed for the performance of their duties. Company management or security personnel must adequately control the issuance and removal of employee, visitor and vendor identification badges. Procedures for the issuance, removal and changing of access devices (e.g. keys, key cards, etc.) must be documented.

VIS’ RELEVANCE – Documentation of each company’s unique access control procedures would be stored in VIS.

Visitors
Visitors must present photo identification for documentation purposes upon arrival. All visitors should be escorted and visibly display temporary identification.

VIS’ RELEVANCE – Documentation of each company’s unique visitor procedures would be stored in VIS.

Deliveries (including mail)
Proper vendor ID and/or photo identification must be presented for documentation purposes upon arrival by all vendors. Arriving packages and mail should be periodically screened before being disseminated.

VIS’ RELEVANCE – Documentation of each company’s unique parcel and mail delivery/inspection procedures would be stored in VIS.

Challenging and Removing Unauthorized Persons
Procedures must be in place to identify, challenge and address unauthorized/unidentified persons.

VIS’ RELEVANCE – Documentation of each company’s unique unauthorized persons procedures would be stored in VIS.

Personnel Security
Processes must be in place to screen prospective employees and to periodically check current employees.

VIS’ RELEVANCE – Documentation of each company’s unique personnel security procedures would be stored in VIS.

Pre-Employment Verification
Application information, such as employment history and references must be verified prior to employment.

VIS’ RELEVANCE – Documentation of each company’s unique pre-employment qualification procedures would be stored in VIS.

Background checks / investigations
Consistent with foreign, federal, state, and local regulations, background checks and investigations should be conducted for prospective employees. Once employed, periodic checks and reinvestigations should be performed based on cause, and/or the sensitivity of the employee’s position.

VIS’ RELEVANCE – Documentation of each company’s unique background check procedures would be stored in VIS.

Personnel Termination Procedures
Companies must have procedures in place to remove identification, facility, and system access for terminated employees.

VIS’ RELEVANCE – Documentation of each company’s unique personnel termination procedures would be stored in VIS.

Procedural Security
Security measures must be in place to ensure the integrity and security of processes relevant to the transportation, handling, and storage of cargo in the supply chain.

VIS’ RELEVANCE – Documentation of each company’s unique procedural security procedures would be stored in VIS.

Documentation Processing
Procedures must be in place to ensure that all information used in the clearing of merchandise/cargo, is legible, complete, accurate, and protected against the exchange, loss or introduction of erroneous information. Documentation control must include safeguarding computer access and information.

VIS’ RELEVANCE – Document generation and management is one of the most robust features of VIS.  In particular, VIS’ “Container Instruction Sheet” provides an excellent point of cross-reference against incoming documents that may be difficult to read or even in broken English.  This system generated document serves as a summary sheet to aid in minimizing misclassification and other human errors when clearing goods through customs.

Manifesting Procedures
To help ensure the integrity of cargo received from abroad, procedures must be in place to ensure that information received from business partners is reported accurately and timely.

VIS’ RELEVANCE – Documentation of each company’s unique manifesting procedures would be stored in VIS.

Shipping & Receiving
Arriving cargo should be reconciled against information on the cargo manifest. The cargo should be accurately described, and the weights, labels, marks and piece count indicated and verified.* Departing cargo should be verified against purchase or delivery orders**. Drivers delivering or receiving cargo must be positively identified before cargo is received or released.

VIS’ RELEVANCE – *Documentation of each company’s unique shipping and receiving procedures would be stored in VIS.  VIS was specifically designed to provide accurate product descriptions (including weight, labeling, etc.)

** The strength of the system also lies in it’s ability to track orders at the unit level.  Every unit that is purchased and sold can be tracked back to it’s origin (with associated documentation), also allowing the importer to find other units from the effected lot and which customers it went to.

Cargo Discrepancies
All shortages, overages, and other significant discrepancies or anomalies must be resolved and/or investigated appropriately. Customs and/or other appropriate law enforcement agencies must be notified if illegal or suspicious activities are detected – as appropriate.

VIS’ RELEVANCE – Documentation of each company’s unique cargo discrepancy procedures would be stored in VIS.  VIS also requires this information to adjust inventory levels.

Security Training and Threat Awareness
A threat awareness program should be established and maintained by security personnel to recognize and foster awareness of the threat posed by terrorists at each point in the supply chain. Employees must be made aware of the procedures the company has in place to address a situation and how to report it. Additional training should be provided to employees in the shipping and receiving areas, as well as those receiving and opening mail.
Additionally, specific training should be offered to assist employees in maintaining cargo integrity, recognizing internal conspiracies, and protecting access controls. These programs should offer incentives for active employee participation.

VIS’ RELEVANCE – Documentation of each company’s unique security training and threat awareness procedures would be stored in VIS.  This might include manuals, training schedules, etc.

Physical Security
Cargo handling and storage facilities in domestic and foreign locations must have physical barriers and deterrents that guard against unauthorized access. Importers should incorporate the following C-TPAT physical security criteria throughout their supply chains as applicable.

VIS’ RELEVANCE – Documentation of each company’s unique physical security procedures would be stored in VIS.  Where relevant, images demonstrating the facilities would also be attached.

Fencing
Perimeter fencing should enclose the areas around cargo handling and storage facilities. Interior fencing within a cargo handling structure should be used to segregate domestic, international, high value, and hazardous cargo. All fencing must be regularly inspected for integrity and damage.

VIS’ RELEVANCE – Documentation of each company’s unique fencing procedures would be stored in VIS.

Gates and Gate Houses
Gates through which vehicles and/or personnel enter or exit must be manned and/or monitored. The number of gates should be kept to the minimum necessary for proper access and safety.

VIS’ RELEVANCE – Documentation of each company’s unique gate and gate house procedures would be stored in VIS.

Parking
Private passenger vehicles should be prohibited from parking in or adjacent to cargo handling and storage areas.

VIS’ RELEVANCE – Documentation of each company’s unique parking procedures would be stored in VIS.

Building Structure
Buildings must be constructed of materials that resist unlawful entry. The integrity of structures must be maintained by periodic inspection and repair.

VIS’ RELEVANCE – Documentation of each company’s unique building structures would be stored in VIS.

Locking Devices and Key Controls
All external and internal windows, gates and fences must be secured with locking devices. Management or security personnel must control the issuance of all locks and keys.

VIS’ RELEVANCE – Documentation of each company’s unique locking devices and key control procedures would be stored in VIS.

Lighting
Adequate lighting must be provided inside and outside the facility including the following areas: entrances and exits, cargo handling and storage areas, fence lines and parking areas.

VIS’ RELEVANCE – Documentation of each company’s unique lighting schemes would be stored in VIS.  Again, this would be an area where images would be especially relevant.

Alarms Systems & Video Surveillance Cameras
Alarm systems and video surveillance cameras should be utilized to monitor premises and prevent unauthorized access to cargo handling and storage areas.

VIS’ RELEVANCE – Documentation of each company’s unique alarm and surveillance procedures would be stored in VIS.

Information Technology Security
Password Protection
Automated systems must use individually assigned accounts that require a periodic change of password. IT security policies, procedures and standards must be in place and provided to employees in the form of training.

VIS’ RELEVANCE – VIS uses SQL server authentication with https capabilities to ensure the security of the users data.  In addition, we recommend that users periodically change their passwords as a policy to ensure further protection.

Accountability
A system must be in place to identify the abuse of IT including improper access, tampering or the altering of business data. All system violators must be subject to appropriate disciplinary actions for abuse.

VIS’ RELEVANCE – Using VIS, any abuse, tampering or manipulation of data is visible due to the accountability functionality built into the system.  All transactions are stamped with user name and time, with more secure transactions also requiring approval from the superior.

 

VISCO’s role in CTPAT
Related Articles