C-TPAT Part II: strategies for obtaining and keeping C-TPAT certification
Obtaining—and keeping—C-TPAT certification got harder last March, when the Bureau of Customs and Border Protection introduced new and stiffer standards, which apply to new applicants and current C-TPAT members alike.
Barry Brandman is president of Danbee Investigations, a Midland Park, N.J., company that provides investigative, loss prevention and security consulting services to many of the top names in the logistics industry. He has been a guest speaker for the Department of Homeland Security, CSCMP, and WERC, and is the author of Security Best Practices: Protecting Your Distribution Center From Inventory Theft, Fraud, Substance Abuse, Cybercrime and Terrorism. You can reach him via e-mail at
or (201) 652-5500.
Editor's note: This is the second installment in a two-part series on C-TPAT, the Customs-Trade Partnership Against Terrorism. Part One looked at the origins and evolution of the security initiative, under which U.S. importers agree to continuously police their own supply chains in return for a host of benefits, including reduced cargo inspections. This installment discusses strategies for obtaining—and keeping—C-TPAT certification.
C-TPAT may have its critics (see "it may not be perfect, but C-TPAT's here to stay," DC VELOCITY, November 2005), but that hasn't slowed its momentum. As of last April, more than 9,000 importers had applied for C-TPAT certification. And new applications pour in every month.
But obtaining (and keeping) that certification got harder last March, when the Bureau of Customs and Border Protection (CBP) introduced new and stiffer standards. These new standards, which apply to new applicants and current C-TPAT members alike, mean they must now be able to confirm, among other things, that foreign suppliers, vendors and contractors are performing seven-point container inspections, documenting their procedures for issuing keys, changing passwords, and an array of other best security practices.
As part of the program, CBP requires C-TPAT members to prepare a Security Profile that outlines the steps they're taking and to conduct ongoing internal audits to ensure that their employees, vendors, suppliers and trading partners actually follow enhanced policies and procedures. Though it doesn't require existing members to provide proof of compliance, CBP isn't relying entirely on the honor system either. For that, it has established what it calls a "validation" process, whereby CBP supply chain security specialists meet with company representatives, and visit foreign and domestic sites to verify that everyone in a company's supply chain is following the practices outlined in the member's Security Profile. If the inspections reveal significant problems, CBP can suspend or even revoke the importer's benefits.
To avoid putting your C-TPAT certification at risk, you must establish an ongoing program to assess how well your security program is being carried out and identify new areas of risk that require remedial action.
But who should conduct this assessment? Many times, companies assign this task to logistics or customs compliance personnel, who tend to use boilerplate security checklists to identify vulnerabilities. That's a dangerous practice. This is no ordinary compliance task; an in-depth security assessment requires specialized expertise.
By definition, the global supply chain is a sprawling network of domestic and foreign partners that manufacture, pack, load, consolidate and transport merchandise to the United States. Each of those partners follows a unique set of processes, and those varied processes represent almost limitless potential for security breaches. Auditors who don't have an in-depth understanding of the various ways to circumvent security safeguards have no hope of identifying all these risks or knowing how to remedy them effectively. Whether you opt to use in-house resources or bring in an outside security specialist, make sure you're using a qualified and knowledgeable professional with extensive experience in logistics security.
Avoid the traps
Deciding who will conduct their security assessments isn't the only problem importers face, however. There are plenty of other ways to get tripped up in the process. What follows are some tips on avoiding several common missteps:
Make sure nothing gets lost in translation. When working with partners in foreign countries, there's always the danger that cultural differences and language barriers will lead to miscommunication. To prevent that, we use customized supply chain security questionnaires that ask key questions several different ways, each worded differently. If respondents answer "yes" and "no" to the same question, that's a signal that they either didn't understand the question or weren't providing accurate responses.
It's also a good idea to confirm the information these partners provide through follow-up e-mails and conference calls. More often than not, we find that the feedback foreign companies provide during these exchanges differs from their original answers. That's not to say they're deliberately trying to mislead us; it may be a simple case of misinterpretation arising from language differences. But whatever the cause, you can't afford to be misled. Foreign suppliers tend to be one of the most vulnerable links in the supply chain today; it's imperative that nothing gets lost in translation.
Emphasize the need for candor. It's not only foreign partners who may provide misleading information, of course. Domestic partners and even personnel at your own facilities may be reluctant to expose and document inadequacies in their security practices and programs. Your challenge will be to convince everyone to be open about security weaknesses. Let them know that while there's no shame in exposing vulnerabilities, the failure to disclose a known security breach could result in your supply chain's being compromised.
Provide in-depth, focused training. The new C-TPAT criteria require that importers establish a threat awareness and security training program. This isn't a quick overview of the basics; this should be exceedingly specialized instruction. Your security depends on workers' ability to recognize potential threats—whether terrorists' plots or internal conspiracies. In order to do this, they'll need detailed information so they'll know specifically what to look for.
It appears that some companies have a long way to go when it comes to threat awareness training. That became evident to us recently when we went out to conduct a C-TPAT training seminar that focused on security seals, one of the most important components of a supply chain security program. During that session, we asked the attendees whether they thought bolt seals could be circumvented. Ninety percent said no, bolt seals were tamperproof; the remaining 10 percent told us they suspected that bolt seals could be compromised, but they had no idea how. That was a troubling response. Bolt seals can, in fact, be circumvented. But if the people responsible for seal integrity don't know that (or don't know how), they're unlikely to detect a breach.
See for yourself
If you want to keep your certification, you will need to have an ongoing security auditing program in place for your facilities as well as those of your supply chain partners. Aside from its being a C-TPAT requirement, it's also a very sound practice.
A C-TPAT compliance audit we conducted at a Hong Kong consolidator confirmed the wisdom of performing adherence audits. Prior to our audit, company representatives had assured us that their personnel diligently followed all of the security procedures we asked them to establish. Among other claims, they told us that their facility had "complete video coverage throughout [its] warehouse" and that our client's goods were "always kept in a segregated, highly secured area."
But when we audited this facility, we found otherwise. Take the "complete" video coverage, for example. True, the facility had a CCTV system in place, but the camera views were of poor clarity and too broad to be of much use. And the video coverage was anything but complete; we found that our client's goods were not monitored from the time they arrived to the time they were reloaded for shipment to the Hong Kong seaport. We also discovered that the system's digital hard drive could archive only seven days'worth of footage, making it impossible to investigate any event that dated back more than a week.
We also uncovered problems with the consolidator's shipment verification practices. For example, although its security policy dictated that only senior personnel would remove an inbound truck's security seal, we found that in reality, seals were being removed by whoever happened to be working on the receiving dock. As a result, workers did not always take the time to verify that the seal number on an inbound shipment matched the manifest (another policy violation).
Things were no better with the seals used for outbound trucks. We found that these seals often sat unguarded on the shipping dock, fully accessible to employees, vendors and truckers. Because the shipping crew had stopped using seals in numerical sequence, it would have been easy for a driver to steal one of these seals and reattach it to a truck's doors after it left the facility, concealing the fact that the trucker later accessed the truck's cargo area without authorization.
As for the consolidator's claims that it was segregating our client's product in a "highly secured area," we found that the fencing was only eight feet high and had no ceiling to keep intruders from climbing over. We also found that the keypad code to this area hadn't been changed in nearly nine months and was known to most of the workforce (including those without clearance to this area). And the alarm system wouldn't have been much help. We determined that the alarm was only being armed at the end of the workday, even though the area was frequently left unoccupied for hours at a time.
Once we notified the consolidator of these and other security loopholes, it remedied them promptly. But this experience points up how easily your inventory can be exposed to unnecessary risks.
If your company is a C-TPAT-certified company, it's your responsibility to make sure your security safeguards are as good in reality as they appear to be on paper. It's no secret that shipments to certified companies stand a much lower chance of being opened and inspected by CBP inspectors. That makes shipments to C-TPATcertified companies precisely the ones terrorist cells are most likely to target—underscoring the importance of identifying loopholes in your supply chain safeguards before others have the opportunity to exploit them. Doing anything less could jeopardize your C-TPAT certification and expose your company to the catastrophic ramifications of having a weapon of mass destruction smuggled into your supply chain.
The U.S., U.K., and Australia will strengthen supply chain resiliency by sharing data and taking joint actions under the terms of a pact signed last week, the three nations said.
The agreement creates a “Supply Chain Resilience Cooperation Group” designed to build resilience in priority supply chains and to enhance the members’ mutual ability to identify and address risks, threats, and disruptions, according to the U.K.’s Department for Business and Trade.
One of the top priorities for the new group is developing an early warning pilot focused on the telecommunications supply chain, which is essential for the three countries’ global, digitized economies, they said. By identifying and monitoring disruption risks to the telecommunications supply chain, this pilot will enhance all three countries’ knowledge of relevant vulnerabilities, criticality, and residual risks. It will also develop procedures for sharing this information and responding cooperatively to disruptions.
According to the U.S. Department of Homeland Security (DHS), the group chose that sector because telecommunications infrastructure is vital to the distribution of public safety information, emergency services, and the day to day lives of many citizens. For example, undersea fiberoptic cables carry over 95% of transoceanic data traffic without which smartphones, financial networks, and communications systems would cease to function reliably.
“The resilience of our critical supply chains is a homeland security and economic security imperative,” Secretary of Homeland Security Alejandro N. Mayorkas said in a release. “Collaboration with international partners allows us to anticipate and mitigate disruptions before they occur. Our new U.S.-U.K.-Australia Supply Chain Resilience Cooperation Group will help ensure that our communities continue to have the essential goods and services they need, when they need them.”
A new survey finds a disconnect in organizations’ approach to maintenance, repair, and operations (MRO), as specialists call for greater focus than executives are providing, according to a report from Verusen, a provider of inventory optimization software.
Nearly three-quarters (71%) of the 250 procurement and operations leaders surveyed think MRO procurement/operations should be treated as a strategic initiative for continuous improvement and a potential innovation source. However, just over half (58%) of respondents note that MRO procurement/operations are treated as strategic organizational initiatives.
That result comes from “Future Strategies for MRO Inventory Optimization,” a survey produced by Atlanta-based Verusen along with WBR Insights and ProcureCon MRO.
Balancing MRO working capital and risk has become increasingly important as large asset-intensive industries such as oil and gas, mining, energy and utilities, resources, and heavy manufacturing seek solutions to optimize their MRO inventories, spend, and risk with deeper intelligence. Roughly half of organizations need to take a risk-based approach, as the survey found that 46% of organizations do not include asset criticality (spare parts deemed the most critical to continuous operations) in their materials planning process.
“Rather than merely seeing the MRO function as a necessary project or cost, businesses now see it as a mission-critical deliverable, and companies are more apt to explore new methods and technologies, including AI, to enhance this capability and drive innovation,” Scott Matthews, CEO of Verusen, said in a release. “This is because improving MRO, while addressing asset criticality, delivers tangible results by removing risk and expense from procurement initiatives.”
Survey respondents expressed specific challenges with product data inconsistencies and inaccuracies from different systems and sources. A lack of standardized data formats and incomplete information hampers efficient inventory management. The problem is further compounded by the complexity of integrating legacy systems with modern data management, leading to fragmented/siloed data. Centralizing inventory management and optimizing procurement without standardized product data is especially challenging.
In fact, only 39% of survey respondents report full data uniformity across all materials, and many respondents do not regularly review asset criticality, which adds to the challenges.
Artificial intelligence (AI) tools can help users build “smart and responsive supply chains” by increasing workforce productivity, expanding visibility, accelerating processes, and prioritizing the next best action to drive results, according to business software vendor Oracle.
To help reach that goal, the Texas company last week released software upgrades including user experience (UX) enhancements to its Oracle Fusion Cloud Supply Chain & Manufacturing (SCM) suite.
“Organizations are under pressure to create efficient and resilient supply chains that can quickly adapt to economic conditions, control costs, and protect margins,” Chris Leone, executive vice president, Applications Development, Oracle, said in a release. “The latest enhancements to Oracle Cloud SCM help customers create a smarter, more responsive supply chain by enabling them to optimize planning and execution and improve the speed and accuracy of processes.”
According to Oracle, specific upgrades feature changes to its:
Production Supervisor Workbench, which helps organizations improve manufacturing performance by providing real-time insight into work orders and generative AI-powered shift reporting.
Maintenance Supervisor Workbench, which helps organizations increase productivity and reduce asset downtime by resolving maintenance issues faster.
Order Management Enhancements, which help organizations increase operational performance by enabling users to quickly create and find orders, take actions, and engage customers.
Product Lifecycle Management (PLM) Enhancements, which help organizations accelerate product development and go-to-market by enabling users to quickly find items and configure critical objects and navigation paths to meet business-critical priorities.
Nearly one-third of American consumers have increased their secondhand purchases in the past year, revealing a jump in “recommerce” according to a buyer survey from ShipStation, a provider of web-based shipping and order fulfillment solutions.
The number comes from a survey of 500 U.S. consumers showing that nearly one in four (23%) Americans lack confidence in making purchases over $200 in the next six months. Due to economic uncertainty, savvy shoppers are looking for ways to save money without sacrificing quality or style, the research found.
Younger shoppers are leading the charge in that trend, with 59% of Gen Z and 48% of Millennials buying pre-owned items weekly or monthly. That rate makes Gen Z nearly twice as likely to buy second hand compared to older generations.
The primary reason that shoppers say they have increased their recommerce habits is lower prices (74%), followed by the thrill of finding unique or rare items (38%) and getting higher quality for a lower price (28%). Only 14% of Americans cite environmental concerns as a primary reason they shop second-hand.
Despite the challenge of adjusting to the new pattern, recommerce represents a strategic opportunity for businesses to capture today’s budget-minded shoppers and foster long-term loyalty, Austin, Texas-based ShipStation said.
For example, retailers don’t have to sell used goods to capitalize on the secondhand boom. Instead, they can offer trade-in programs swapping discounts or store credit for shoppers’ old items. And they can improve product discoverability to help customers—particularly older generations—find what they’re looking for.
Other ways for retailers to connect with recommerce shoppers are to improve shipping practices. According to ShipStation:
70% of shoppers won’t return to a brand if shipping is too expensive.
51% of consumers are turned off by late deliveries
40% of shoppers won’t return to a retailer again if the packaging is bad.
The “CMA CGM Startup Awards”—created in collaboration with BFM Business and La Tribune—will identify the best innovations to accelerate its transformation, the French company said.
Specifically, the company will select the best startup among the applicants, with clear industry transformation objectives focused on environmental performance, competitiveness, and quality of life at work in each of the three areas:
Shipping: Enabling safer, more efficient, and sustainable navigation through innovative technological solutions.
Logistics: Reinventing the global supply chain with smart and sustainable logistics solutions.
Media: Transform content creation, and customer engagement with innovative media technologies and strategies.
Three winners will be selected during a final event organized on November 15 at the Orange Vélodrome Stadium in Marseille, during the 2nd Artificial Intelligence Marseille (AIM) forum organized by La Tribune and BFM Business. The selection will be made by a jury chaired by Rodolphe Saadé, Chairman and CEO of the Group, and including members of the executive committee representing the various sectors of CMA CGM.