9 May 2019
CTPAT Minimum Security Criteria Updated
The first major update to the minimum security criteria for the Customs Trade Partnership Against Terrorism was released on 3 May. Booklets for each of the 12 types of entities eligible for CTPAT, which delineate the MSC for each entity along with new eligibility requirements and other programmatic information, have been uploaded to the CTPAT portal. Eligible entities include importers, exporters, manufacturers in Canada and Mexico, Mexican long-haul highway carriers, air carriers, rail carriers, sea carriers, U.S. highway carriers, third-party logistics providers, consolidators, customs brokers, and U.S. marine port authority and terminal operators.
U.S. Customs and Border Protection states that it has added to the MSC requirements to help address the most prevalent and evolving security threats. There are new and updated criteria relating to cybersecurity, protection against agricultural contaminants and pests, prevention of trade-based money laundering and terrorism financing, and using security technology to fortify existing physical security requirements. CBP has also added a recommendation that addresses social compliance programmes.
CBP has created three focus areas that encompass 12 MSC categories, including three new ones, that apply across the supply chain to each eligible entity group.
- Corporate Security – security vision and responsibility (new), risk assessment, business partner requirements, cybersecurity (new)
- Transportation Security – conveyance and instruments of international traffic security, seal security, procedural security, agricultural security (new)
- People and Physical Security – physical access controls; physical security; personnel security; education, training and awareness
CTPAT members will have the rest of 2019 to implement the new MSC internally, and CBP recommends that they do so under the following phased approach.
- Phase 1 – cybersecurity, conveyance and IIT security, and seal security
- Phase 2 – education, training and awareness; business partner security; risk assessment
- Phase 3 – security vision and responsibility, physical security, physical access controls
- Phase 4 – agricultural security, personnel security, procedural security
All CTPAT members are expected to comply with the updated MSC by 2020, regardless of whether or not they are scheduled for a validation that year. CBP notes that while validations under the updated MSC will commence in early 2020, most members will not undergo a validation that year because they are on a four-year validation cycle.
In the meantime, members may reach out to their supply chain security specialists beginning in July 2019 if they need assistance implementing a specific requirement. CBP will also provide additional guidance later this year.